From 82c3d78672422daace57ec43e4e3ed5e35273246 Mon Sep 17 00:00:00 2001
From: Wes <wlambertts@gmail.com>
Date: Thu, 18 May 2023 16:52:27 +0000
Subject: [PATCH 1/2] Change Elasticsearch host syntax

---
 salt/elastalert/map.jinja | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/elastalert/map.jinja b/salt/elastalert/map.jinja
index cc395d8ee..7cec262d0 100644
--- a/salt/elastalert/map.jinja
+++ b/salt/elastalert/map.jinja
@@ -8,7 +8,7 @@
 {% set elastalert_pillar = salt['pillar.get']('elastalert:config', {}) %}
 
 
-{% do ELASTALERTDEFAULTS.elastalert.config.update({'es_host': GLOBALS.manager}) %}
+{% do ELASTALERTDEFAULTS.elastalert.config.update({'es_hosts': 'https://' + GLOBALS.manager + ':' + ELASTALERTDEFAULTS.elastalert.config.es_port|string}) %}
 {% do ELASTALERTDEFAULTS.elastalert.config.update({'es_username': pillar.elasticsearch.auth.users.so_elastic_user.user}) %}
 {% do ELASTALERTDEFAULTS.elastalert.config.update({'es_password': pillar.elasticsearch.auth.users.so_elastic_user.pass}) %}
 

From d3c7ea4805374b4c3b1c22095163eb71c6bc4a51 Mon Sep 17 00:00:00 2001
From: Wes <wlambertts@gmail.com>
Date: Thu, 18 May 2023 16:55:26 +0000
Subject: [PATCH 2/2] Add EQL option

---
 salt/elastalert/defaults.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/elastalert/defaults.yaml b/salt/elastalert/defaults.yaml
index 1083fa8fd..0b31a6b99 100644
--- a/salt/elastalert/defaults.yaml
+++ b/salt/elastalert/defaults.yaml
@@ -13,6 +13,7 @@ elastalert:
     es_port: 9200
     es_conn_timeout: 55
     max_query_size: 5000
+    eql: true
     use_ssl: true
     verify_certs: false
     writeback_index: elastalert_status