Please take your time to properly format and indent your messages. Because this is really the issue here. The set processor is within the script processor.
Check this example
POST _ingest/pipeline/_simulate
{
"pipeline": {
"description": "pipeline for splitting hashes stored in the event.Hash field",
"processors": [
{
"kv": {
"field": "hash",
"field_split": ",",
"value_split": "=",
"target_field": "output",
"tag": "kv"
}
},
{
"set": {
"if": "ctx.output.SHA256 == '1'",
"field": "suspicious",
"value": "true",
"tag": "set"
}
}
]
},
"docs": [
{
"_source": {
"hash": "SHA1=2,MD5=3,SHA256=1,IMPHASH=4"
}
}
]
}
The set processor now is its own element with in the processors array.
Nontheless, an error message might have been useful here. I will open an issue.