diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml
index c3957361a..3cbd69261 100644
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -2659,7 +2659,7 @@ elasticsearch:
               set_priority:
                 priority: 50
             min_age: 30d
-    so-logs-osquery-manager-action_x_responses:
+    so-logs-osquery_manager_x_action_x_responses:
       index_sorting: false
       index_template:
         _meta:
@@ -2667,17 +2667,51 @@ elasticsearch:
           managed_by: security_onion
           package:
             name: elastic_agent
+        data_stream:
+          allow_custom_routing: false
+          hidden: false
         composed_of:
-        - logs-osquery_manager.action.responses
-        ignore_missing_component_templates: []
+        - logs-osquery_manager.action.responses@package
+        - logs-osquery_manager.action.responses@custom
+        - so-fleet_integrations.ip_mappings-1
+        - so-fleet_globals-1
+        - so-fleet_agent_id_verification-1
+        ignore_missing_component_templates:
+        - logs-osquery_manager.action.responses@custom
         index_patterns:
-        - .logs-osquery_manager.action.responses*
+        - logs-osquery_manager.action.responses*
         priority: 501
         template:
           settings:
             index:
+              lifecycle:
+                name: so-logs-osquery_manager.action.responses-logs
               number_of_replicas: 0
-    so-logs-osquery-manager-actions:
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 60d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
+    so-logs-osquery_manager_x_result:
       index_sorting: false
       index_template:
         _meta:
@@ -2685,16 +2719,50 @@ elasticsearch:
           managed_by: security_onion
           package:
             name: elastic_agent
+        data_stream:
+          allow_custom_routing: false
+          hidden: false
         composed_of:
-        - logs-osquery_manager.actions
-        ignore_missing_component_templates: []
+        - logs-osquery_manager.result@package
+        - logs-osquery_manager.result@custom
+        - so-fleet_integrations.ip_mappings-1
+        - so-fleet_globals-1
+        - so-fleet_agent_id_verification-1
+        ignore_missing_component_templates:
+        - logs-osquery_manager.result@custom
         index_patterns:
-        - .logs-osquery_manager.actions*
+        - logs-osquery_manager.result*
         priority: 501
         template:
           settings:
             index:
+              lifecycle:
+                name: so-logs-osquery_manager.result-logs
               number_of_replicas: 0
+      policy:
+        phases:
+          cold:
+            actions:
+              set_priority:
+                priority: 0
+            min_age: 60d
+          delete:
+            actions:
+              delete: {}
+            min_age: 365d
+          hot:
+            actions:
+              rollover:
+                max_age: 30d
+                max_primary_shard_size: 50gb
+              set_priority:
+                priority: 100
+            min_age: 0ms
+          warm:
+            actions:
+              set_priority:
+                priority: 50
+            min_age: 30d
     so-logs-soc:
       close: 30
       delete: 365
diff --git a/salt/elasticsearch/soc_elasticsearch.yaml b/salt/elasticsearch/soc_elasticsearch.yaml
index 47013e48f..fe6c0c21e 100644
--- a/salt/elasticsearch/soc_elasticsearch.yaml
+++ b/salt/elasticsearch/soc_elasticsearch.yaml
@@ -368,8 +368,8 @@ elasticsearch:
     so-logs-detections_x_alerts: *indexSettings
     so-logs-http_endpoint_x_generic: *indexSettings
     so-logs-httpjson_x_generic: *indexSettings
-    so-logs-osquery-manager-actions: *indexSettings
-    so-logs-osquery-manager-action_x_responses: *indexSettings
+    so-logs-osquery_manager_x_action_x_responses: *indexSettings
+    so-logs-osquery_manager_x_result: *indexSettings
     so-logs-elastic_agent_x_apm_server: *indexSettings
     so-logs-elastic_agent_x_auditbeat: *indexSettings
     so-logs-elastic_agent_x_cloudbeat: *indexSettings
diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs@custom.json
new file mode 100644
index 000000000..61a69003f
--- /dev/null
+++ b/salt/elasticsearch/templates/component/elastic-agent/logs@custom.json
@@ -0,0 +1,9 @@
+{
+  "template": {
+    "settings": {
+      "index": {
+        "number_of_replicas": "0"
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/salt/elasticsearch/templates/component/elastic-agent/metrics@custom.json b/salt/elasticsearch/templates/component/elastic-agent/metrics@custom.json
index 5b459147b..61a69003f 100644
--- a/salt/elasticsearch/templates/component/elastic-agent/metrics@custom.json
+++ b/salt/elasticsearch/templates/component/elastic-agent/metrics@custom.json
@@ -1,7 +1,9 @@
 {
   "template": {
     "settings": {
-      "number_of_replicas": 0
+      "index": {
+        "number_of_replicas": "0"
+      }
     }
   }
 }
\ No newline at end of file