diff --git a/README.md b/README.md
index e392c60..3963e20 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# secure-logstash-pipeline
+# ssh-logstash-pipeline
 
 ## Input and Output ##
 
@@ -10,7 +10,7 @@ Here are examples how your files could look if you want to use a local Redis ins
 input {
   redis {
     host => localhost
-    key => "secure"
+    key => "ssh"
     data_type => list
   }
 }
diff --git a/filter-50-secure-sudo.conf b/filter-50-secure-sudo.conf
deleted file mode 100644
index 2ed3284..0000000
--- a/filter-50-secure-sudo.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-filter {
-  if [process][name] == "sudo" or [journald][process][name] == "sudo" {
-    if "COMMAND" in [message] {
-      grok {
-        match => ["message","%{DATA:[user][name]} :( %{DATA:[sudo][error]} ;)? TTY=%{DATA:[sudo][terminal][device]} ; PWD=%{DATA:[sudo][pwd]} ; USER=%{DATA:[sudo][user]} ; COMMAND=%{GREEDYDATA:[sudo][command]}"]
-        id => "sudo"
-        tag_on_failure => ["_grokparsefailure","sudo_grok_failed"]
-      }
-    }
-  }
-}
diff --git a/filter-50-secure-user-group.conf b/filter-50-secure-user-group.conf
deleted file mode 100644
index f4d0b00..0000000
--- a/filter-50-secure-user-group.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-filter {
-  if [process][name] == "groupadd" or [journald][process][name] == "groupadd" {
-    if [message] =~ /^new group/ {
-      grok {
-        match => ["message","new group: name=%{DATA:[group][name]}, GID=%{NUMBER:[group][id]}"]
-        id => "groupadd"
-        tag_on_failure => ["_grokparsefaillure","groupadd_grok_failed"]
-      }
-    }
-  } else if [process][name] == "useradd" or [journald][process][name] == "useradd" {
-    if [message] =~ /^new user/ {
-      grok {
-        match => ["message","new user: name=%{DATA:[user][name]}, UID=%{NUMBER:[user][id]}, GID=%{NUMBER:[group][id]}, home=%{DATA:[useradd][home]}, shell=%{DATA:[useradd][shell]}$"]
-        id => "useradd"
-        tag_on_failure => ["_grokparsefaillure","useradd_grok_failed"]
-      }
-    }
-  }
-}
diff --git a/filter-50-secure-ssh.conf b/filter-ssh.conf
similarity index 96%
rename from filter-50-secure-ssh.conf
rename to filter-ssh.conf
index a7ab3bf..df0a5ef 100644
--- a/filter-50-secure-ssh.conf
+++ b/filter-ssh.conf
@@ -1,5 +1,4 @@
 filter {
-  if [process][name] == "sshd" or [journald][process][name] == "sshd" {
     if [message] =~ /^(Accepted|Failed)/ {
       grok {
         match => ["message", "%{WORD:[ssh][auth][result]} %{WORD:[ssh][auth][method]} for (invalid user )?%{USERNAME:[user][name]} from %{IPORHOST:[client][address]} port %{NUMBER:[client][port]} %{WORD:[ssh][protocol]}(: %{GREEDYDATA:[ssh][signature]})?"]
@@ -45,5 +44,4 @@ filter {
         }
       }
     }
-  }
 }