diff --git a/docs/integrations/amazon-aws/application-load-balancer.md b/docs/integrations/amazon-aws/application-load-balancer.md
index f40c7318c0..38c4ea2403 100644
--- a/docs/integrations/amazon-aws/application-load-balancer.md
+++ b/docs/integrations/amazon-aws/application-load-balancer.md
@@ -140,14 +140,16 @@ Scope (Specific Data): account=* eventSource eventName "elasticloadbalancing.ama
 ```
 
 ```sql title="Parse Expression"
-json "eventSource", "awsRegion", "recipientAccountId", "requestParameters.name", "requestParameters.type", "requestParameters.loadBalancerArn", "apiVersion" as event_source, region, accountid, loadbalancer, loadbalancertype, loadbalancerarn, api_version nodrop 
-|"" as namespace
+json "eventSource", "awsRegion", "recipientAccountId", "requestParameters.name", "requestParameters.type", "requestParameters.loadBalancerArn", "requestParameters.listenerArn", "apiVersion" as event_source, region, accountid, loadbalancer, loadbalancertype, loadbalancerarn, listenerarn, api_version nodrop
 | where event_source = "elasticloadbalancing.amazonaws.com" and api_version matches "2015-12-01" 
-| parse field=loadbalancerarn ":loadbalancer/*/*/*" as balancertype, loadbalancer, f1 nodrop
-| if(loadbalancertype matches "network", "aws/networkelb", if(balancertype matches "net", "aws/networkelb", namespace)) as namespace
-| if(loadbalancertype matches "application", "aws/applicationelb", if(balancertype matches "app", "aws/applicationelb", namespace)) as namespace
-| where namespace="aws/applicationelb" or isEmpty(namespace)
-| toLowerCase(loadbalancer) as loadbalancer  
+| "" as namespace 
+| parse field=loadbalancerarn ":loadbalancer/*/*/*" as balancertype1, loadbalancer1, f1 nodrop
+| parse field=listenerarn ":listener/*/*/*/*" as balancertype2, loadbalancer2, f1, f2 nodrop
+| if(loadbalancertype matches "network", "aws/networkelb", if(balancertype1 matches "net", "aws/networkelb", if(balancertype2 matches "net", "aws/networkelb", namespace))) as namespace 
+| if(loadbalancertype matches "application", "aws/applicationelb", if(balancertype1 matches "app", "aws/applicationelb", if(balancertype2 matches "app", "aws/applicationelb", namespace))) as namespace
+| where namespace="aws/applicationelb" or isEmpty(namespace) 
+| if (!isEmpty(loadbalancer), loadbalancer, if (!isEmpty(loadbalancer1), loadbalancer1, loadbalancer2)) as loadbalancer
+| toLowerCase(loadbalancer) as loadbalancer 
 | fields region, namespace, loadbalancer, accountid
 ```
 
diff --git a/docs/integrations/amazon-aws/network-load-balancer.md b/docs/integrations/amazon-aws/network-load-balancer.md
index 4df877fec9..6fd0af0e85 100644
--- a/docs/integrations/amazon-aws/network-load-balancer.md
+++ b/docs/integrations/amazon-aws/network-load-balancer.md
@@ -68,14 +68,16 @@ Scope (Specific Data): account=* eventSource eventName "elasticloadbalancing.ama
 ```
 
 ```sql title="Parse Expression"
-json "eventSource", "awsRegion", "recipientAccountId", "requestParameters.name", "requestParameters.type", "requestParameters.loadBalancerArn", "apiVersion" as event_source, region, accountid, networkloadbalancer, loadbalancertype, loadbalancerarn, api_version nodrop 
-|"" as namespace
+json "eventSource", "awsRegion", "recipientAccountId", "requestParameters.name", "requestParameters.type", "requestParameters.loadBalancerArn", "requestParameters.listenerArn", "apiVersion" as event_source, region, accountid, networkloadbalancer, loadbalancertype, loadbalancerarn, listenerarn, api_version nodrop
 | where event_source = "elasticloadbalancing.amazonaws.com" and api_version matches "2015-12-01" 
-| parse field=loadbalancerarn ":loadbalancer/*/*/*" as balancertype, networkloadbalancer, f1 nodrop
-| if(loadbalancertype matches "network", "aws/networkelb", if(balancertype matches "net", "aws/networkelb", namespace)) as namespace
-| if(loadbalancertype matches "application", "aws/applicationelb", if(balancertype matches "app", "aws/applicationelb", namespace)) as namespace
-| where namespace="aws/networkelb" or isEmpty(namespace)
-| toLowerCase(networkloadbalancer) as networkloadbalancer  
+| "" as namespace
+| parse field=loadbalancerarn ":loadbalancer/*/*/*" as balancertype1, networkloadbalancer1, f1 nodrop
+| parse field=listenerarn ":listener/*/*/*/*" as balancertype2, networkloadbalancer2, f1, f2 nodrop
+| if(loadbalancertype matches "network", "aws/networkelb", if(balancertype1 matches "net", "aws/networkelb", if(balancertype2 matches "net", "aws/networkelb", namespace))) as namespace 
+| if(loadbalancertype matches "application", "aws/applicationelb", if(balancertype1 matches "app", "aws/applicationelb", if(balancertype2 matches "app", "aws/applicationelb", namespace))) as namespace
+| where namespace="aws/networkelb" or isEmpty(namespace)  
+| if (!isEmpty(networkloadbalancer), networkloadbalancer, if (!isEmpty(networkloadbalancer1), networkloadbalancer1, networkloadbalancer2)) as networkloadbalancer
+| toLowerCase(networkloadbalancer) as networkloadbalancer 
 | fields region, namespace, networkloadbalancer, accountid
 ```