diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml
index e1a2d192f1..446c6033d6 100644
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -9101,6 +9101,7 @@ elasticsearch:
         - logs-system.auth@custom
         - so-fleet_globals-1
         - so-fleet_agent_id_verification-1
+        - so-system
         data_stream:
           allow_custom_routing: false
           hidden: false
@@ -9195,6 +9196,7 @@ elasticsearch:
         - logs-system.syslog@custom
         - so-fleet_globals-1
         - so-fleet_agent_id_verification-1
+        - so-system
         data_stream:
           allow_custom_routing: false
           hidden: false
diff --git a/salt/elasticsearch/templates/component/so/so-system-mappings.json b/salt/elasticsearch/templates/component/so/so-system-mappings.json
new file mode 100644
index 0000000000..f86c427a6e
--- /dev/null
+++ b/salt/elasticsearch/templates/component/so/so-system-mappings.json
@@ -0,0 +1,29 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "host": {
+	  "properties":{
+            "ip": {
+              "type": "ip"
+            }
+	  }
+	},
+	"related": {
+          "properties":{
+            "ip": {
+              "type": "ip"
+            }
+          }
+        },
+	"source": {
+          "properties":{
+            "ip": {
+              "type": "ip"
+            }
+          }
+        }
+      }
+    }
+  }
+}