diff --git a/src/log-pcap.c b/src/log-pcap.c
index f3f3a9b475..631031e080 100644
--- a/src/log-pcap.c
+++ b/src/log-pcap.c
@@ -112,6 +112,8 @@ typedef struct PcapFileName_ {
     TAILQ_ENTRY(PcapFileName_) next; /**< Pointer to next Pcap File for tailq. */
 } PcapFileName;
 
+thread_local char *pcap_file_thread = NULL;
+
 typedef struct PcapLogProfileData_ {
     uint64_t total;
     uint64_t cnt;
@@ -1103,6 +1105,14 @@ static TmEcode PcapLogDataInit(ThreadVars *t, const void *initdata, void **data)
 #endif /* INIT_RING_BUFFER */
     }
 
+    if (pl->mode == LOGMODE_MULTI) {
+        PcapLogOpenFileCtx(td->pcap_log);
+    } else {
+        if (pl->filename == NULL) {
+            PcapLogOpenFileCtx(pl);
+        }
+    }
+
     return TM_ECODE_OK;
 }
 
@@ -1854,6 +1864,9 @@ static int PcapLogOpenFileCtx(PcapLogData *pl)
     SCLogDebug("Opening pcap file log %s", pf->filename);
     TAILQ_INSERT_TAIL(&pl->pcap_file_list, pf, next);
 
+    if (pl->mode == LOGMODE_MULTI || pl->mode == LOGMODE_NORMAL) {
+        pcap_file_thread = pl->filename;
+    }
     PCAPLOG_PROFILE_END(pl->profile_open);
     return 0;
 
@@ -1862,6 +1875,15 @@ error:
     return -1;
 }
 
+char *PcapLogGetFilename(void)
+{
+    /* return pcap filename per thread */
+    if (pcap_file_thread != NULL) {
+        return pcap_file_thread;
+    }
+    return NULL;
+}
+
 static int profiling_pcaplog_enabled = 0;
 static int profiling_pcaplog_output_to_file = 0;
 static char *profiling_pcaplog_file_name = NULL;
diff --git a/src/log-pcap.h b/src/log-pcap.h
index ebfe305f44..731a365b85 100644
--- a/src/log-pcap.h
+++ b/src/log-pcap.h
@@ -32,5 +32,6 @@
 
 void PcapLogRegister(void);
 void PcapLogProfileSetup(void);
+char *PcapLogGetFilename(void);
 
 #endif /* __LOG_PCAP_H__ */
diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index 6e90f8ab06..3e0f69e8a9 100644
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -54,6 +54,7 @@
 #include "util-classification-config.h"
 #include "util-syslog.h"
 #include "util-logopenfile.h"
+#include "log-pcap.h"
 
 #include "output.h"
 #include "output-json.h"
@@ -774,6 +775,11 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
             EvePacket(p, jb, 0);
         }
 
+        char *pcap_filename = PcapLogGetFilename();
+        if (pcap_filename != NULL) {
+            jb_set_string(jb, "capture_file", pcap_filename);
+        }
+
         OutputJsonBuilderBuffer(jb, aft->ctx);
         jb_free(jb);
     }