Returns information about one or more ingest pipelines Added in 5.0.0
This API returns a local reference of the pipeline.
Query parameters
-
master_timeout string
Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
-
summary boolean
Return pipelines without their definitions (default: false)
Responses
-
200 application/json
Hide response attribute Show response attribute object
-
Additional properties are allowed.
Hide * attributes Show * attributes object
-
description string
Description of the ingest pipeline.
-
on_failure array[object]
Processors to run immediately after a processor failure.
Hide on_failure attributes Show on_failure attributes object
-
append object
Additional properties are allowed.
Hide append attributes Show append attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
allow_duplicates boolean
If
false
, the processor does not append values already present in the field.
-
-
attachment object
Additional properties are allowed.
Hide attachment attributes Show attachment attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
and field does not exist, the processor quietly exits without modifying the document. -
indexed_chars number
The number of chars being used for extraction to prevent huge fields. Use
-1
for no limit. -
indexed_chars_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
properties array[string]
Array of properties to select to be stored. Can be
content
,title
,name
,author
,keywords
,date
,content_type
,content_length
,language
. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
remove_binary boolean
If true, the binary field will be removed from the document
-
resource_name string
Field containing the name of the resource to decode. If specified, the processor passes this resource name to the underlying Tika library to enable Resource Name Based Detection.
-
-
bytes object
Additional properties are allowed.
Hide bytes attributes Show bytes attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
circle object
Additional properties are allowed.
Hide circle attributes Show circle attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
The difference between the resulting inscribed distance from center to side and the circle’s radius (measured in meters for
geo_shape
, unit-less forshape
). -
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
Values are
geo_shape
orshape
. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
community_id object
Additional properties are allowed.
Hide community_id attributes Show community_id attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
source_ip string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
source_port string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
destination_ip string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
destination_port string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
iana_number string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
icmp_type string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
icmp_code string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
transport string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
seed number
Seed for the community ID hash. Must be between 0 and 65535 (inclusive). The seed can prevent hash collisions between network domains, such as a staging and production network that use the same addressing scheme.
-
ignore_missing boolean
If true and any required fields are missing, the processor quietly exits without modifying the document.
-
-
convert object
Additional properties are allowed.
Hide convert attributes Show convert attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
Values are
integer
,long
,double
,float
,boolean
,ip
,string
, orauto
.
-
-
csv object
Additional properties are allowed.
Hide csv attributes Show csv attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
empty_value object
Value used to fill empty fields. Empty fields are skipped if this is not provided. An empty field is one with no value (2 consecutive separators) or empty quotes (
""
).Additional properties are allowed.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
quote string
Quote used in CSV, has to be single character string.
-
separator string
Separator used in CSV, has to be single character string.
-
trim boolean
Trim whitespaces in unquoted fields.
-
-
date object
Additional properties are allowed.
Hide date attributes Show date attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
An array of the expected date formats. Can be a java time pattern or one of the following formats: ISO8601, UNIX, UNIX_MS, or TAI64N.
-
locale string
The locale to use when parsing the date, relevant when parsing month names or week days. Supports template snippets.
-
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
timezone string
The timezone to use when parsing the date. Supports template snippets.
-
output_format string
The format to use when writing the date to target_field. Must be a valid java time pattern.
-
-
date_index_name object
Additional properties are allowed.
Hide date_index_name attributes Show date_index_name attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
An array of the expected date formats for parsing dates / timestamps in the document being preprocessed. Can be a java time pattern or one of the following formats: ISO8601, UNIX, UNIX_MS, or TAI64N.
-
How to round the date when formatting the date into the index name. Valid values are:
y
(year),M
(month),w
(week),d
(day),h
(hour),m
(minute) ands
(second). Supports template snippets. -
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
index_name_format string
The format to be used when printing the parsed date into the index name. A valid java time pattern is expected here. Supports template snippets.
-
index_name_prefix string
A prefix of the index name to be prepended before the printed date. Supports template snippets.
-
locale string
The locale to use when parsing the date from the document being preprocessed, relevant when parsing month names or week days.
-
timezone string
The timezone to use when parsing the date and when date math index supports resolves expressions into concrete index names.
-
-
dissect object
Additional properties are allowed.
