diff --git a/salt/elasticfleet/files/integrations/grid-nodes/kratos-logs.json b/salt/elasticfleet/files/integrations/grid-nodes/kratos-logs.json
index f30b2ad55..5e134f1f6 100644
--- a/salt/elasticfleet/files/integrations/grid-nodes/kratos-logs.json
+++ b/salt/elasticfleet/files/integrations/grid-nodes/kratos-logs.json
@@ -18,7 +18,7 @@
               "/opt/so/log/kratos/kratos.log"
             ],
             "data_stream.dataset": "kratos",
-            "tags": [],
+            "tags": ["so-kratos"],
             "processors": "- decode_json_fields:\n    fields: [\"message\"]\n    target: \"\"\n    add_error_key: true      \n- add_fields:\n    target: event\n    fields:\n      category: iam\n      module: kratos",
             "custom": "pipeline: kratos"
           }
diff --git a/salt/elasticfleet/files/integrations/grid-nodes/soc-auth-sync-logs.json b/salt/elasticfleet/files/integrations/grid-nodes/soc-auth-sync-logs.json
index 0ef41d2ac..7f60d1706 100644
--- a/salt/elasticfleet/files/integrations/grid-nodes/soc-auth-sync-logs.json
+++ b/salt/elasticfleet/files/integrations/grid-nodes/soc-auth-sync-logs.json
@@ -18,7 +18,7 @@
               "/opt/so/log/soc/sync.log"
             ],
             "data_stream.dataset": "soc",
-            "tags": [],
+            "tags": ["so-soc"],
             "processors": "- dissect:\n    tokenizer: \"%{event.action}\"\n    field: \"message\"\n    target_prefix: \"\"\n- add_fields:\n    target: event\n    fields:\n      category: host\n      module: soc\n      dataset_temp: auth_sync",
             "custom": "pipeline: common"
           }
diff --git a/salt/elasticfleet/files/integrations/grid-nodes/soc-salt-relay-logs.json b/salt/elasticfleet/files/integrations/grid-nodes/soc-salt-relay-logs.json
index c2ccec039..7821f4081 100644
--- a/salt/elasticfleet/files/integrations/grid-nodes/soc-salt-relay-logs.json
+++ b/salt/elasticfleet/files/integrations/grid-nodes/soc-salt-relay-logs.json
@@ -18,7 +18,7 @@
               "/opt/so/log/soc/salt-relay.log"
             ],
             "data_stream.dataset": "soc",
-            "tags": [],
+            "tags": ["so-soc"],
             "processors": "- dissect:\n    tokenizer: \"%{soc.ts} | %{event.action}\"\n    field: \"message\"\n    target_prefix: \"\"\n- add_fields:\n    target: event\n    fields:\n      category: host\n      module: soc\n      dataset_temp: salt_relay",
             "custom": "pipeline: common"
           }
diff --git a/salt/elasticfleet/files/integrations/grid-nodes/soc-server-logs.json b/salt/elasticfleet/files/integrations/grid-nodes/soc-server-logs.json
index a59603e96..fcdfc9344 100644
--- a/salt/elasticfleet/files/integrations/grid-nodes/soc-server-logs.json
+++ b/salt/elasticfleet/files/integrations/grid-nodes/soc-server-logs.json
@@ -18,7 +18,7 @@
               "/opt/so/log/soc/sensoroni-server.log"
             ],
             "data_stream.dataset": "soc",
-            "tags": [],
+            "tags": ["so-soc"],
             "processors": "- decode_json_fields:\n    fields: [\"message\"]\n    target: \"soc\"\n    process_array: true\n    max_depth: 2\n    add_error_key: true      \n- add_fields:\n    target: event\n    fields:\n      category: host\n      module: soc\n      dataset_temp: server\n- rename:\n    fields:\n      - from: \"soc.fields.sourceIp\"\n        to: \"source.ip\"\n      - from: \"soc.fields.status\"\n        to: \"http.response.status_code\"\n      - from: \"soc.fields.method\"\n        to: \"http.request.method\"\n      - from: \"soc.fields.path\"\n        to: \"url.path\"\n      - from: \"soc.message\"\n        to: \"event.action\"\n      - from: \"soc.level\"\n        to: \"log.level\"\n    ignore_missing: true",
             "custom": "pipeline: common"
           }