From c59096d9bd767ca1be06f2a538b15a6995a4f0c9 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 7 Jul 2020 10:42:12 -0400
Subject: [PATCH] rename node pillar to elasticsearch

---
 .../common/tools/sbin/so-elasticsearch-indices-rw |  2 +-
 salt/curator/files/action/close.yml               |  2 +-
 salt/curator/files/action/delete.yml              |  2 +-
 .../files/bin/so-curator-closed-delete-delete     |  6 +++---
 salt/curator/files/curator.yml                    |  2 +-
 salt/elastalert/init.sls                          |  2 +-
 salt/elasticsearch/files/elasticsearch.yml        |  2 +-
 salt/elasticsearch/init.sls                       |  4 ++--
 salt/firewall/hostgroups.yaml                     |  2 +-
 .../config/so/0900_input_redis.conf.jinja         |  2 +-
 .../config/so/9000_output_zeek.conf.jinja         |  2 +-
 .../config/so/9001_output_switch.conf.jinja       |  2 +-
 .../config/so/9002_output_import.conf.jinja       |  2 +-
 .../config/so/9004_output_flow.conf.jinja         |  2 +-
 .../config/so/9026_output_dhcp.conf.jinja         |  2 +-
 .../config/so/9029_output_esxi.conf.jinja         |  2 +-
 .../config/so/9030_output_greensql.conf.jinja     |  2 +-
 .../config/so/9031_output_iis.conf.jinja          |  2 +-
 .../config/so/9032_output_mcafee.conf.jinja       |  2 +-
 .../config/so/9033_output_snort.conf.jinja        |  2 +-
 .../config/so/9034_output_syslog.conf.jinja       |  2 +-
 .../config/so/9100_output_osquery.conf.jinja      |  2 +-
 .../config/so/9200_output_firewall.conf.jinja     |  2 +-
 .../config/so/9300_output_windows.conf.jinja      |  2 +-
 .../config/so/9301_output_dns_windows.conf.jinja  |  2 +-
 .../config/so/9400_output_suricata.conf.jinja     |  2 +-
 .../config/so/9500_output_beats.conf.jinja        |  2 +-
 .../config/so/9600_output_ossec.conf.jinja        |  2 +-
 salt/mysql/init.sls                               |  2 +-
 salt/playbook/init.sls                            |  2 +-
 salt/telegraf/etc/telegraf.conf                   |  2 +-
 salt/wazuh/files/agent/ossec.conf                 |  2 +-
 salt/wazuh/files/agent/wazuh-register-agent       |  2 +-
 setup/so-functions                                | 15 ++++++++-------
 setup/so-setup                                    |  2 +-
 35 files changed, 45 insertions(+), 44 deletions(-)

diff --git a/salt/common/tools/sbin/so-elasticsearch-indices-rw b/salt/common/tools/sbin/so-elasticsearch-indices-rw
index acc46ff0d..d49fd5f1b 100644
--- a/salt/common/tools/sbin/so-elasticsearch-indices-rw
+++ b/salt/common/tools/sbin/so-elasticsearch-indices-rw
@@ -15,7 +15,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-IP={{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('node:mainint', salt['pillar.get']('host:mainint')))))[0] }}
+IP={{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] }}
 ESPORT=9200
 THEHIVEESPORT=9400
 
diff --git a/salt/curator/files/action/close.yml b/salt/curator/files/action/close.yml
index a65e9af3d..d0bd1d5d1 100644
--- a/salt/curator/files/action/close.yml
+++ b/salt/curator/files/action/close.yml
@@ -1,5 +1,5 @@
 {%- if grains['role'] in ['so-node', 'so-searchnode', 'so-heavynode'] %}
-  {%- set cur_close_days = salt['pillar.get']('node:cur_close_days', '') -%}
+  {%- set cur_close_days = salt['pillar.get']('elasticsearch:cur_close_days', '') -%}
 {%- elif grains['role'] in ['so-eval', 'so-mastersearch', 'so-standalone'] %}
   {%- set cur_close_days = salt['pillar.get']('master:cur_close_days', '') -%}
 {%- endif -%}
diff --git a/salt/curator/files/action/delete.yml b/salt/curator/files/action/delete.yml
index 030bbbfac..f24f0b781 100644
--- a/salt/curator/files/action/delete.yml
+++ b/salt/curator/files/action/delete.yml
@@ -1,5 +1,5 @@
 {%- if grains['role'] in ['so-node', 'so-searchnode', 'so-heavynode'] %}
-  {%- set log_size_limit = salt['pillar.get']('node:log_size_limit', '') -%}
+  {%- set log_size_limit = salt['pillar.get']('elasticsearch:log_size_limit', '') -%}
 {%- elif grains['role'] in ['so-eval', 'so-mastersearch', 'so-standalone'] %}
   {%- set log_size_limit = salt['pillar.get']('master:log_size_limit', '') -%}
 {%- endif %}
diff --git a/salt/curator/files/bin/so-curator-closed-delete-delete b/salt/curator/files/bin/so-curator-closed-delete-delete
index 9075752db..4a6458394 100755
--- a/salt/curator/files/bin/so-curator-closed-delete-delete
+++ b/salt/curator/files/bin/so-curator-closed-delete-delete
@@ -2,9 +2,9 @@
 #!/bin/bash
 
 {%- if grains['role'] in ['so-node', 'so-searchnode', 'so-heavynode'] %}
-  {%- set ELASTICSEARCH_HOST = salt['pillar.get']('node:mainip', '') -%}  
-  {%- set ELASTICSEARCH_PORT = salt['pillar.get']('node:es_port', '') -%}
-  {%- set LOG_SIZE_LIMIT = salt['pillar.get']('node:log_size_limit', '') -%}
+  {%- set ELASTICSEARCH_HOST = salt['pillar.get']('elasticsearch:mainip', '') -%}  
+  {%- set ELASTICSEARCH_PORT = salt['pillar.get']('elasticsearch:es_port', '') -%}
+  {%- set LOG_SIZE_LIMIT = salt['pillar.get']('elasticsearch:log_size_limit', '') -%}
 {%- elif grains['role'] in ['so-eval', 'so-mastersearch', 'so-standalone'] %}
   {%- set ELASTICSEARCH_HOST = salt['pillar.get']('master:mainip', '') -%}
   {%- set ELASTICSEARCH_PORT = salt['pillar.get']('master:es_port', '') -%}
diff --git a/salt/curator/files/curator.yml b/salt/curator/files/curator.yml
index f6c238a08..e9b8a63ba 100644
--- a/salt/curator/files/curator.yml
+++ b/salt/curator/files/curator.yml
@@ -1,5 +1,5 @@
 {% if grains['role'] in ['so-node', 'so-heavynode'] %}
-  {%- set elasticsearch = salt['pillar.get']('node:mainip', '') -%}
+  {%- set elasticsearch = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {% elif grains['role'] in ['so-eval', 'so-mastersearch', 'so-standalone'] %}
   {%- set elasticsearch = salt['pillar.get']('master:mainip', '') -%}
 {%- endif %}
diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls
index 3b0b3fafe..b79acf77f 100644
--- a/salt/elastalert/init.sls
+++ b/salt/elastalert/init.sls
@@ -20,7 +20,7 @@
   {% set esip = salt['pillar.get']('master:mainip', '') %}
   {% set esport = salt['pillar.get']('master:es_port', '') %}
 {% elif grains['role'] == 'so-node' %}
-  {% set esalert = salt['pillar.get']('node:elastalert', '0') %}
+  {% set esalert = salt['pillar.get']('elasticsearch:elastalert', '0') %}
 {% endif %}
 
 # Elastalert
diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml
index 271ef40cf..02dd42aa5 100644
--- a/salt/elasticsearch/files/elasticsearch.yml
+++ b/salt/elasticsearch/files/elasticsearch.yml
@@ -12,7 +12,7 @@ path.logs: /var/log/elasticsearch
 action.destructive_requires_name: true
 {%- else %}
 {%- set esclustername = salt['grains.get']('host', '') %}
-{%- set nodeip = salt['pillar.get']('node:mainip', '') -%}
+{%- set nodeip = salt['pillar.get']('elasticsearch:mainip', '') -%}
 cluster.name: "{{ esclustername }}"
 network.host: 0.0.0.0
 discovery.zen.minimum_master_nodes: 1
diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls
index 4e57f1342..7292c055e 100644
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -26,8 +26,8 @@
   {% set esclustername = salt['pillar.get']('master:esclustername', '') %}
   {% set esheap = salt['pillar.get']('master:esheap', '') %}
 {% elif grains['role'] in ['so-node','so-heavynode'] %}
-  {% set esclustername = salt['pillar.get']('node:esclustername', '') %}
-  {% set esheap = salt['pillar.get']('node:esheap', '') %}
+  {% set esclustername = salt['pillar.get']('elasticsearch:esclustername', '') %}
+  {% set esheap = salt['pillar.get']('elasticsearch:esheap', '') %}
 {% endif %}
 
 vm.max_map_count:
diff --git a/salt/firewall/hostgroups.yaml b/salt/firewall/hostgroups.yaml
index 5f28d1af3..bd303001b 100644
--- a/salt/firewall/hostgroups.yaml
+++ b/salt/firewall/hostgroups.yaml
@@ -19,4 +19,4 @@ firewall:
       ips:
         delete:
         insert:
-          - {{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('node:mainint', salt['pillar.get']('host:mainint')))))[0] }}
\ No newline at end of file
+          - {{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] }}
\ No newline at end of file
diff --git a/salt/logstash/pipelines/config/so/0900_input_redis.conf.jinja b/salt/logstash/pipelines/config/so/0900_input_redis.conf.jinja
index dc2f7c4ce..4d6595dd9 100644
--- a/salt/logstash/pipelines/config/so/0900_input_redis.conf.jinja
+++ b/salt/logstash/pipelines/config/so/0900_input_redis.conf.jinja
@@ -1,5 +1,5 @@
 {%- if grains.role == 'so-heavynode' %}
-{%- set MASTER = salt['pillar.get']('node:mainip', '') %}
+{%- set MASTER = salt['pillar.get']('elasticsearch:mainip', '') %}
 {%- else %}
 {%- set MASTER = salt['pillar.get']('static:masterip', '') %}
 {% endif -%}
diff --git a/salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja b/salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja
index 6def12650..987614a2c 100644
--- a/salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja
@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/pipelines/config/so/9001_output_switch.conf.jinja b/salt/logstash/pipelines/config/so/9001_output_switch.conf.jinja
index 824f29e34..8e5e5f200 100644
--- a/salt/logstash/pipelines/config/so/9001_output_switch.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9001_output_switch.conf.jinja
@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/pipelines/config/so/9002_output_import.conf.jinja b/salt/logstash/pipelines/config/so/9002_output_import.conf.jinja
index b8c12d80f..9153d5c44 100644
--- a/salt/logstash/pipelines/config/so/9002_output_import.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9002_output_import.conf.jinja
@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Updated by: Doug Burks
 # Last Update: 5/16/2017
diff --git a/salt/logstash/pipelines/config/so/9004_output_flow.conf.jinja b/salt/logstash/pipelines/config/so/9004_output_flow.conf.jinja
index f830ffeb3..2e1e79f8b 100644
--- a/salt/logstash/pipelines/config/so/9004_output_flow.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9004_output_flow.conf.jinja
@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/pipelines/config/so/9026_output_dhcp.conf.jinja b/salt/logstash/pipelines/config/so/9026_output_dhcp.conf.jinja
index 0772841a8..3da9e83ef 100644
--- a/salt/logstash/pipelines/config/so/9026_output_dhcp.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9026_output_dhcp.conf.jinja
@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/pipelines/config/so/9029_output_esxi.conf.jinja b/salt/logstash/pipelines/config/so/9029_output_esxi.conf.jinja
index fc664564c..b84ab4ec9 100644
--- a/salt/logstash/pipelines/config/so/9029_output_esxi.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9029_output_esxi.conf.jinja
@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/pipelines/config/so/9030_output_greensql.conf.jinja b/salt/logstash/pipelines/config/so/9030_output_greensql.conf.jinja
index 1007d5f58..d6801530b 100644
--- a/salt/logstash/pipelines/config/so/9030_output_greensql.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9030_output_greensql.conf.jinja
@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/pipelines/config/so/9031_output_iis.conf.jinja b/salt/logstash/pipelines/config/so/9031_output_iis.conf.jinja
index f17616060..67616110f 100644
--- a/salt/logstash/pipelines/config/so/9031_output_iis.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9031_output_iis.conf.jinja
@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/pipelines/config/so/9032_output_mcafee.conf.jinja b/salt/logstash/pipelines/config/so/9032_output_mcafee.conf.jinja
index 9a6668619..c6641f671 100644
--- a/salt/logstash/pipelines/config/so/9032_output_mcafee.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9032_output_mcafee.conf.jinja
@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/pipelines/config/so/9033_output_snort.conf.jinja b/salt/logstash/pipelines/config/so/9033_output_snort.conf.jinja
index fdcbb0eb1..0cc7a3b66 100644
--- a/salt/logstash/pipelines/config/so/9033_output_snort.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9033_output_snort.conf.jinja
@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/pipelines/config/so/9034_output_syslog.conf.jinja b/salt/logstash/pipelines/config/so/9034_output_syslog.conf.jinja
index 7b35af576..59cae7b65 100644
--- a/salt/logstash/pipelines/config/so/9034_output_syslog.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9034_output_syslog.conf.jinja
@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 
 filter {
diff --git a/salt/logstash/pipelines/config/so/9100_output_osquery.conf.jinja b/salt/logstash/pipelines/config/so/9100_output_osquery.conf.jinja
index d09aae10b..21ae77095 100644
--- a/salt/logstash/pipelines/config/so/9100_output_osquery.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9100_output_osquery.conf.jinja
@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Josh Brower
 # Last Update: 12/29/2018
diff --git a/salt/logstash/pipelines/config/so/9200_output_firewall.conf.jinja b/salt/logstash/pipelines/config/so/9200_output_firewall.conf.jinja
index 41c82e21e..54c75873d 100644
--- a/salt/logstash/pipelines/config/so/9200_output_firewall.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9200_output_firewall.conf.jinja
@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/pipelines/config/so/9300_output_windows.conf.jinja b/salt/logstash/pipelines/config/so/9300_output_windows.conf.jinja
index 8b8a9299f..cddda5541 100644
--- a/salt/logstash/pipelines/config/so/9300_output_windows.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9300_output_windows.conf.jinja
@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/pipelines/config/so/9301_output_dns_windows.conf.jinja b/salt/logstash/pipelines/config/so/9301_output_dns_windows.conf.jinja
index fec703b1c..84fd1f5f7 100644
--- a/salt/logstash/pipelines/config/so/9301_output_dns_windows.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9301_output_dns_windows.conf.jinja
@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/pipelines/config/so/9400_output_suricata.conf.jinja b/salt/logstash/pipelines/config/so/9400_output_suricata.conf.jinja
index e7e917727..1d36d774d 100644
--- a/salt/logstash/pipelines/config/so/9400_output_suricata.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9400_output_suricata.conf.jinja
@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja b/salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja
index e50c04eee..932a194ab 100644
--- a/salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja
@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 
 output {
diff --git a/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja b/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja
index 93bffca7d..5a8f9f5ba 100644
--- a/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja
@@ -1,7 +1,7 @@
 {%- if grains['role'] == 'so-eval' -%}
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
-{%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/mysql/init.sls b/salt/mysql/init.sls
index c96be214c..6bb99d98c 100644
--- a/salt/mysql/init.sls
+++ b/salt/mysql/init.sls
@@ -2,7 +2,7 @@
 {%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
-{% set MAINIP = salt['pillar.get']('node:mainip') %}
+{% set MAINIP = salt['pillar.get']('elasticsearch:mainip') %}
 {% set FLEETARCH = salt['grains.get']('role') %}
 
 {% if FLEETARCH == "so-fleet" %}
diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls
index 2282d8518..eca8bda40 100644
--- a/salt/playbook/init.sls
+++ b/salt/playbook/init.sls
@@ -1,7 +1,7 @@
 {% set MASTERIP = salt['pillar.get']('master:mainip', '') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
-{% set MAINIP = salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('node:mainint', salt['pillar.get']('host:mainint')))))[0] %}
+{% set MAINIP = salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] %}
 {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
 {%- set PLAYBOOKPASS = salt['pillar.get']('secrets:playbook', None) -%}
 
diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf
index 3495a0a85..be99dc849 100644
--- a/salt/telegraf/etc/telegraf.conf
+++ b/salt/telegraf/etc/telegraf.conf
@@ -14,7 +14,7 @@
 # for numbers and booleans they should be plain (ie, $INT_VAR, $BOOL_VAR)
 
 {%- set MASTER = grains['master'] %}
-{% set NODEIP = salt['pillar.get']('node:mainip', '') %}
+{% set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %}
 {% set HELIX_API_KEY = salt['pillar.get']('fireeye:helix:api_key', '') %}
 {% set UNIQUEID = salt['pillar.get']('sensor:uniqueid', '') %}
 
diff --git a/salt/wazuh/files/agent/ossec.conf b/salt/wazuh/files/agent/ossec.conf
index 95d17bc8d..ffc7922b0 100644
--- a/salt/wazuh/files/agent/ossec.conf
+++ b/salt/wazuh/files/agent/ossec.conf
@@ -1,7 +1,7 @@
 {%- if grains['role'] in ['so-master', 'so-eval', 'so-mastersearch', 'so-standalone'] %}
   {%- set ip = salt['pillar.get']('static:masterip', '') %}
 {%- elif grains['role'] == 'so-node' or grains['role'] == 'so-heavynode' %}
-  {%- set ip = salt['pillar.get']('node:mainip', '') %}
+  {%- set ip = salt['pillar.get']('elasticsearch:mainip', '') %}
 {%- elif grains['role'] == 'so-sensor' %}
   {%- set ip = salt['pillar.get']('sensor:mainip', '') %}
 {%- endif %}
diff --git a/salt/wazuh/files/agent/wazuh-register-agent b/salt/wazuh/files/agent/wazuh-register-agent
index c636cd899..b38474d8e 100755
--- a/salt/wazuh/files/agent/wazuh-register-agent
+++ b/salt/wazuh/files/agent/wazuh-register-agent
@@ -1,7 +1,7 @@
 {%- if grains['role'] in ['so-master', 'so-eval', 'so-mastersearch', 'so-standalone'] %}
   {%- set ip = salt['pillar.get']('static:masterip', '') %}
 {%- elif grains['role'] == 'so-node' or grains['role'] == 'so-heavynode' %}
-  {%- set ip = salt['pillar.get']('node:mainip', '') %}
+  {%- set ip = salt['pillar.get']('elasticsearch:mainip', '') %}
 {%- elif grains['role'] == 'so-sensor' %}
   {%- set ip = salt['pillar.get']('sensor:mainip', '') %}
 {%- endif %}
diff --git a/setup/so-functions b/setup/so-functions
index cd81074f2..c52abbb97 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1004,7 +1004,7 @@ master_static() {
 		"  fleet_ip: N/A"\
 		"  sensoronikey: $SENSORONIKEY"\
 		"  wazuh: $WAZUH"\
-                "  masterupdate: $MASTERUPDATES"\
+        "  masterupdate: $MASTERUPDATES"\
 		"strelka:"\
 		"  enabled: $STRELKA"\
 		"  rules: $STRELKARULES"\
@@ -1047,22 +1047,26 @@ network_setup() {
 	} >> "$setup_log" 2>&1
 }
 
-node_pillar() {
+elasticsearch_pillar() {
 
 	local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls
 
 	# Create the node pillar
 	printf '%s\n'\
-		"node:"\
+		"elasticsearch:"\
 		"  mainip: $MAINIP"\
 		"  mainint: $MNIC"\
 		"  esheap: $NODE_ES_HEAP_SIZE"\
 		"  esclustername: {{ grains.host }}"\
-		"  es_shard_count: $SHARDCOUNT"\
 		"  node_type: $NODETYPE"\
 		"  es_port: $node_es_port"\
 		"  log_size_limit: $log_size_limit"\
 		"  cur_close_days: $CURCLOSEDAYS"\
+		"  route_type: hot"\
+		"  index_settings:"\
+		"    so-zeek:"\
+		"      shards: 5"\
+		"      replicas: 0"\
 		"" >> "$pillar_file"
 
 	if [ "$install_type" != 'EVAL' ] && [ "$install_type" != 'HELIXSENSOR' ] && [ "$install_type" != 'MASTERSEARCH' ] && [ "$install_type" != 'STANDALONE' ]; then
@@ -1563,9 +1567,6 @@ set_node_type() {
 		'SEARCHNODE' | 'EVAL' | 'MASTERSEARCH' | 'HEAVYNODE' | 'STANDALONE')
 			NODETYPE='search'
 			;;
-		'PARSINGNODE')
-			NODETYPE='parser'
-			;;
 		'HOTNODE')
 			NODETYPE='hot'
 			;;
diff --git a/setup/so-setup b/setup/so-setup
index 775064f9f..22b47edfb 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -441,7 +441,7 @@ fi
 		set_node_type >> $setup_log 2>&1
 
 		set_progress_str 19 'Generating search node pillar'
-		node_pillar >> $setup_log 2>&1
+		elasticsearch_pillar >> $setup_log 2>&1
 	fi
 
 	if [[ $is_minion ]]; then