Hide dissect attributes Show dissect attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
append_separator string
The character(s) that separate the appended fields.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document. -
The pattern to apply to the field.
-
-
dot_expander object
Additional properties are allowed.
Hide dot_expander attributes Show dot_expander attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
override boolean
Controls the behavior when there is already an existing nested object that conflicts with the expanded field. When
false
, the processor will merge conflicts by combining the old and the new values into an array. Whentrue
, the value from the expanded field will overwrite the existing value. -
path string
The field that contains the field to expand. Only required if the field to expand is part another object field, because the
field
option can only understand leaf fields.
-
-
drop object
Additional properties are allowed.
Hide drop attributes Show drop attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
-
enrich object
Additional properties are allowed.
Hide enrich attributes Show enrich attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
max_matches number
The maximum number of matched documents to include under the configured target field. The
target_field
will be turned into a json array ifmax_matches
is higher than 1, otherwisetarget_field
will become a json object. In order to avoid documents getting too large, the maximum allowed value is 128. -
override boolean
If processor will update fields with pre-existing non-null-valued field. When set to
false
, such fields will not be touched. -
The name of the enrich policy to use.
-
shape_relation string
Values are
intersects
,disjoint
,within
, orcontains
. -
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
fail object
Additional properties are allowed.
Hide fail attributes Show fail attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
The error message thrown by the processor. Supports template snippets.
-
-
fingerprint object
Additional properties are allowed.
Hide fingerprint attributes Show fingerprint attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
salt string
Salt value for the hash function.
-
method string
Values are
MD5
,SHA-1
,SHA-256
,SHA-512
, orMurmurHash3
. -
ignore_missing boolean
If true, the processor ignores any missing fields. If all fields are missing, the processor silently exits without modifying the document.
-
-
foreach object
Additional properties are allowed.
Hide foreach attributes Show foreach attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
, the processor silently exits without changing the document if thefield
isnull
or missing. -
Additional properties are allowed.
-
-
ip_location object
Additional properties are allowed.
Hide ip_location attributes Show ip_location attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
database_file string
The database filename referring to a database the module ships with (GeoLite2-City.mmdb, GeoLite2-Country.mmdb, or GeoLite2-ASN.mmdb) or a custom database in the ingest-geoip config directory.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
first_only boolean
If
true
, only the first found IP location data will be returned, even if the field contains an array. -
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
properties array[string]
Controls what properties are added to the
target_field
based on the IP location lookup. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
If
true
(and ifingest.geoip.downloader.eager.download
isfalse
), the missing database is downloaded when the pipeline is created. Else, the download is triggered by when the pipeline is used as thedefault_pipeline
orfinal_pipeline
in an index.
-
-
geo_grid object
Additional properties are allowed.
Hide geo_grid attributes Show geo_grid attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
The field to interpret as a geo-tile.= The field format is determined by the
tile_type
. -
Values are
geotile
,geohex
, orgeohash
. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
parent_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
children_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
non_children_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
precision_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
target_format string
Values are
geojson
orwkt
.
-
-
geoip object
Additional properties are allowed.
Hide geoip attributes Show geoip attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
database_file string
The database filename referring to a database the module ships with (GeoLite2-City.mmdb, GeoLite2-Country.mmdb, or GeoLite2-ASN.mmdb) or a custom database in the ingest-geoip config directory.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
first_only boolean
If
true
, only the first found geoip data will be returned, even if the field contains an array. -
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
properties array[string]
Controls what properties are added to the
target_field
based on the geoip lookup. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
If
true
(and ifingest.geoip.downloader.eager.download
isfalse
), the missing database is downloaded when the pipeline is created. Else, the download is triggered by when the pipeline is used as thedefault_pipeline
orfinal_pipeline
in an index.
-
-
grok object
Additional properties are allowed.
Hide grok attributes Show grok attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
ecs_compatibility string
Must be disabled or v1. If v1, the processor uses patterns with Elastic Common Schema (ECS) field names.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document. -
pattern_definitions object
A map of pattern-name and pattern tuples defining custom patterns to be used by the current processor. Patterns matching existing names will override the pre-existing definition.
-
An ordered list of grok expression to match and extract named captures with. Returns on the first expression in the list that matches.
-
trace_match boolean
When
true
,_ingest._grok_match_index
will be inserted into your matched document’s metadata with the index into the pattern found inpatterns
that matched.
