diff --git a/src/elasticsearch-template.json b/src/elasticsearch-template.json
index e6f0358..7d13e2e 100644
--- a/src/elasticsearch-template.json
+++ b/src/elasticsearch-template.json
@@ -28,10 +28,13 @@
                 "dest_port": {
                     "type": "long"
                 },
+                "direction": {
+                    "type": "keyword"
+                },
                 "interface": {
                     "type": "keyword"
                 },
-                "ipversion": {
+                "ip_version": {
                     "type": "short"
                 },
                 "length": {
diff --git a/src/pfparser.c b/src/pfparser.c
index 344c430..9c6335e 100644
--- a/src/pfparser.c
+++ b/src/pfparser.c
@@ -327,9 +327,10 @@ int pfdata_to_json(pf_data* data, json_object* obj) {
     Populate the passed json_object obj with data from from pf_data data.
     */
     add_strfield(obj, "interface", data->iface);
-    add_intfield(obj, "ipversion", data->ipversion);
+    add_intfield(obj, "ip_version", data->ipversion);
 
     add_strfield(obj, "action", (char*)(pfhastr[data->action]));
+    add_strfield(obj, "direction", (char*)(pfdirstr[data->direction]));
 
     if(data->ipversion == 4) {
         add_intfield(obj, "ttl", data->ipv4_data.ttl);
diff --git a/src/put-elasticsearch-template.sh b/src/put-elasticsearch-template.sh
index b394bc1..ba553f6 100755
--- a/src/put-elasticsearch-template.sh
+++ b/src/put-elasticsearch-template.sh
@@ -3,4 +3,4 @@
 set -e
 set -x
 
-curl -X PUT "http://homeapps1:8298/_template/firewall" -H Content-Type: application/json -d @elasticsearch-template.json
+curl -X PUT "http://homeapps1:8298/_template/firewall" -H "Content-Type: application/json" -d @elasticsearch-template.json