From b39a5061ca20c578b00f4a35cdb05e3098a4c0bb Mon Sep 17 00:00:00 2001
From: Wes <wlambertts@gmail.com>
Date: Wed, 7 Sep 2022 21:26:43 +0000
Subject: [PATCH] Load Elastic Agent component templates (managed by Security
 Onion)

---
 .../tools/sbin/so-elasticsearch-templates-load        | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-templates-load b/salt/elasticsearch/tools/sbin/so-elasticsearch-templates-load
index e341c3d40..cb727a5d3 100755
--- a/salt/elasticsearch/tools/sbin/so-elasticsearch-templates-load
+++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-templates-load
@@ -1,9 +1,7 @@
 #!/bin/bash
 # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
-# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
-# https://securityonion.net/license; you may not use this file except in compliance with the
-# Elastic License 2.0.
-
+# or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use
+# this file except in compliance with the Elastic License 2.0.
 
 
 {%- set mainint = salt['pillar.get']('host:mainint') %}
@@ -44,6 +42,11 @@ cd ${ELASTICSEARCH_TEMPLATES}/component/ecs
 echo "Loading ECS component templates..."
 for i in *; do TEMPLATE=$(echo $i | cut -d '.' -f1); echo "$TEMPLATE-mappings"; so-elasticsearch-query _component_template/$TEMPLATE-mappings -d@$i -XPUT 2>/dev/null; echo; done
 
+cd ${ELASTICSEARCH_TEMPLATES}/component/elastic-agent
+
+echo "Loading Elastic Agent component templates..."
+for i in *; do TEMPLATE=${i::-5}; echo "so-$TEMPLATE"; so-elasticsearch-query _component_template/so-$TEMPLATE -d@$i -XPUT 2>/dev/null; echo; done
+
 # Load SO-specific component templates
 cd ${ELASTICSEARCH_TEMPLATES}/component/so