diff --git a/salt/influxdb/defaults.yaml b/salt/influxdb/defaults.yaml
index 7ba83dd6d..205c2ba67 100644
--- a/salt/influxdb/defaults.yaml
+++ b/salt/influxdb/defaults.yaml
@@ -1,3 +1,5 @@
+{% set measurements = salt['cmd.shell']('docker exec -t so-influxdb influx -format json -ssl -unsafeSsl -database telegraf -execute "show measurements" 2> /root/measurement_query.log | jq -r .results[0].series[0].values[]?[0] 2>> /root/measurement_query.log') %}
+
 influxdb:
   retention_policies:
     so_short_term:
@@ -10,4 +12,10 @@ influxdb:
       shard_duration: 7d
   downsample:
     so_long_term:
-      resolution: 5m
\ No newline at end of file
+      resolution: 5m
+{% if measurements|length > 0 %}
+      measurements:
+  {% for measurement in measurements.splitlines() %}
+        - {{ measurement }}
+  {% endfor %}
+{% endif %}
diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls
index 346d971fd..37ebe39a5 100644
--- a/salt/influxdb/init.sls
+++ b/salt/influxdb/init.sls
@@ -113,11 +113,12 @@ telegraf_database:
 {% endfor %}
 
 {% for dest_rp in influxdb.downsample.keys() %}
-so_downsample_cq:
+  {% for measurement in influxdb.downsample[dest_rp].get('measurements', []) %}
+so_downsample_{{measurement}}_cq:
   influxdb_continuous_query.present:
-    - name: so_downsample_cq
+    - name: so_downsample_{{measurement}}_cq
     - database: telegraf
-    - query: SELECT mean(*) INTO "{{dest_rp}}".:MEASUREMENT FROM /.*/ GROUP BY time({{influxdb.downsample[dest_rp].resolution}}),*
+    - query: SELECT mean(*) INTO "{{dest_rp}}"."{{measurement}}" FROM "{{measurement}}" GROUP BY time({{influxdb.downsample[dest_rp].resolution}})
     - ssl: True
     - verify_ssl: /etc/pki/ca.crt
     - cert: ['/etc/pki/influxdb.crt', '/etc/pki/influxdb.key']
@@ -126,7 +127,7 @@ so_downsample_cq:
       - docker_container: so-influxdb
       - influxdb_database: telegraf_database
       - file: influxdb_continuous_query.present_patch
-      - sls: salt.python3-influxdb
+  {% endfor %}
 {% endfor %}
 
 {% endif %}
diff --git a/setup/so-whiptail b/setup/so-whiptail
index 031265065..afd691632 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -220,7 +220,7 @@ whiptail_create_web_user() {
 	[ -n "$TESTING" ] && return
 
 	WEBUSER=$(whiptail --title "$whiptail_title" --inputbox \
-	"Please enter an email address to create an administrator account for the web interface.\n\nThis will also be used for TheHive, Cortex, and Fleet." 12 60 "$1" 3>&1 1>&2 2>&3)
+	"Please enter an email address to create an administrator account for the web interface.\n\nThis will also be used for Elasticsearch, Kibana, TheHive, Cortex, and Fleet." 12 60 "$1" 3>&1 1>&2 2>&3)
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus