After upgrading from 2.4.120 to 2.4.130, after a reboot, manager is unable to start its containers

[Ximalas]

Version

2.4.130

Installation Method

Security Onion ISO image

Description

other (please provide detail below)

Installation Type

Distributed

Location

on-prem with Internet access

Hardware Specs

Exceeds minimum requirements

CPU

32

RAM

384 GiB

Storage for /

145 GB (manager)

Storage for /nsm

291 GB (manager)

Network Traffic Collection

tap

Network Traffic Speeds

1Gbps to 10Gbps

Status

No, one or more services are failed (please provide detail below)

Salt Status

Yes, there are salt failures (please provide detail below)

Logs

Yes, there are additional clues in /opt/so/log/ (please provide detail below)

Detail

After upgrading from 2.4.120 to 2.4.130, some five days ago, I first had issues with Kibana. In my case this was solved by manually restarting the Kibana container on the manager. Today, I wanted to adjust the Stenographer settings, but I couldn't access the configuration tree. I decided to restart the manager. Now, the manager is desperately trying to start the containers, but falling short. This snippet is from /opt/so/log/salt/master:

2025-03-19 15:22:13,709 [salt.pillar      :955 ][CRITICAL][2174] Rendering SLS 'idstools.soc_idstools' failed, render error:
could not find expected ':'; line 53399

---
[...]
            - 2522841 "flowbits" "noalert; flowbits"
            - 2522842 "flowbits" "noalert; flowbits"
            - 2522843 "flowbits" "noalert; flowbits"
            - 2522844 "flowbits" "noalert; flowbits"
ts" "noalert; flowbits"
     <======================
---
Traceback (most recent call last):
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/renderers/yaml.py", line 62, in render
    data = yamlloader.load(yaml_data, Loader=get_yaml_loader(argline))
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/utils/yamlloader.py", line 158, in load
    return yaml.load(stream, Loader=Loader)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/yaml/__init__.py", line 81, in load
    return loader.get_single_data()
  File "/opt/saltstack/salt/lib/python3.10/site-packages/yaml/constructor.py", line 49, in get_single_data
    node = self.get_single_node()
  File "/opt/saltstack/salt/lib/python3.10/site-packages/yaml/composer.py", line 36, in get_single_node
    document = self.compose_document()
  File "/opt/saltstack/salt/lib/python3.10/site-packages/yaml/composer.py", line 55, in compose_document
    node = self.compose_node(None, None)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/yaml/composer.py", line 84, in compose_node
    node = self.compose_mapping_node(anchor)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/yaml/composer.py", line 133, in compose_mapping_node
    item_value = self.compose_node(node, item_key)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/yaml/composer.py", line 84, in compose_node
    node = self.compose_mapping_node(anchor)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/yaml/composer.py", line 133, in compose_mapping_node
    item_value = self.compose_node(node, item_key)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/yaml/composer.py", line 84, in compose_node
    node = self.compose_mapping_node(anchor)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/yaml/composer.py", line 133, in compose_mapping_node
    item_value = self.compose_node(node, item_key)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/yaml/composer.py", line 82, in compose_node
    node = self.compose_sequence_node(anchor)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/yaml/composer.py", line 110, in compose_sequence_node
    while not self.check_event(SequenceEndEvent):
  File "/opt/saltstack/salt/lib/python3.10/site-packages/yaml/parser.py", line 98, in check_event
    self.current_event = self.state()
  File "/opt/saltstack/salt/lib/python3.10/site-packages/yaml/parser.py", line 382, in parse_block_sequence_entry
    if self.check_token(BlockEntryToken):
  File "/opt/saltstack/salt/lib/python3.10/site-packages/yaml/scanner.py", line 115, in check_token
    while self.need_more_tokens():
  File "/opt/saltstack/salt/lib/python3.10/site-packages/yaml/scanner.py", line 152, in need_more_tokens
    self.stale_possible_simple_keys()
  File "/opt/saltstack/salt/lib/python3.10/site-packages/yaml/scanner.py", line 291, in stale_possible_simple_keys
    raise ScannerError("while scanning a simple key", key.mark,
yaml.scanner.ScannerError: while scanning a simple key
  in "<unicode string>", line 53398, column 1:
    ts" "noalert; flowbits"
    ^
could not find expected ':'
  in "<unicode string>", line 53399, column 1:
    
    ^

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/pillar/__init__.py", line 942, in render_pstate
    state = compile_template(
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/template.py", line 100, in compile_template
    ret = render(input_data, saltenv, sls, **render_kwargs)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 159, in __call__
    ret = self.loader.run(run_func, *args, **kwargs)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1245, in run
    return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1260, in _run_as
    ret = _func_or_method(*args, **kwargs)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/renderers/yaml.py", line 66, in render
    raise SaltRenderError(err_type, line_num, exc.problem_mark.buffer)
salt.exceptions.SaltRenderError: could not find expected ':'; line 53399

---
[...]
            - 2522841 "flowbits" "noalert; flowbits"
            - 2522842 "flowbits" "noalert; flowbits"
            - 2522843 "flowbits" "noalert; flowbits"
            - 2522844 "flowbits" "noalert; flowbits"
ts" "noalert; flowbits"
     <======================
---

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[Ximalas]

I have lately been deactivating multiple alerts and tuning other alerts to be ignored for certain source IP addresses. There might be a connection.

[Ximalas]

Looking at /opt/so/saltstack/local/pillar/idstools/soc_idstools.sls, the first few lines read:

idstools:
    sids:
        disabled:
            - "2100381"
            - "2100368"
            - "2100384"
            - "2100629"
            - "2009584"
            - "2009582"
            - "2000537"

And the last few lines read:

            - 2522842 "flowbits" "noalert; flowbits"
            - 2522843 "flowbits" "noalert; flowbits"
            - 2522844 "flowbits" "noalert; flowbits"
ts" "noalert; flowbits"

I deleted the last, incomplete line and saved the file. This allowed Salt to recover.

The sister file /opt/so/saltstack/local/pillar/idstools/adv_idstools.sls is empty.

If possible, it would help if full pathnames to configuration files to be read are announced when containers/services are about to be started.

[dougburks]

Hello @Ximalas !

I'm glad you were able to resolve your own issue.

Just out of curiosity, is it possible that you were manually editing /opt/so/saltstack/local/pillar/idstools/soc_idstools.sls perhaps using a text editor like vi? I could see a scenario where you pasted another flowbits line while not in insert mode, and when the terminal got to the i in flowbits , that put vi into insert mode and it dutifully wrote the remainder of the pasted text.

If that's the case, we recommend that you do not manually edit these files using text editors. We've built web interfaces so that you don't have to manually edit these files and that should help avoid improper syntax like this.

https://docs.securityonion.net/en/2.4/detections.html
https://docs.securityonion.net/en/2.4/nids.html#nids
https://docs.securityonion.net/en/2.4/administration.html#configuration

[Ximalas]

No, that's not the case. I'm at the mercy of the web interface and its speed and latency.

Funny enough, alerts I disabled while running 2.4.100 or so, have started to appear in the alert list. When I click on the information icon, sure enough, the alert is really disabled.

[dougburks]

No, that's not the case. I'm at the mercy of the web interface

We can't come up with any reason why the web interface would write out that partial flowbits line like that. Are you sure that nobody else has access to your system who may have manually edited the file?

and its speed and latency.

Not sure what you mean by this. SOC is fast and low latency for our installations.

Funny enough, alerts I disabled while running 2.4.100 or so, have started to appear in the alert list. When I click on the information icon, sure enough, the alert is really disabled.

If you need help troubleshooting this, please start a new discussion with appropriate title and provide further information.

[Ximalas]

/opt/so/log/salt/master/opt/so/log/salt/master now says:

2025-03-19 16:18:48,305 [salt.utils.event :906 ][ERROR   ][2176] Event iteration failed with exception: 'list' object has no attribute 'items'

It's difficult to relate this error message to a particular container/service.

Some additional error messages popped up in this log file:

2025-03-19 16:31:44,440 [salt.client      :1907][ERROR   ][2175] Message timed out
2025-03-19 16:31:44,441 [salt.master      :1933][ERROR   ][2175] Error in function minion_pub:
Traceback (most recent call last):
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/client/__init__.py", line 1905, in pub
    payload = channel.send(payload_kwargs, timeout=timeout)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/utils/asynchronous.py", line 124, in wrap
    raise exc_info[1].with_traceback(exc_info[2])
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/utils/asynchronous.py", line 130, in _target
    result = io_loop.run_sync(lambda: getattr(self.obj, key)(*args, **kwargs))
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/ext/tornado/ioloop.py", line 459, in run_sync
    return future_cell[0].result()
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/ext/tornado/concurrent.py", line 249, in result
    raise_exc_info(self._exc_info)
  File "<string>", line 4, in raise_exc_info
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/ext/tornado/gen.py", line 1064, in run
    yielded = self.gen.throw(*exc_info)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/channel/client.py", line 324, in send
    ret = yield self._uncrypted_transfer(load, timeout=timeout)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/ext/tornado/gen.py", line 1056, in run
    value = future.result()
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/ext/tornado/concurrent.py", line 249, in result
    raise_exc_info(self._exc_info)
  File "<string>", line 4, in raise_exc_info
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/ext/tornado/gen.py", line 1064, in run
    yielded = self.gen.throw(*exc_info)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/channel/client.py", line 295, in _uncrypted_transfer
    ret = yield self.transport.send(
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/ext/tornado/gen.py", line 1056, in run
    value = future.result()
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/ext/tornado/concurrent.py", line 249, in result
    raise_exc_info(self._exc_info)
  File "<string>", line 4, in raise_exc_info
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/ext/tornado/gen.py", line 1064, in run
    yielded = self.gen.throw(*exc_info)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/transport/zeromq.py", line 923, in send
    ret = yield self.message_client.send(load, timeout=timeout)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/ext/tornado/gen.py", line 1056, in run
    value = future.result()
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/ext/tornado/concurrent.py", line 249, in result
    raise_exc_info(self._exc_info)
  File "<string>", line 4, in raise_exc_info
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/ext/tornado/gen.py", line 1064, in run
    yielded = self.gen.throw(*exc_info)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/transport/zeromq.py", line 595, in send
    recv = yield future
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/ext/tornado/gen.py", line 1056, in run
    value = future.result()
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/ext/tornado/concurrent.py", line 249, in result
    raise_exc_info(self._exc_info)
  File "<string>", line 4, in raise_exc_info
salt.exceptions.SaltReqTimeoutError: Message timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/client/__init__.py", line 386, in run_job
    pub_data = self.pub(
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/client/__init__.py", line 1908, in pub
    raise SaltReqTimeoutError(
salt.exceptions.SaltReqTimeoutError: Salt request timed out. The master is not responding. You may need to run your command with `--async` in order to bypass the congested event bus. With `--async`, the CLI tool will print the job id (jid) and exit immediately without listening for responses. You can then use `salt-run jobs.lookup_jid` to look up the results of the job in the job cache later.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/master.py", line 1927, in run_func
    ret = getattr(self, func)(load)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/master.py", line 1848, in minion_pub
    return self.masterapi.minion_pub(clear_load)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/daemons/masterapi.py", line 952, in minion_pub
    ret["jid"] = self.local.cmd_async(**pub_load)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/client/__init__.py", line 493, in cmd_async
    pub_data = self.run_job(
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/client/__init__.py", line 408, in run_job
    raise SaltClientError(general_exception)
salt.exceptions.SaltClientError: Salt request timed out. The master is not responding. You may need to run your command with `--async` in order to bypass the congested event bus. With `--async`, the CLI tool will print the job id (jid) and exit immediately without listening for responses. You can then use `salt-run jobs.lookup_jid` to look up the results of the job in the job cache later.

An inspection revealed:

$ sudo salt-call state.highstate
local:
    Data failed to compile:
----------
    The function "state.highstate" is running as PID 434260 and was started at 2025, Mar 19 16:26:06.060060 with jid 20250319162606060060

Rerunning $ sudo salt-call state.highstate a few minutes later produced volumnious output, ending in:

Summary for local
--------------
Succeeded: 585 (changed=35)
Failed:      1
--------------
Total states run:     586
Total run time:   225.321 s

The failure is:

----------
          ID: so-elasticsearch-templates
    Function: cmd.run
        Name: /usr/sbin/so-elasticsearch-templates-load
      Result: False
     Comment: Command "/usr/sbin/so-elasticsearch-templates-load" run
     Started: 16:38:44.216543
    Duration: 20299.01 ms
     Changes:
              ----------
              pid:
                  530534
              retcode:
                  1
              stderr:
              stdout:
                  State file /opt/so/state/estemplates.txt not found. Running so-elasticsearch-templates-load.
                  Waiting for ElasticSearch...Executing command with retry support: so-elasticsearch-query / -k --output /dev/null --silent --head --fail
                  Results:  (0)
                  Loading ECS component templates...
                  Loading template file agent.json
                  Executing command with retry support: so-elasticsearch-query _component_template/agent-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file aws.json
                  Executing command with retry support: so-elasticsearch-query _component_template/aws-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file azure.json
                  Executing command with retry support: so-elasticsearch-query _component_template/azure-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file base.json
                  Executing command with retry support: so-elasticsearch-query _component_template/base-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file cef.json
                  Executing command with retry support: so-elasticsearch-query _component_template/cef-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file checkpoint.json
                  Executing command with retry support: so-elasticsearch-query _component_template/checkpoint-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file cisco.json
                  Executing command with retry support: so-elasticsearch-query _component_template/cisco-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file client.json
                  Executing command with retry support: so-elasticsearch-query _component_template/client-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file cloud.json
                  Executing command with retry support: so-elasticsearch-query _component_template/cloud-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file container.json
                  Executing command with retry support: so-elasticsearch-query _component_template/container-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file cyberark.json
                  Executing command with retry support: so-elasticsearch-query _component_template/cyberark-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file data_stream.json
                  Executing command with retry support: so-elasticsearch-query _component_template/data_stream-mappings -d@data_stream.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file destination.json
                  Executing command with retry support: so-elasticsearch-query _component_template/destination-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file device.json
                  Executing command with retry support: so-elasticsearch-query _component_template/device-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dll.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dll-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dns.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dns-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file ecs.json
                  Executing command with retry support: so-elasticsearch-query _component_template/ecs-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file elasticsearch.json
                  Executing command with retry support: so-elasticsearch-query _component_template/elasticsearch-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file error.json
                  Executing command with retry support: so-elasticsearch-query _component_template/error-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file event.json
                  Executing command with retry support: so-elasticsearch-query _component_template/event-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file file.json
                  Executing command with retry support: so-elasticsearch-query _component_template/file-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file fortinet.json
                  Executing command with retry support: so-elasticsearch-query _component_template/fortinet-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file gcp.json
                  Executing command with retry support: so-elasticsearch-query _component_template/gcp-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file google_workspace.json
                  Executing command with retry support: so-elasticsearch-query _component_template/google_workspace-mappings -d@google_workspace.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file group.json
                  Executing command with retry support: so-elasticsearch-query _component_template/group-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file host.json
                  Executing command with retry support: so-elasticsearch-query _component_template/host-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file http.json
                  Executing command with retry support: so-elasticsearch-query _component_template/http-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file juniper.json
                  Executing command with retry support: so-elasticsearch-query _component_template/juniper-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file kibana.json
                  Executing command with retry support: so-elasticsearch-query _component_template/kibana-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file kismet.json
                  Executing command with retry support: so-elasticsearch-query _component_template/kismet-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file log.json
                  Executing command with retry support: so-elasticsearch-query _component_template/log-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file logstash.json
                  Executing command with retry support: so-elasticsearch-query _component_template/logstash-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file microsoft.json
                  Executing command with retry support: so-elasticsearch-query _component_template/microsoft-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file misp.json
                  Executing command with retry support: so-elasticsearch-query _component_template/misp-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file netflow.json
                  Executing command with retry support: so-elasticsearch-query _component_template/netflow-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file network.json
                  Executing command with retry support: so-elasticsearch-query _component_template/network-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file o365.json
                  Executing command with retry support: so-elasticsearch-query _component_template/o365-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file observer.json
                  Executing command with retry support: so-elasticsearch-query _component_template/observer-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file okta.json
                  Executing command with retry support: so-elasticsearch-query _component_template/okta-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file orchestrator.json
                  Executing command with retry support: so-elasticsearch-query _component_template/orchestrator-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file organization.json
                  Executing command with retry support: so-elasticsearch-query _component_template/organization-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file package.json
                  Executing command with retry support: so-elasticsearch-query _component_template/package-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file process.json
                  Executing command with retry support: so-elasticsearch-query _component_template/process-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file redis.json
                  Executing command with retry support: so-elasticsearch-query _component_template/redis-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file registry.json
                  Executing command with retry support: so-elasticsearch-query _component_template/registry-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file related.json
                  Executing command with retry support: so-elasticsearch-query _component_template/related-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file rule.json
                  Executing command with retry support: so-elasticsearch-query _component_template/rule-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file server.json
                  Executing command with retry support: so-elasticsearch-query _component_template/server-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file service.json
                  Executing command with retry support: so-elasticsearch-query _component_template/service-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file snyk.json
                  Executing command with retry support: so-elasticsearch-query _component_template/snyk-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file sophos.json
                  Executing command with retry support: so-elasticsearch-query _component_template/sophos-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file source.json
                  Executing command with retry support: so-elasticsearch-query _component_template/source-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file suricata.json
                  Executing command with retry support: so-elasticsearch-query _component_template/suricata-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file syslog.json
                  Executing command with retry support: so-elasticsearch-query _component_template/syslog-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file threat.json
                  Executing command with retry support: so-elasticsearch-query _component_template/threat-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file tls.json
                  Executing command with retry support: so-elasticsearch-query _component_template/tls-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file tracing.json
                  Executing command with retry support: so-elasticsearch-query _component_template/tracing-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file url.json
                  Executing command with retry support: so-elasticsearch-query _component_template/url-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file user.json
                  Executing command with retry support: so-elasticsearch-query _component_template/user-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file user_agent.json
                  Executing command with retry support: so-elasticsearch-query _component_template/user_agent-mappings -d@user_agent.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file vulnerability.json
                  Executing command with retry support: so-elasticsearch-query _component_template/vulnerability-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file winlog.json
                  Executing command with retry support: so-elasticsearch-query _component_template/winlog-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file zeek.json
                  Executing command with retry support: so-elasticsearch-query _component_template/zeek-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)

                  Loading Elastic Agent component templates...
                  Loading template file logs-osquery_manager.action.responses.json
                  Executing command with retry support: so-elasticsearch-query _component_template/logs-osquery_manager.action.responses -d@logs-osquery_manager.action.responses.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file logs-osquery_manager.actions.json
                  Executing command with retry support: so-elasticsearch-query _component_template/logs-osquery_manager.actions -d@logs-osquery_manager.actions.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file [email protected]
                  Executing command with retry support: so-elasticsearch-query _component_template/logs-osquery_manager.result@custom -d@[email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file [email protected]
                  Executing command with retry support: so-elasticsearch-query _component_template/logs-soc@package -d@[email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file [email protected]
                  Executing command with retry support: so-elasticsearch-query _component_template/logs-system.syslog@custom [email protected]@custom.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file [email protected]
                  Executing command with retry support: so-elasticsearch-query _component_template/logs@custom -d@[email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file [email protected]
                  Executing command with retry support: so-elasticsearch-query _component_template/metrics@custom -d@[email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-data-streams-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/so-data-streams-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-fleet_agent_id_verification-1.json
                  Executing command with retry support: so-elasticsearch-query _component_template/so-fleet_agent_id_verification-1 -d@so-fleet_agent_id_verification-1.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-fleet_globals-1.json
                  Executing command with retry support: so-elasticsearch-query _component_template/so-fleet_globals-1 -d@so-fleet_globals-1.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-fleet_integrations.ip_mappings-1.json
                  Executing command with retry support: so-elasticsearch-query _component_template/so-fleet_integrations.ip_mappings-1 -d@so-fleet_integrations.ip_mappings-1.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-items-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/so-items-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-lists-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/so-lists-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/so-logs-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-settings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/so-logs-settings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)

                  Loading Security Onion component templates...
                  Loading template file case-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/case-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file case-settings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/case-settings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file common-dynamic-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/common-dynamic-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file common-settings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/common-settings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file detection-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/detection-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file detection-settings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/detection-settings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dtc-agent-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dtc-agent-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dtc-base-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dtc-base-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dtc-client-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dtc-client-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dtc-destination-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dtc-destination-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dtc-dns-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dtc-dns-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dtc-ecs-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dtc-ecs-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dtc-event-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dtc-event-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dtc-file-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dtc-file-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dtc-host-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dtc-host-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dtc-http-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dtc-http-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dtc-network-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dtc-network-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dtc-observer-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dtc-observer-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dtc-process-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dtc-process-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dtc-rule-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dtc-rule-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dtc-service-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dtc-service-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dtc-source-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dtc-source-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dtc-syslog-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dtc-syslog-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dtc-user-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dtc-user-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dtc-user_agent-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dtc-user_agent-mappings -d@dtc-user_agent-mappings.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file dtc-winlog-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/dtc-winlog-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file endgame-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/endgame-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file pb-override-destination-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/pb-override-destination-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file pb-override-source-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/pb-override-source-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-file-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/so-file-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-ip-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/so-ip-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-rule-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/so-rule-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-scan-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/so-scan-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-system-mappings.json
                  Executing command with retry support: so-elasticsearch-query _component_template/so-system-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)