-
-
gsub object
Additional properties are allowed.
Hide gsub attributes Show gsub attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document. -
The pattern to be replaced.
-
The string to replace the matching patterns with.
-
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
html_strip object
Additional properties are allowed.
Hide html_strip attributes Show html_strip attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document, -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
inference object
Additional properties are allowed.
Hide inference attributes Show inference attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
field_map object
Maps the document field names to the known field names of the model. This mapping takes precedence over any default mappings provided in the model configuration.
-
inference_config object
Additional properties are allowed.
-
-
join object
Additional properties are allowed.
Hide join attributes Show join attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
The separator character.
-
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
json object
Additional properties are allowed.
Hide json attributes Show json attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
add_to_root boolean
Flag that forces the parsed JSON to be added at the top level of the document.
target_field
must not be set when this option is chosen. -
Values are
replace
ormerge
. -
allow_duplicate_keys boolean
When set to
true
, the JSON parser will not fail if the JSON contains duplicate keys. Instead, the last encountered value for any duplicate key wins. -
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
kv object
Additional properties are allowed.
Hide kv attributes Show kv attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
exclude_keys array[string]
List of keys to exclude from document.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
Regex pattern to use for splitting key-value pairs.
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document. -
include_keys array[string]
List of keys to filter and insert into document. Defaults to including all keys.
-
prefix string
Prefix to be added to extracted keys.
-
strip_brackets boolean
If
true
. strip brackets()
,<>
,[]
as well as quotes'
and"
from extracted values. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
trim_key string
String of characters to trim from extracted keys.
-
trim_value string
String of characters to trim from extracted values.
-
Regex pattern to use for splitting the key from the value within a key-value pair.
-
-
lowercase object
Additional properties are allowed.
Hide lowercase attributes Show lowercase attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
network_direction object
Additional properties are allowed.
Hide network_direction attributes Show network_direction attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
source_ip string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
destination_ip string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
internal_networks array[string]
List of internal networks. Supports IPv4 and IPv6 addresses and ranges in CIDR notation. Also supports the named ranges listed below. These may be constructed with template snippets. Must specify only one of internal_networks or internal_networks_field.
-
internal_networks_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If true and any required fields are missing, the processor quietly exits without modifying the document.
-
-
pipeline object
Additional properties are allowed.
Hide pipeline attributes Show pipeline attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
ignore_missing_pipeline boolean
Whether to ignore missing pipelines instead of failing.
-
-
redact object
Additional properties are allowed.
Hide redact attributes Show redact attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
A list of grok expressions to match and redact named captures with
-
pattern_definitions object
-
prefix string
Start a redacted section with this token
-
suffix string
End a redacted section with this token
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document. -
skip_if_unlicensed boolean
If
true
and the current license does not support running redact processors, then the processor quietly exits without modifying the document -
trace_redact boolean
If
true
then ingest metadata_ingest._redact._is_redacted
is set totrue
if the document has been redacted
-
-
registered_domain object
Additional properties are allowed.
Hide registered_domain attributes Show registered_domain attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If true and any required fields are missing, the processor quietly exits without modifying the document.
-
-
remove object
Additional properties are allowed.
Hide remove attributes Show remove attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
keep string | array[string]
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document.
-
-
rename object
Additional properties are allowed.
Hide rename attributes Show rename attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
reroute object
Additional properties are allowed.
Hide reroute attributes Show reroute attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
destination string
A static value for the target. Can’t be set when the dataset or namespace option is set.
-
-
script object
Additional properties are allowed.
Hide script attributes Show script attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
id string
-
lang string
Script language.
-
params object
Object containing parameters for the script.
-
source string
Inline script. If no
id
is specified, this parameter is required.
-
-
set object
Additional properties are allowed.
Hide set attributes Show set attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
copy_from string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_empty_value boolean
If
true
andvalue
is a template snippet that evaluates tonull
or the empty string, the processor quietly exits without modifying the document. -
media_type string
The media type for encoding
value
. Applies only when value is a template snippet. Must be one ofapplication/json
,text/plain
, orapplication/x-www-form-urlencoded
. -
override boolean
If
true
processor will update fields with pre-existing non-null-valued field. When set tofalse
, such fields will not be touched. -
value object
The value to be set for the field. Supports template snippets. May specify only one of
value
orcopy_from
.Additional properties are allowed.
