diff --git a/package/etc/conf.d/log_paths/lp-infoblox.conf.tmpl b/package/etc/conf.d/log_paths/lp-infoblox.conf.tmpl
index 40318ae..086e3a5 100644
--- a/package/etc/conf.d/log_paths/lp-infoblox.conf.tmpl
+++ b/package/etc/conf.d/log_paths/lp-infoblox.conf.tmpl
@@ -42,7 +42,7 @@ log {
     } elif {
         filter{program("threat-protect-log")};
         rewrite {
-            set("infoblox_dns", value("fields.sc4s_vendor_product"));
+            set("infoblox_threat", value("fields.sc4s_vendor_product"));
             set("${PROGRAM}", value(".PROGRAM"));
             subst('^\/(?:[^\/]+\/)+', "" , value(".PROGRAM"));
             r_set_splunk_dest_default(sourcetype("infoblox:threat"), index("netids"), source("program:${.PROGRAM}"))