diff --git a/packages/aws/changelog.yml b/packages/aws/changelog.yml
index b7bacf47252..91b37855d34 100644
--- a/packages/aws/changelog.yml
+++ b/packages/aws/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "3.3.2"
+  changes:
+    - description: Update Grok pattern to support new ELB HTTP log format. 
+      type: enchancement
+      link: https://github.com/elastic/integrations/pull/13944
 - version: "3.3.1"
   changes:
     - description: Fix handling of duplicate fields in Network Firewall Logs data stream.
diff --git a/packages/aws/data_stream/elb_logs/_dev/test/pipeline/test-alb.log b/packages/aws/data_stream/elb_logs/_dev/test/pipeline/test-alb.log
index ac5ca8f8413..7be75671f29 100644
--- a/packages/aws/data_stream/elb_logs/_dev/test/pipeline/test-alb.log
+++ b/packages/aws/data_stream/elb_logs/_dev/test/pipeline/test-alb.log
@@ -6,4 +6,5 @@ tls 2.0 2024-10-25T17:33:59 net/k8s-xxxx-xxx-xxxxxxxx/53192f3a0 46712e747de 192.
 tls 2.0 2024-10-25T17:33:59 net/XXXXX-XXXX-XXX-us-east-2/c88927aafc9abafe 52878890095341b5 192.168.131.39:2817 10.0.0.1:80 0 - 0 0 - - - - - - - - - - 2024-10-25T17:33:59
 2024-10-04T17:05:15.514108Z 192.168.131.39 36280 443 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 4.036 "CN=amazondomains.com,O=endEntity,L=Seattle,ST=Washington,C=US" NotBefore=2023-09-21T22:43:21Z;NotAfter=2026-06-17T22:43:21Z FEF257372D5C14D4 Success
 2024-10-04T17:05:15.514108Z 192.168.131.39 36280 443 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 - "CN=amazondomains.com,O=endEntity,L=Seattle,ST=Washington,C=US" NotBefore=2023-09-21T22:43:21Z;NotAfter=2026-06-17T22:43:21Z FEF257372D5C14D4 Failed:ClientCertUntrusted
-2024-11-29T13:45:24.599544Z 172.31.43.26 58206 80 - - - "-" - - - TID_16132ed0b4112148
\ No newline at end of file
+2024-11-29T13:45:24.599544Z 172.31.43.26 58206 80 - - - "-" - - - TID_16132ed0b4112148
+http 2025-05-01T11:24:32.748149Z app/internal-service-alb/abcd1234efgh5678 127.0.0.1:57273 - -1 -1 -1 200 - 0 272 "- http://internal-service-alb.example.com:80-/ " "-" - - - "-" "-" "-" - 2025-05-01T11:24:32.720000Z "-" "-" "-" "-" "-" "-" "-" TID_00000000000000000000000000000000
\ No newline at end of file
diff --git a/packages/aws/data_stream/elb_logs/_dev/test/pipeline/test-alb.log-expected.json b/packages/aws/data_stream/elb_logs/_dev/test/pipeline/test-alb.log-expected.json
index 3c49eb36598..174d6b9d151 100644
--- a/packages/aws/data_stream/elb_logs/_dev/test/pipeline/test-alb.log-expected.json
+++ b/packages/aws/data_stream/elb_logs/_dev/test/pipeline/test-alb.log-expected.json
@@ -534,6 +534,58 @@
             "tags": [
                 "preserve_original_event"
             ]
+        },
+        {
+            "@timestamp": "2025-05-01T11:24:32.748Z",
+            "aws": {
+                "elb": {
+                    "name": "app/internal-service-alb/abcd1234efgh5678",
+                    "protocol": "http"
+                }
+            },
+            "cloud": {
+                "provider": "aws"
+            },
+            "ecs": {
+                "version": "8.11.0"
+            },
+            "event": {
+                "category": [
+                    "web"
+                ],
+                "end": "2025-05-01T11:24:32.748Z",
+                "kind": "event",
+                "original": "http 2025-05-01T11:24:32.748149Z app/internal-service-alb/abcd1234efgh5678 127.0.0.1:57273 - -1 -1 -1 200 - 0 272 \"- http://internal-service-alb.example.com:80-/ \" \"-\" - - - \"-\" \"-\" \"-\" - 2025-05-01T11:24:32.720000Z \"-\" \"-\" \"-\" \"-\" \"-\" \"-\" \"-\" TID_00000000000000000000000000000000",
+                "outcome": "success"
+            },
+            "http": {
+                "request": {
+                    "body": {
+                        "bytes": 0
+                    }
+                },
+                "response": {
+                    "body": {
+                        "bytes": 272
+                    },
+                    "status_code": 200
+                }
+            },
+            "source": {
+                "address": "127.0.0.1",
+                "ip": "127.0.0.1",
+                "port": 57273
+            },
+            "tags": [
+                "preserve_original_event"
+            ],
+            "user_agent": {
+                "device": {
+                    "name": "Other"
+                },
+                "name": "Other",
+                "original": "-"
+            }
         }
     ]
-}
+}
\ No newline at end of file
diff --git a/packages/aws/data_stream/elb_logs/elasticsearch/ingest_pipeline/default.yml b/packages/aws/data_stream/elb_logs/elasticsearch/ingest_pipeline/default.yml
index 521161e2e57..a36dc4c75c6 100644
--- a/packages/aws/data_stream/elb_logs/elasticsearch/ingest_pipeline/default.yml
+++ b/packages/aws/data_stream/elb_logs/elasticsearch/ingest_pipeline/default.yml
@@ -107,7 +107,7 @@ processors:
           (?:-|%{NUMBER:aws.elb.backend.http.response.status_code:long})
           %{NUMBER:http.request.body.bytes:long}
           %{NUMBER:http.response.body.bytes:long}
-          \"(?:-|%{WORD:http.request.method}) (?:-|%{DATA:_tmp.uri_orig}) (?:-|HTTP/%{NOTSPACE:http.version})\"
+          \"(?:-|%{WORD:http.request.method}) (?:-|%{DATA:_tmp.uri_orig})(?: (?:-|HTTP/%{NOTSPACE:http.version}))?\"
           \"%{DATA:_tmp.user_agent}\"
           %{ELBSSL}
         ELBTCPLOG: >-
diff --git a/packages/aws/manifest.yml b/packages/aws/manifest.yml
index 4559eebd68c..b27fa6084e0 100644
--- a/packages/aws/manifest.yml
+++ b/packages/aws/manifest.yml
@@ -1,7 +1,7 @@
 format_version: 3.3.1
 name: aws
 title: AWS
-version: 3.3.1
+version: 3.3.2
 description: Collect logs and metrics from Amazon Web Services (AWS) with Elastic Agent.
 type: integration
 categories: