Load ingest pipelines
editLoad ingest pipelines
editPacketbeat modules are implemented using Elasticsearch ingest node pipelines. The events receive their transformations within Elasticsearch. The ingest node pipelines must be loaded into Elasticsearch. This can happen one of several ways.
On connection to Elasticsearch
editPacketbeat will send ingest pipelines automatically to Elasticsearch if the Elasticsearch output is enabled.
Make sure the user specified in packetbeat.yml
is
authorized to set up Packetbeat.
If Packetbeat is sending events to Logstash or another output you need
to load the ingest pipelines with the setup
command or manually.
Manually install pipelines
editPipelines can be loaded them into Elasticsearch with the _ingest/pipeline
REST API
call. The user making the REST API call will need to have the ingest_admin
role assigned to them.