-
-
set_security_user object
Additional properties are allowed.
Hide set_security_user attributes Show set_security_user attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
properties array[string]
Controls what user related properties are added to the field.
-
-
sort object
Additional properties are allowed.
Hide sort attributes Show sort attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
order string
Values are
asc
ordesc
. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
split object
Additional properties are allowed.
Hide split attributes Show split attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
preserve_trailing boolean
Preserves empty trailing fields, if any.
-
A regex which matches the separator, for example,
,
or\s+
. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
terminate object
Additional properties are allowed.
Hide terminate attributes Show terminate attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
-
trim object
Additional properties are allowed.
Hide trim attributes Show trim attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
uppercase object
Additional properties are allowed.
Hide uppercase attributes Show uppercase attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
urldecode object
Additional properties are allowed.
Hide urldecode attributes Show urldecode attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
uri_parts object
Additional properties are allowed.
Hide uri_parts attributes Show uri_parts attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
keep_original boolean
If
true
, the processor copies the unparsed URI to<target_field>.original
. -
remove_if_successful boolean
If
true
, the processor removes thefield
after parsing the URI string. If parsing fails, the processor does not remove thefield
. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
user_agent object
Additional properties are allowed.
Hide user_agent attributes Show user_agent attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
regex_file string
The name of the file in the
config/ingest-user-agent
directory containing the regular expressions for parsing the user agent string. Both the directory and the file have to be created before starting Elasticsearch. If not specified, ingest-user-agent will use theregexes.yaml
from uap-core it ships with. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
properties array[string]
Controls what properties are added to
target_field
.Values are
name
,os
,device
,original
, orversion
. -
Extracts device type from the user agent string on a best-effort basis.
-
-
-
processors array[object]
Processors used to perform transformations on documents before indexing. Processors run sequentially in the order specified.
Hide processors attributes Show processors attributes object
-
append object
Additional properties are allowed.
Hide append attributes Show append attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
allow_duplicates boolean
If
false
, the processor does not append values already present in the field.
-
-
attachment object
Additional properties are allowed.
Hide attachment attributes Show attachment attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
and field does not exist, the processor quietly exits without modifying the document. -
indexed_chars number
The number of chars being used for extraction to prevent huge fields. Use
-1
for no limit. -
indexed_chars_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
properties array[string]
Array of properties to select to be stored. Can be
content
,title
,name
,author
,keywords
,date
,content_type
,content_length
,language
. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
remove_binary boolean
If true, the binary field will be removed from the document
-
resource_name string
Field containing the name of the resource to decode. If specified, the processor passes this resource name to the underlying Tika library to enable Resource Name Based Detection.
-
-
bytes object
Additional properties are allowed.
Hide bytes attributes Show bytes attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
circle object
Additional properties are allowed.
Hide circle attributes Show circle attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
The difference between the resulting inscribed distance from center to side and the circle’s radius (measured in meters for
geo_shape
, unit-less forshape
). -
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
Values are
geo_shape
orshape
. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
community_id object
Additional properties are allowed.
Hide community_id attributes Show community_id attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
source_ip string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
source_port string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
destination_ip string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
destination_port string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
iana_number string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
icmp_type string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
icmp_code string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
transport string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
seed number
Seed for the community ID hash. Must be between 0 and 65535 (inclusive). The seed can prevent hash collisions between network domains, such as a staging and production network that use the same addressing scheme.
-
ignore_missing boolean
If true and any required fields are missing, the processor quietly exits without modifying the document.
-
-
convert object
Additional properties are allowed.
Hide convert attributes Show convert attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
Values are
integer
,long
,double
,float
,boolean
,ip
,string
, orauto
.
-
-
csv object
Additional properties are allowed.
Hide csv attributes Show csv attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
empty_value object
Value used to fill empty fields. Empty fields are skipped if this is not provided. An empty field is one with no value (2 consecutive separators) or empty quotes (
""
).Additional properties are allowed.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
quote string
Quote used in CSV, has to be single character string.
-
separator string
Separator used in CSV, has to be single character string.
-
trim boolean
Trim whitespaces in unquoted fields.
-
-
date object
Additional properties are allowed.
Hide date attributes Show date attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
An array of the expected date formats. Can be a java time pattern or one of the following formats: ISO8601, UNIX, UNIX_MS, or TAI64N.
-
locale string
The locale to use when parsing the date, relevant when parsing month names or week days. Supports template snippets.
-
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
timezone string
The timezone to use when parsing the date. Supports template snippets.
-
output_format string
The format to use when writing the date to target_field. Must be a valid java time pattern.
-
-
date_index_name object
Additional properties are allowed.
Hide date_index_name attributes Show date_index_name attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
An array of the expected date formats for parsing dates / timestamps in the document being preprocessed. Can be a java time pattern or one of the following formats: ISO8601, UNIX, UNIX_MS, or TAI64N.
-
How to round the date when formatting the date into the index name. Valid values are:
y
(year),M
(month),w
(week),d
(day),h
(hour),m
(minute) ands
(second). Supports template snippets. -
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
index_name_format string
The format to be used when printing the parsed date into the index name. A valid java time pattern is expected here. Supports template snippets.
-
index_name_prefix string
A prefix of the index name to be prepended before the printed date. Supports template snippets.
-
locale string
The locale to use when parsing the date from the document being preprocessed, relevant when parsing month names or week days.
-
timezone string
The timezone to use when parsing the date and when date math index supports resolves expressions into concrete index names.
-
-
dissect object
Additional properties are allowed.
Hide dissect attributes Show dissect attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
append_separator string
The character(s) that separate the appended fields.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document. -
The pattern to apply to the field.
-
-
dot_expander object
Additional properties are allowed.
Hide dot_expander attributes Show dot_expander attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
override boolean
Controls the behavior when there is already an existing nested object that conflicts with the expanded field. When
false
, the processor will merge conflicts by combining the old and the new values into an array. Whentrue
, the value from the expanded field will overwrite the existing value. -
path string
The field that contains the field to expand. Only required if the field to expand is part another object field, because the
field
option can only understand leaf fields.
-
-
drop object
Additional properties are allowed.
Hide drop attributes Show drop attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
-
enrich object
Additional properties are allowed.
Hide enrich attributes Show enrich attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
max_matches number
The maximum number of matched documents to include under the configured target field. The
target_field
will be turned into a json array ifmax_matches
is higher than 1, otherwisetarget_field
will become a json object. In order to avoid documents getting too large, the maximum allowed value is 128. -
override boolean
If processor will update fields with pre-existing non-null-valued field. When set to
false
, such fields will not be touched. -
The name of the enrich policy to use.
-
shape_relation string
Values are
intersects
,disjoint
,within
, orcontains
. -
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
fail object
Additional properties are allowed.
Hide fail attributes Show fail attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
The error message thrown by the processor. Supports template snippets.
-
-
fingerprint object
Additional properties are allowed.
Hide fingerprint attributes Show fingerprint attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
salt string
Salt value for the hash function.
-
method string
Values are
MD5
,SHA-1
,SHA-256
,SHA-512
, orMurmurHash3
. -
ignore_missing boolean
If true, the processor ignores any missing fields. If all fields are missing, the processor silently exits without modifying the document.
-
-
foreach object
Additional properties are allowed.
Hide foreach attributes Show foreach attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
, the processor silently exits without changing the document if thefield
isnull
or missing. -
Additional properties are allowed.
-
-
ip_location object
Additional properties are allowed.
Hide ip_location attributes Show ip_location attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
database_file string
The database filename referring to a database the module ships with (GeoLite2-City.mmdb, GeoLite2-Country.mmdb, or GeoLite2-ASN.mmdb) or a custom database in the ingest-geoip config directory.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
first_only boolean
If
true
, only the first found IP location data will be returned, even if the field contains an array. -
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
properties array[string]
Controls what properties are added to the
target_field
based on the IP location lookup. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
If
true
(and ifingest.geoip.downloader.eager.download
isfalse
), the missing database is downloaded when the pipeline is created. Else, the download is triggered by when the pipeline is used as thedefault_pipeline
orfinal_pipeline
in an index.
-
-
geo_grid object
Additional properties are allowed.
