From ba601c39b37e8d2aa3158849d903753d4af3653f Mon Sep 17 00:00:00 2001
From: Corey Ogburn <corey.ogburn@securityonionsolutions.com>
Date: Tue, 29 Jul 2025 11:23:28 -0600
Subject: [PATCH] Rough Go at New Mappings/Settings

---
 .../component/so/assistant-mappings.json      | 48 +++++++++++++++++++
 .../component/so/assistant-settings.json      |  7 +++
 2 files changed, 55 insertions(+)
 create mode 100644 salt/elasticsearch/templates/component/so/assistant-mappings.json
 create mode 100644 salt/elasticsearch/templates/component/so/assistant-settings.json

diff --git a/salt/elasticsearch/templates/component/so/assistant-mappings.json b/salt/elasticsearch/templates/component/so/assistant-mappings.json
new file mode 100644
index 000000000..ad17ebd66
--- /dev/null
+++ b/salt/elasticsearch/templates/component/so/assistant-mappings.json
@@ -0,0 +1,48 @@
+{
+	"template": {
+		"mappings": {
+			"properties": {
+				"@timestamp": {
+					"type": "date"
+				},
+				"so_kind": {
+					"ignore_above": 1024,
+					"type": "keyword"
+				},
+				"so_operation": {
+					"ignore_above": 1024,
+					"type": "keyword"
+				},
+				"so_chat": {
+					"properties": {
+						"role": {
+							"ignore_above": 1024,
+							"type": "keyword"
+						},
+						"content": {
+							"type": "text"
+						},
+						"conversation_id": {
+							"ignore_above": 1024,
+							"type": "keyword"
+						},
+						"createTime": {
+							"type": "date"
+						},
+						"tool_use_id": {
+							"ignore_above": 1024,
+							"type": "keyword"
+						},
+						"userId": {
+							"ignore_above": 1024,
+							"type": "keyword"
+						}
+					}
+				}
+			}
+		}
+	},
+	"_meta": {
+		"ecs_version": "1.12.2"
+	}
+}
diff --git a/salt/elasticsearch/templates/component/so/assistant-settings.json b/salt/elasticsearch/templates/component/so/assistant-settings.json
new file mode 100644
index 000000000..0281fa0e1
--- /dev/null
+++ b/salt/elasticsearch/templates/component/so/assistant-settings.json
@@ -0,0 +1,7 @@
+{
+	"template": {},
+	"version": 1,
+	"_meta": {
+		"description": "default settings for common Security Onion Assistant indices"
+	}
+}