diff --git a/pillar/masters/example.sls b/pillar/masters/example.sls
index 105d84f31..b4e1f3d54 100644
--- a/pillar/masters/example.sls
+++ b/pillar/masters/example.sls
@@ -5,5 +5,6 @@ master:
   esclustername: {{ grains.host }}
   freq: 0
   domainstats: 0
-  lsheap:
-  lsaccessip:
+  lsheap: 1500m
+  lsaccessip: 127.0.0.1
+  elastalert: 1
diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls
index 1c00400f0..23e9122ab 100644
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -35,6 +35,14 @@ elasticsearch:
     - uid: 930
     - gid: 930
     - home: /opt/so/conf/elasticsearch
+    - createhome: False
+
+esconfdir:
+  file.directory:
+    - name: /opt/so/conf/elasticsearch
+    - user: 930
+    - group: 939
+    - makedirs: True
 
 eslog4jfile:
   file.managed:
@@ -107,6 +115,7 @@ freqserver:
     - uid: 935
     - gid: 935
     - home: /opt/so/conf/freqserver
+    - createhome: False
 
 # Create the log directory
 freqlogdir:
@@ -126,3 +135,39 @@ so-freq:
     - network_mode: so-elastic-net
 
 {% endif %}
+
+{% if dstats == 1 %}
+
+# Create the group
+dstatsgroup:
+  group.present:
+    - name: domainstats
+    - gid: 936
+
+# Add user
+domainstats:
+  user.present:
+    - uid: 936
+    - gid: 936
+    - home: /opt/so/conf/domainstats
+    - createhome: False
+
+# Create the log directory
+dstatslogdir:
+  file.directory:
+    - name: /opt/so/log/domainstats
+    - user: 936
+    - group: 936
+    - makedirs: True
+
+so-domainstats:
+  docker_container.running:
+    - image: securityonionsolutions/so-domainstats
+    - hostname: domainstats
+    - name: domainstats
+    - user: domainstats
+    - binds:
+      - /opt/so/log/domainstats:/var/log/domain_stats
+    - network_mode: so-elastic-net
+
+{% endif %}