AbuseCH and enrichment on custom pipeline

Hi there,

I have a simple question about abuseCH integration and field enrichment of abuseCH to an other index.
When a create my enrich policy, I don't have an error:

PUT /_enrich/policy/abusechurl-enrich-policy
 {
  "match": {
    "indices": "logs-ti_abusech.url-*",
    "match_field": "threat.indicator.ip",
    "enrich_fields": ["threat.indicator.ip", "abusech.url.blacklists.spamhaus_dbl", "abusech.url.blacklists.surbl", "threat.indicator.provider", "abusech.url.tags"]
  }
}

Then, when I want to create my enrichmnent processor on the other custom pipeline , here is the error:

It looks like there is no index but the policy creation find the index.

Do anyone struggle on this steps and finally find the key ?
Thank you

Have you executed the enrich policy before adding the enrichment process to the custom pipeline: Set up an enrich processor | Elasticsearch Guide [8.5] | Elastic?

Hello @ebeahan ,

Indeed, I didn't execute the policy.
It work now :slight_smile:

Thank you

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.