                  Loading Security Onion index templates...
                  Loading template file so-case-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-case [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-common-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-common [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-detection-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-detection [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-endgame-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-endgame [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-hydra-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-hydra [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-idh-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-idh [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-import-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-import [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-ip-mappings-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-ip-mappings [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-items-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-items [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-kismet-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-kismet [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-kratos-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-kratos [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-lists-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-lists [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-1password.item_usages-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-1password.item_usages [email protected]_usages-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-1password.signin_attempts-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-1password.signin_attempts [email protected]_attempts-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-apache.access-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-apache.access [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-apache.error-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-apache.error [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-auditd.log-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-auditd.log [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-auth0.logs-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-auth0.logs [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-aws.cloudfront_logs-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-aws.cloudfront_logs [email protected]_logs-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-aws.cloudtrail-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-aws.cloudtrail [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-aws.cloudwatch_logs-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-aws.cloudwatch_logs [email protected]_logs-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-aws.ec2_logs-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-aws.ec2_logs [email protected]_logs-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-aws.elb_logs-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-aws.elb_logs [email protected]_logs-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-aws.firewall_logs-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-aws.firewall_logs [email protected]_logs-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-aws.guardduty-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-aws.guardduty [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-aws.inspector-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-aws.inspector [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-aws.route53_public_logs-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-aws.route53_public_logs [email protected]_public_logs-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-aws.route53_resolver_logs-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-aws.route53_resolver_logs [email protected]_resolver_logs-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-aws.s3access-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-aws.s3access [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-aws.securityhub_findings-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-aws.securityhub_findings [email protected]_findings-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-aws.securityhub_insights-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-aws.securityhub_insights [email protected]_insights-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-aws.vpcflow-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-aws.vpcflow [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-aws.waf-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-aws.waf [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-azure.activitylogs-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-azure.activitylogs [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-azure.application_gateway-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-azure.application_gateway [email protected]_gateway-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-azure.auditlogs-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-azure.auditlogs [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-azure.eventhub-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-azure.eventhub [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-azure.firewall_logs-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-azure.firewall_logs [email protected]_logs-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-azure.identity_protection-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-azure.identity_protection [email protected]_protection-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-azure.platformlogs-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-azure.platformlogs [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-azure.provisioning-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-azure.provisioning [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-azure.signinlogs-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-azure.signinlogs [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-azure.springcloudlogs-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-azure.springcloudlogs [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-barracuda.waf-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-barracuda.waf [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-barracuda_cloudgen_firewall.log-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-barracuda_cloudgen_firewall.log -d@so-logs-barracuda_cloudgen_firewall.log-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-carbonblack_edr.log-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-carbonblack_edr.log -d@so-logs-carbonblack_edr.log-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cef.log-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cef.log [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-checkpoint.firewall-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-checkpoint.firewall [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cisco_asa.log-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cisco_asa.log -d@so-logs-cisco_asa.log-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cisco_duo.admin-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cisco_duo.admin -d@so-logs-cisco_duo.admin-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cisco_duo.auth-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cisco_duo.auth -d@so-logs-cisco_duo.auth-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cisco_duo.offline_enrollment-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cisco_duo.offline_enrollment -d@so-logs-cisco_duo.offline_enrollment-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cisco_duo.summary-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cisco_duo.summary -d@so-logs-cisco_duo.summary-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cisco_duo.telephony-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cisco_duo.telephony -d@so-logs-cisco_duo.telephony-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cisco_ftd.log-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cisco_ftd.log -d@so-logs-cisco_ftd.log-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cisco_ios.log-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cisco_ios.log -d@so-logs-cisco_ios.log-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cisco_ise.log-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cisco_ise.log -d@so-logs-cisco_ise.log-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cisco_meraki.events-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cisco_meraki.events -d@so-logs-cisco_meraki.events-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cisco_meraki.log-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cisco_meraki.log -d@so-logs-cisco_meraki.log-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cisco_secure_email_gateway.log-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cisco_secure_email_gateway.log -d@so-logs-cisco_secure_email_gateway.log-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cisco_umbrella.log-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cisco_umbrella.log -d@so-logs-cisco_umbrella.log-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-citrix_adc.interface-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-citrix_adc.interface -d@so-logs-citrix_adc.interface-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-citrix_adc.lbvserver-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-citrix_adc.lbvserver -d@so-logs-citrix_adc.lbvserver-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-citrix_adc.service-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-citrix_adc.service -d@so-logs-citrix_adc.service-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-citrix_adc.system-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-citrix_adc.system -d@so-logs-citrix_adc.system-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-citrix_adc.vpn-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-citrix_adc.vpn -d@so-logs-citrix_adc.vpn-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-citrix_waf.log-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-citrix_waf.log -d@so-logs-citrix_waf.log-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cloudflare.audit-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cloudflare.audit [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cloudflare.logpull-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cloudflare.logpull [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cloudflare_logpush.access_request-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cloudflare_logpush.access_request -d@so-logs-cloudflare_logpush.access_request-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cloudflare_logpush.audit-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cloudflare_logpush.audit -d@so-logs-cloudflare_logpush.audit-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cloudflare_logpush.casb-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cloudflare_logpush.casb -d@so-logs-cloudflare_logpush.casb-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cloudflare_logpush.device_posture-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cloudflare_logpush.device_posture -d@so-logs-cloudflare_logpush.device_posture-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cloudflare_logpush.dns-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cloudflare_logpush.dns -d@so-logs-cloudflare_logpush.dns-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cloudflare_logpush.dns_firewall-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cloudflare_logpush.dns_firewall -d@so-logs-cloudflare_logpush.dns_firewall-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cloudflare_logpush.firewall_event-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cloudflare_logpush.firewall_event -d@so-logs-cloudflare_logpush.firewall_event-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cloudflare_logpush.gateway_dns-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cloudflare_logpush.gateway_dns -d@so-logs-cloudflare_logpush.gateway_dns-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cloudflare_logpush.gateway_http-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cloudflare_logpush.gateway_http -d@so-logs-cloudflare_logpush.gateway_http-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cloudflare_logpush.gateway_network-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cloudflare_logpush.gateway_network -d@so-logs-cloudflare_logpush.gateway_network-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cloudflare_logpush.http_request-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cloudflare_logpush.http_request -d@so-logs-cloudflare_logpush.http_request-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cloudflare_logpush.magic_ids-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cloudflare_logpush.magic_ids -d@so-logs-cloudflare_logpush.magic_ids-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cloudflare_logpush.nel_report-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cloudflare_logpush.nel_report -d@so-logs-cloudflare_logpush.nel_report-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cloudflare_logpush.network_analytics-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cloudflare_logpush.network_analytics -d@so-logs-cloudflare_logpush.network_analytics-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cloudflare_logpush.network_session-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cloudflare_logpush.network_session -d@so-logs-cloudflare_logpush.network_session-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cloudflare_logpush.sinkhole_http-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cloudflare_logpush.sinkhole_http -d@so-logs-cloudflare_logpush.sinkhole_http-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cloudflare_logpush.spectrum_event-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cloudflare_logpush.spectrum_event -d@so-logs-cloudflare_logpush.spectrum_event-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-cloudflare_logpush.workers_trace-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-cloudflare_logpush.workers_trace -d@so-logs-cloudflare_logpush.workers_trace-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-crowdstrike.alert-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-crowdstrike.alert [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-crowdstrike.falcon-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-crowdstrike.falcon [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-crowdstrike.fdr-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-crowdstrike.fdr [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-crowdstrike.host-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-crowdstrike.host [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-darktrace.ai_analyst_alert-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-darktrace.ai_analyst_alert [email protected]_analyst_alert-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-darktrace.model_breach_alert-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-darktrace.model_breach_alert [email protected]_breach_alert-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-darktrace.system_status_alert-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-darktrace.system_status_alert [email protected]_status_alert-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-detections.alerts-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-detections.alerts [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-elastic_agent-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-elastic_agent -d@so-logs-elastic_agent-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-elastic_agent.apm_server-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-elastic_agent.apm_server -d@so-logs-elastic_agent.apm_server-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-elastic_agent.auditbeat-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-elastic_agent.auditbeat -d@so-logs-elastic_agent.auditbeat-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-elastic_agent.cloudbeat-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-elastic_agent.cloudbeat -d@so-logs-elastic_agent.cloudbeat-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-elastic_agent.endpoint_security-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-elastic_agent.endpoint_security -d@so-logs-elastic_agent.endpoint_security-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-elastic_agent.filebeat-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-elastic_agent.filebeat -d@so-logs-elastic_agent.filebeat-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-elastic_agent.fleet_server-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-elastic_agent.fleet_server -d@so-logs-elastic_agent.fleet_server-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-elastic_agent.heartbeat-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-elastic_agent.heartbeat -d@so-logs-elastic_agent.heartbeat-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-elastic_agent.metricbeat-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-elastic_agent.metricbeat -d@so-logs-elastic_agent.metricbeat-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-elastic_agent.osquerybeat-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-elastic_agent.osquerybeat -d@so-logs-elastic_agent.osquerybeat-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-elastic_agent.packetbeat-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-elastic_agent.packetbeat -d@so-logs-elastic_agent.packetbeat-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-endpoint.action.responses-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-endpoint.action.responses [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-endpoint.actions-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-endpoint.actions [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-endpoint.alerts-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-endpoint.alerts [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-endpoint.diagnostic.collection-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-endpoint.diagnostic.collection [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-endpoint.events.api-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-endpoint.events.api [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-endpoint.events.file-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-endpoint.events.file [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-endpoint.events.library-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-endpoint.events.library [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-endpoint.events.network-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-endpoint.events.network [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-endpoint.events.process-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-endpoint.events.process [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-endpoint.events.registry-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-endpoint.events.registry [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-endpoint.events.security-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-endpoint.events.security [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-endpoint.heartbeat-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-endpoint.heartbeat [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-f5_bigip.log-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-f5_bigip.log -d@so-logs-f5_bigip.log-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-fim.event-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-fim.event [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-fireeye.nx-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-fireeye.nx [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-fortinet.clientendpoint-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-fortinet.clientendpoint [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-fortinet.firewall-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-fortinet.firewall [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-fortinet.fortimail-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-fortinet.fortimail [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-fortinet.fortimanager-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-fortinet.fortimanager [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-fortinet_fortigate.log-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-fortinet_fortigate.log -d@so-logs-fortinet_fortigate.log-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-gcp.audit-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-gcp.audit [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-gcp.dns-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-gcp.dns [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-gcp.firewall-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-gcp.firewall [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-gcp.loadbalancing_logs-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-gcp.loadbalancing_logs [email protected]_logs-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-gcp.vpcflow-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-gcp.vpcflow [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-github.audit-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-github.audit [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-github.code_scanning-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-github.code_scanning [email protected]_scanning-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-github.dependabot-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-github.dependabot [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-github.issues-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-github.issues [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-github.secret_scanning-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-github.secret_scanning [email protected]_scanning-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-google_workspace.access_transparency-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-google_workspace.access_transparency -d@so-logs-google_workspace.access_transparency-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-google_workspace.admin-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-google_workspace.admin -d@so-logs-google_workspace.admin-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-google_workspace.alert-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-google_workspace.alert -d@so-logs-google_workspace.alert-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-google_workspace.context_aware_access-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-google_workspace.context_aware_access -d@so-logs-google_workspace.context_aware_access-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-google_workspace.device-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-google_workspace.device -d@so-logs-google_workspace.device-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-google_workspace.drive-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-google_workspace.drive -d@so-logs-google_workspace.drive-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-google_workspace.gcp-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-google_workspace.gcp -d@so-logs-google_workspace.gcp-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-google_workspace.group_enterprise-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-google_workspace.group_enterprise -d@so-logs-google_workspace.group_enterprise-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-google_workspace.groups-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-google_workspace.groups -d@so-logs-google_workspace.groups-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-google_workspace.login-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-google_workspace.login -d@so-logs-google_workspace.login-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-google_workspace.rules-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-google_workspace.rules -d@so-logs-google_workspace.rules-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-google_workspace.saml-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-google_workspace.saml -d@so-logs-google_workspace.saml-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-google_workspace.token-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-google_workspace.token -d@so-logs-google_workspace.token-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-google_workspace.user_accounts-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-google_workspace.user_accounts -d@so-logs-google_workspace.user_accounts-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-http_endpoint.generic-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-http_endpoint.generic -d@so-logs-http_endpoint.generic-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-httpjson.generic-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-httpjson.generic [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-iis.access-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-iis.access [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-iis.error-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-iis.error [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-imperva_cloud_waf.event-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-imperva_cloud_waf.event -d@so-logs-imperva_cloud_waf.event-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-juniper.junos-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-juniper.junos [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-juniper.netscreen-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-juniper.netscreen [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-juniper.srx-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-juniper.srx [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-juniper_srx.log-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-juniper_srx.log -d@so-logs-juniper_srx.log-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-kafka_log.generic-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-kafka_log.generic -d@so-logs-kafka_log.generic-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-lastpass.detailed_shared_folder-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-lastpass.detailed_shared_folder [email protected]_shared_folder-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-lastpass.event_report-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-lastpass.event_report [email protected]_report-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-lastpass.user-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-lastpass.user [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-m365_defender.event-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-m365_defender.event -d@so-logs-m365_defender.event-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-m365_defender.incident-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-m365_defender.incident -d@so-logs-m365_defender.incident-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-m365_defender.log-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-m365_defender.log -d@so-logs-m365_defender.log-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-microsoft_defender_endpoint.log-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-microsoft_defender_endpoint.log -d@so-logs-microsoft_defender_endpoint.log-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-microsoft_dhcp.log-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-microsoft_dhcp.log -d@so-logs-microsoft_dhcp.log-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-microsoft_sqlserver.audit-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-microsoft_sqlserver.audit -d@so-logs-microsoft_sqlserver.audit-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-microsoft_sqlserver.log-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-microsoft_sqlserver.log -d@so-logs-microsoft_sqlserver.log-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-mimecast.audit_events-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-mimecast.audit_events [email protected]_events-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-mimecast.dlp_logs-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-mimecast.dlp_logs [email protected]_logs-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-mimecast.siem_logs-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-mimecast.siem_logs [email protected]_logs-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-mimecast.threat_intel_malware_customer-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-mimecast.threat_intel_malware_customer [email protected]_intel_malware_customer-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-mimecast.threat_intel_malware_grid-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-mimecast.threat_intel_malware_grid [email protected]_intel_malware_grid-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-mimecast.ttp_ap_logs-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-mimecast.ttp_ap_logs [email protected]_ap_logs-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-mimecast.ttp_ip_logs-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-mimecast.ttp_ip_logs [email protected]_ip_logs-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-mimecast.ttp_url_logs-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-mimecast.ttp_url_logs [email protected]_url_logs-template.json -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-mysql.error-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-mysql.error [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-mysql.slowlog-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-mysql.slowlog [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-netflow.log-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-netflow.log [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-nginx.access-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-nginx.access [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-nginx.error-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-nginx.error [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-o365.audit-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-o365.audit [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-okta.system-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-okta.system [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-osquery-manager-action.responses-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-osquery-manager-action.responses [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-osquery-manager-actions-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-osquery-manager-actions [email protected] -XPUT
                  Results: {"acknowledged":true} (0)
                  Loading template file so-logs-osquery-manager.action.responses-template.json
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-osquery-manager.action.responses [email protected] -XPUT
                  Results: {"error":{"root_cause":[{"type":"invalid_index_template_exception","reason":"index_template [so-logs-osquery-manager.action.responses] invalid, cause [index template [so-logs-osquery-manager.action.responses] specifies a missing component templates [logs-osquery_manager.action.responses@package] that does not exist and is not part of 'ignore_missing_component_templates']"}],"type":"invalid_index_template_exception","reason":"index_template [so-logs-osquery-manager.action.responses] invalid, cause [index template [so-logs-osquery-manager.action.responses] specifies a missing component templates [logs-osquery_manager.action.responses@package] that does not exist and is not part of 'ignore_missing_component_templates']"},"status":400} (0)
                  Did not find expectedOutput: '{"acknowledged":true}' in the output below from running the command: 'so-elasticsearch-query _index_template/so-logs-osquery-manager.action.responses [email protected] -XPUT'
                  <Start of output>
                  {"error":{"root_cause":[{"type":"invalid_index_template_exception","reason":"index_template [so-logs-osquery-manager.action.responses] invalid, cause [index template [so-logs-osquery-manager.action.responses] specifies a missing component templates [logs-osquery_manager.action.responses@package] that does not exist and is not part of 'ignore_missing_component_templates']"}],"type":"invalid_index_template_exception","reason":"index_template [so-logs-osquery-manager.action.responses] invalid, cause [index template [so-logs-osquery-manager.action.responses] specifies a missing component templates [logs-osquery_manager.action.responses@package] that does not exist and is not part of 'ignore_missing_component_templates']"},"status":400}
                  <End of output>
                  Forcing exit code to 1
                  Command failed with exit code 1; will retry in 1 seconds (1 / 3)...
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-osquery-manager.action.responses [email protected] -XPUT
                  Results: {"error":{"root_cause":[{"type":"invalid_index_template_exception","reason":"index_template [so-logs-osquery-manager.action.responses] invalid, cause [index template [so-logs-osquery-manager.action.responses] specifies a missing component templates [logs-osquery_manager.action.responses@package] that does not exist and is not part of 'ignore_missing_component_templates']"}],"type":"invalid_index_template_exception","reason":"index_template [so-logs-osquery-manager.action.responses] invalid, cause [index template [so-logs-osquery-manager.action.responses] specifies a missing component templates [logs-osquery_manager.action.responses@package] that does not exist and is not part of 'ignore_missing_component_templates']"},"status":400} (0)
                  Did not find expectedOutput: '{"acknowledged":true}' in the output below from running the command: 'so-elasticsearch-query _index_template/so-logs-osquery-manager.action.responses [email protected] -XPUT'
                  <Start of output>
                  {"error":{"root_cause":[{"type":"invalid_index_template_exception","reason":"index_template [so-logs-osquery-manager.action.responses] invalid, cause [index template [so-logs-osquery-manager.action.responses] specifies a missing component templates [logs-osquery_manager.action.responses@package] that does not exist and is not part of 'ignore_missing_component_templates']"}],"type":"invalid_index_template_exception","reason":"index_template [so-logs-osquery-manager.action.responses] invalid, cause [index template [so-logs-osquery-manager.action.responses] specifies a missing component templates [logs-osquery_manager.action.responses@package] that does not exist and is not part of 'ignore_missing_component_templates']"},"status":400}
                  <End of output>
                  Forcing exit code to 1
                  Command failed with exit code 1; will retry in 1 seconds (2 / 3)...
                  Executing command with retry support: so-elasticsearch-query _index_template/so-logs-osquery-manager.action.responses [email protected] -XPUT
                  Results: {"error":{"root_cause":[{"type":"invalid_index_template_exception","reason":"index_template [so-logs-osquery-manager.action.responses] invalid, cause [index template [so-logs-osquery-manager.action.responses] specifies a missing component templates [logs-osquery_manager.action.responses@package] that does not exist and is not part of 'ignore_missing_component_templates']"}],"type":"invalid_index_template_exception","reason":"index_template [so-logs-osquery-manager.action.responses] invalid, cause [index template [so-logs-osquery-manager.action.responses] specifies a missing component templates [logs-osquery_manager.action.responses@package] that does not exist and is not part of 'ignore_missing_component_templates']"},"status":400} (0)
                  Did not find expectedOutput: '{"acknowledged":true}' in the output below from running the command: 'so-elasticsearch-query _index_template/so-logs-osquery-manager.action.responses [email protected] -XPUT'
                  <Start of output>
                  {"error":{"root_cause":[{"type":"invalid_index_template_exception","reason":"index_template [so-logs-osquery-manager.action.responses] invalid, cause [index template [so-logs-osquery-manager.action.responses] specifies a missing component templates [logs-osquery_manager.action.responses@package] that does not exist and is not part of 'ignore_missing_component_templates']"}],"type":"invalid_index_template_exception","reason":"index_template [so-logs-osquery-manager.action.responses] invalid, cause [index template [so-logs-osquery-manager.action.responses] specifies a missing component templates [logs-osquery_manager.action.responses@package] that does not exist and is not part of 'ignore_missing_component_templates']"},"status":400}
                  <End of output>
                  Forcing exit code to 1
                  Command failed with exit code 1; will retry in 1 seconds (3 / 3)...
                  Command continues to fail; giving up.
                  ERROR: Could not load template file: so-logs-osquery-manager.action.responses-template.json
                  Exiting.

