diff --git a/defaults/main.yml b/defaults/main.yml
index 9209c945b9492c64abebacd876f3bc66add33a95..d5c521fd1cf0bb3f31ba9b9134676345738b4027 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,6 +1,12 @@
 ES_HEAP_SIZE: 1G
 elastalert_defaults:
   drupal:
-    syslog: []
-    apache: []
+    syslog:
+      query: '@log_name:"syslog.local0.err" OR @log_name:"syslog.local0.crit" OR @log_name:"syslog.local0.alert" OR @log_name:"syslog.local0.emerg"'
+      extra: []
+    apache:
+      query:
+        access: 'code:[500 TO 599]'
+        error: 'level:"*error"'
+      extra: []
 elastalerts: []
diff --git a/templates/alerts/rules/rule.drupal.apache.yaml b/templates/alerts/rules/rule.drupal.apache.yaml
index 42ece022d1da5b857bb8e39d1d01a0b232dcb6ef..7499e8856c578d8f884a24434bcaa0ee636e86db 100644
--- a/templates/alerts/rules/rule.drupal.apache.yaml
+++ b/templates/alerts/rules/rule.drupal.apache.yaml
@@ -37,7 +37,7 @@ filter: [
     {
         "query_string": {
             "analyze_wildcard": true,
-            "query": "(@log_name:\"apache.error.var.log.apache2.{{ item.1.domain }}-error.log\" AND level:\"*error\") OR (@log_name:\"apache.access.var.log.apache2.{{ item.1.domain }}-access.log\" AND code:[500 TO 599])"
+            "query": {{ ['(@log_name:"apache.error.var.log.apache2.', item.1.domain, '-error.log" AND (', elastalert_defaults.drupal.apache.query.error, ')) OR (@log_name:"apache.access.var.log.apache2.', item.1.domain, '-access.log" AND (', elastalert_defaults.drupal.apache.query.access, '))']|join("")|to_nice_json }}
         }
     }
 ]
diff --git a/templates/alerts/rules/rule.drupal.syslog.yaml b/templates/alerts/rules/rule.drupal.syslog.yaml
index f79a503d2371c382f42da3f6e474fb01eacb20fb..078d3df870b357a333779b258569cb23e21e8e02 100644
--- a/templates/alerts/rules/rule.drupal.syslog.yaml
+++ b/templates/alerts/rules/rule.drupal.syslog.yaml
@@ -37,7 +37,7 @@ filter: [
     {
         "query_string": {
             "analyze_wildcard": true,
-            "query": "ident:{{ item.1.domain }} AND (@log_name:\"syslog.local0.err\" OR @log_name:\"syslog.local0.crit\" OR @log_name:\"syslog.local0.alert\" OR @log_name:\"syslog.local0.emerg\")"
+            "query": {{ ['ident:', item.1.domain, ' AND (', elastalert_defaults.drupal.syslog.query, ')']|join("")|to_nice_json }}
         }
     }
 ]