Hide geo_grid attributes Show geo_grid attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
The field to interpret as a geo-tile.= The field format is determined by the
tile_type
. -
Values are
geotile
,geohex
, orgeohash
. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
parent_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
children_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
non_children_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
precision_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
target_format string
Values are
geojson
orwkt
.
-
-
geoip object
Additional properties are allowed.
Hide geoip attributes Show geoip attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
database_file string
The database filename referring to a database the module ships with (GeoLite2-City.mmdb, GeoLite2-Country.mmdb, or GeoLite2-ASN.mmdb) or a custom database in the ingest-geoip config directory.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
first_only boolean
If
true
, only the first found geoip data will be returned, even if the field contains an array. -
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
properties array[string]
Controls what properties are added to the
target_field
based on the geoip lookup. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
If
true
(and ifingest.geoip.downloader.eager.download
isfalse
), the missing database is downloaded when the pipeline is created. Else, the download is triggered by when the pipeline is used as thedefault_pipeline
orfinal_pipeline
in an index.
-
-
grok object
Additional properties are allowed.
Hide grok attributes Show grok attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
ecs_compatibility string
Must be disabled or v1. If v1, the processor uses patterns with Elastic Common Schema (ECS) field names.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document. -
pattern_definitions object
A map of pattern-name and pattern tuples defining custom patterns to be used by the current processor. Patterns matching existing names will override the pre-existing definition.
-
An ordered list of grok expression to match and extract named captures with. Returns on the first expression in the list that matches.
-
trace_match boolean
When
true
,_ingest._grok_match_index
will be inserted into your matched document’s metadata with the index into the pattern found inpatterns
that matched.
-
-
gsub object
Additional properties are allowed.
Hide gsub attributes Show gsub attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document. -
The pattern to be replaced.
-
The string to replace the matching patterns with.
-
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
html_strip object
Additional properties are allowed.
Hide html_strip attributes Show html_strip attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document, -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
inference object
Additional properties are allowed.
Hide inference attributes Show inference attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
field_map object
Maps the document field names to the known field names of the model. This mapping takes precedence over any default mappings provided in the model configuration.
-
inference_config object
Additional properties are allowed.
-
-
join object
Additional properties are allowed.
Hide join attributes Show join attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
The separator character.
-
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
json object
Additional properties are allowed.
Hide json attributes Show json attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
add_to_root boolean
Flag that forces the parsed JSON to be added at the top level of the document.
target_field
must not be set when this option is chosen. -
Values are
replace
ormerge
. -
allow_duplicate_keys boolean
When set to
true
, the JSON parser will not fail if the JSON contains duplicate keys. Instead, the last encountered value for any duplicate key wins. -
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
kv object
Additional properties are allowed.
Hide kv attributes Show kv attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
exclude_keys array[string]
List of keys to exclude from document.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
Regex pattern to use for splitting key-value pairs.
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document. -
include_keys array[string]
List of keys to filter and insert into document. Defaults to including all keys.
-
prefix string
Prefix to be added to extracted keys.
-
strip_brackets boolean
If
true
. strip brackets()
,<>
,[]
as well as quotes'
and"
from extracted values. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
trim_key string
String of characters to trim from extracted keys.
-
trim_value string
String of characters to trim from extracted values.
-
Regex pattern to use for splitting the key from the value within a key-value pair.
-
-
lowercase object
Additional properties are allowed.
Hide lowercase attributes Show lowercase attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
network_direction object
Additional properties are allowed.
Hide network_direction attributes Show network_direction attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
source_ip string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
destination_ip string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
internal_networks array[string]
List of internal networks. Supports IPv4 and IPv6 addresses and ranges in CIDR notation. Also supports the named ranges listed below. These may be constructed with template snippets. Must specify only one of internal_networks or internal_networks_field.
-
internal_networks_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If true and any required fields are missing, the processor quietly exits without modifying the document.
-
-
pipeline object
Additional properties are allowed.
Hide pipeline attributes Show pipeline attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
ignore_missing_pipeline boolean
Whether to ignore missing pipelines instead of failing.
-
-
redact object
Additional properties are allowed.
