Can I create ingest processor to do some action like append tags or insert an alert to other index when a document match some conditions

ndhcoder · June 25, 2021, 2:53am

Hello everyone, Have a nice day !
I have a problem,
Can I create ingest processor to do some action like append tags or insert an alert to other index when a document match some conditions ?

Example:
I want to get some conditions from my config like:
if "message" contains "some text" and "age" > 18 then trigger an alert to "alerts" index and append "18+" to field "tags" on this document.

Thanks all.

ndhcoder · June 28, 2021, 1:49am

hello

warkolm · June 28, 2021, 1:59am

Why not use the Alerting functionality in the stack to do that?

Christian_Dahlqvist · June 28, 2021, 6:13am

Ingest processors can alter the event so it is possible to add a tag. You can however not spawn new documents for other indices. For that you might need to use Logstash which has that capability through the clone filter.

system · July 26, 2021, 6:14am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Any plans for an Ingest-Alerting integration Elasticsearch elastic-stack-alerting	3	798	May 29, 2017
Conditions in Ingest node pipeline Elasticsearch	6	2301	November 25, 2017
Elasticsearch ingest pipeline drop processor no worky :( Elasticsearch	2	1071	October 9, 2019
Foreach Ingest processor + conditional append processor Elasticsearch painless	3	2035	February 26, 2020
Elasticsearch insert triggers Elasticsearch	5	3946	June 15, 2017

Can I create ingest processor to do some action like append tags or insert an alert to other index when a document match some conditions

Related topics