diff --git a/README.rst b/README.rst
index 49b14c1..6f416d7 100644
--- a/README.rst
+++ b/README.rst
@@ -95,7 +95,8 @@ it to the minions.
     cd hubblestack-nebula.git
     mkdir -p /srv/salt/_modules/
     cp _modules/nebula_osquery.py /srv/salt/_modules/
-    cp pillar.example /srv/pillar/hubblestack_nebula.sls
+    mkdir /srv/salt/hubblestack_nebula
+    cp hubblestack_nebula/hubblestack_nebula_queries.yaml /srv/salt/hubblestack_nebula
 
     salt \* saltutil.sync_modules
 
diff --git a/_modules/nebula_osquery.py b/_modules/nebula_osquery.py
index 7b4bdee..d6967bd 100644
--- a/_modules/nebula_osquery.py
+++ b/_modules/nebula_osquery.py
@@ -49,11 +49,11 @@ def __virtual__():
 
 
 def queries(query_group,
-            query_file='salt://hubblestack_nebula_queries.yaml',
+            query_file='salt://hubblestack_nebula/hubblestack_nebula_queries.yaml',
             verbose=False):
     '''
     Run the set of queries represented by ``query_group`` from the
-    configuration in the pillar key ``nebular_osquery``.
+    configuration in the file query_file
 
     query_group
         Group of queries to run
diff --git a/hubblestack_nebula_queries.yaml b/hubblestack_nebula/hubblestack_nebula_queries.yaml
similarity index 100%
rename from hubblestack_nebula_queries.yaml
rename to hubblestack_nebula/hubblestack_nebula_queries.yaml