Hide redact attributes Show redact attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
A list of grok expressions to match and redact named captures with
-
pattern_definitions object
-
prefix string
Start a redacted section with this token
-
suffix string
End a redacted section with this token
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document. -
skip_if_unlicensed boolean
If
true
and the current license does not support running redact processors, then the processor quietly exits without modifying the document -
trace_redact boolean
If
true
then ingest metadata_ingest._redact._is_redacted
is set totrue
if the document has been redacted
-
-
registered_domain object
Additional properties are allowed.
Hide registered_domain attributes Show registered_domain attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If true and any required fields are missing, the processor quietly exits without modifying the document.
-
-
remove object
Additional properties are allowed.
Hide remove attributes Show remove attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
keep string | array[string]
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document.
-
-
rename object
Additional properties are allowed.
Hide rename attributes Show rename attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
reroute object
Additional properties are allowed.
Hide reroute attributes Show reroute attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
destination string
A static value for the target. Can’t be set when the dataset or namespace option is set.
-
-
script object
Additional properties are allowed.
Hide script attributes Show script attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
id string
-
lang string
Script language.
-
params object
Object containing parameters for the script.
-
source string
Inline script. If no
id
is specified, this parameter is required.
-
-
set object
Additional properties are allowed.
Hide set attributes Show set attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
copy_from string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_empty_value boolean
If
true
andvalue
is a template snippet that evaluates tonull
or the empty string, the processor quietly exits without modifying the document. -
media_type string
The media type for encoding
value
. Applies only when value is a template snippet. Must be one ofapplication/json
,text/plain
, orapplication/x-www-form-urlencoded
. -
override boolean
If
true
processor will update fields with pre-existing non-null-valued field. When set tofalse
, such fields will not be touched. -
value object
The value to be set for the field. Supports template snippets. May specify only one of
value
orcopy_from
.Additional properties are allowed.
-
-
set_security_user object
Additional properties are allowed.
Hide set_security_user attributes Show set_security_user attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
properties array[string]
Controls what user related properties are added to the field.
-
-
sort object
Additional properties are allowed.
Hide sort attributes Show sort attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
order string
Values are
asc
ordesc
. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
split object
Additional properties are allowed.
Hide split attributes Show split attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
preserve_trailing boolean
Preserves empty trailing fields, if any.
-
A regex which matches the separator, for example,
,
or\s+
. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
terminate object
Additional properties are allowed.
Hide terminate attributes Show terminate attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
-
trim object
Additional properties are allowed.
Hide trim attributes Show trim attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
uppercase object
Additional properties are allowed.
Hide uppercase attributes Show uppercase attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
urldecode object
Additional properties are allowed.
Hide urldecode attributes Show urldecode attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist or isnull
, the processor quietly exits without modifying the document. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
uri_parts object
Additional properties are allowed.
Hide uri_parts attributes Show uri_parts attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
keep_original boolean
If
true
, the processor copies the unparsed URI to<target_field>.original
. -
remove_if_successful boolean
If
true
, the processor removes thefield
after parsing the URI string. If parsing fails, the processor does not remove thefield
. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
user_agent object
Additional properties are allowed.
Hide user_agent attributes Show user_agent attributes object
-
description string
Description of the processor. Useful for describing the purpose of the processor or its configuration.
-
if string
Conditionally execute the processor.
-
ignore_failure boolean
Ignore failures for the processor.
-
on_failure array[object]
Handle failures for the processor.
-
tag string
Identifier for the processor. Useful for debugging and metrics.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
ignore_missing boolean
If
true
andfield
does not exist, the processor quietly exits without modifying the document. -
regex_file string
The name of the file in the
config/ingest-user-agent
directory containing the regular expressions for parsing the user agent string. Both the directory and the file have to be created before starting Elasticsearch. If not specified, ingest-user-agent will use theregexes.yaml
from uap-core it ships with. -
target_field string
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
properties array[string]
Controls what properties are added to
target_field
.Values are
name
,os
,device
,original
, orversion
. -
Extracts device type from the user agent string on a best-effort basis.
-
-
-
version number
-
deprecated boolean
Marks this ingest pipeline as deprecated. When a deprecated ingest pipeline is referenced as the default or final pipeline when creating or updating a non-deprecated index template, Elasticsearch will emit a deprecation warning.
-
_meta object
Hide _meta attribute Show _meta attribute object
-
Additional properties are allowed.
-
-
-
curl \
-X GET http://api.example.com/_ingest/pipeline