The file /opt/so/conf/elasticsearch/templates/index/so-logs-osquery-manager.action.responses-template.json does exist and has this contents:

{
 "_meta": {
  "managed": true,
  "managed_by": "security_onion",
  "package": {
   "name": "elastic_agent"
  }
 },
 "data_stream": {
  "allow_custom_routing": false,
  "hidden": false
 },
 "composed_of": [
  "logs-osquery_manager.action.responses@package",
  "logs-osquery_manager.action.responses@custom",
  "so-fleet_integrations.ip_mappings-1",
  "so-fleet_globals-1",
  "so-fleet_agent_id_verification-1"
 ],
 "ignore_missing_component_templates": [
  "logs-osquery_manager.action.responses@custom"
 ],
 "index_patterns": [
  "logs-osquery_manager.action.responses*"
 ],
 "priority": 501,
 "template": {
  "settings": {
   "lifecycle": {
    "name": "so-logs-osquery-manager.action.responses-logs"
   },
   "index": {
    "number_of_replicas": 0
   }
  }
 }
}

[Ximalas]

So far, all is good within the manager, according to sudo salt \* so.status:

so-man_manager:

                            Security Onion Status
                             Container │ Status  │                Details
    ───────────────────────────────────┼─────────┼────────────────────────
                     so-dockerregistry │ running │             Up 2 hours
                         so-elastalert │ running │           Up 4 minutes
                      so-elastic-fleet │ running │           Up 3 minutes
     so-elastic-fleet-package-registry │ running │ Up 4 minutes (healthy)
                      so-elasticsearch │ running │           Up 6 minutes
                           so-idstools │ running │           Up 6 minutes
                           so-influxdb │ running │ Up 7 minutes (healthy)
                             so-kibana │ running │           Up 4 minutes
                             so-kratos │ running │             Up 2 hours
                           so-logstash │ running │           Up 4 minutes
                              so-nginx │ running │ Up 7 minutes (healthy)
                              so-redis │ running │           Up 4 minutes
                          so-sensoroni │ running │           Up 6 minutes
                                so-soc │ running │           Up 6 minutes
                           so-telegraf │ running │           Up 6 minutes

     ✔ This onion is ready to make your adversaries cry!

[Ximalas]

My initial problem, accessing the configuration tree, has been solved.