Can I create ingest processor to do some action like append tags or insert an alert to other index when a document match some conditions

ndhcoder · June 25, 2021, 2:53am

Hello everyone, Have a nice day !
I have a problem,
Can I create ingest processor to do some action like append tags or insert an alert to other index when a document match some conditions ?

Example:
I want to get some conditions from my config like:
if "message" contains "some text" and "age" > 18 then trigger an alert to "alerts" index and append "18+" to field "tags" on this document.

Thanks all.

ndhcoder · June 28, 2021, 1:49am

hello

warkolm · June 28, 2021, 1:59am

Why not use the Alerting functionality in the stack to do that?

Christian_Dahlqvist · June 28, 2021, 6:13am

Ingest processors can alter the event so it is possible to add a tag. You can however not spawn new documents for other indices. For that you might need to use Logstash which has that capability through the clone filter.

system · July 26, 2021, 6:14am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.