diff --git a/CHANGES b/CHANGES
index 53fe81ba03..7ce6fa86c9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,26 @@
+5.2.0-dev.508 | 2023-01-23 12:48:06 -0700
+
+  * Log raw keyboard value on best guess (jeff-bb)
+
+  * Avoid excessive fmt calls, return default behavior on unknown (jeff-bb)
+
+    Using "in" to query the language const. This also handles the case of not
+    having a best guess and continue using the existing behavior.
+    
+    Given
+    keyboard_layout = 1033 (0x0409), "keyboard-English - United States"
+    keyboard_layout = 66569 (0x00010409), "keyboard-English - United States (Best Guess)"
+    keyboard_layout = 12345 (0x3039), "keyboard-12345"
+
+  * "Best Guess" unknown keyboard / language variants (jeff-bb)
+
+    If the lookup table does not have an entry, it will just log as the raw
+    decimal language/keyboard code. With this change, if we do not have an entry
+    in the lookup table, we'll look at the low order / 4 least significant bits
+    to see if we have a match. The high order / 4 most significant bits are
+    flags/modifiers to the base language/keyboard code. We'll append that it is
+    a "Best Guess"
+
 5.2.0-dev.504 | 2023-01-23 09:37:47 -0700
 
   * Update RDP Keyboard Languages (jeff-bb)
diff --git a/VERSION b/VERSION
index f536b70afc..8401fd9e2e 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-5.2.0-dev.504
+5.2.0-dev.508
diff --git a/scripts/base/protocols/rdp/main.zeek b/scripts/base/protocols/rdp/main.zeek
index 7254b1cea6..f36e052e91 100644
--- a/scripts/base/protocols/rdp/main.zeek
+++ b/scripts/base/protocols/rdp/main.zeek
@@ -187,7 +187,18 @@ event rdp_client_core_data(c: connection, data: RDP::ClientCoreData) &priority=5
 	{
 	set_session(c);
 
-	c$rdp$keyboard_layout       = RDP::languages[data$keyboard_layout];
+	if (data$keyboard_layout in RDP::languages)
+		{
+		c$rdp$keyboard_layout = RDP::languages[data$keyboard_layout];
+		}
+	else
+		{
+		if (data$keyboard_layout & 0xffff in RDP::languages)
+			c$rdp$keyboard_layout = fmt("%s (Best Guess for %d)", RDP::languages[data$keyboard_layout & 0xffff], data$keyboard_layout);
+		else
+			c$rdp$keyboard_layout = fmt("keyboard-%d", data$keyboard_layout);
+		}
+
 	c$rdp$client_build          = RDP::builds[data$client_build];
 	c$rdp$client_name           = data$client_name;
 	c$rdp$client_dig_product_id = data$dig_product_id;