Can I create ingest processor to do some action like append tags or insert an alert to other index when a document match some conditions

ndhcoder · June 25, 2021, 2:53am

Hello everyone, Have a nice day !
I have a problem,
Can I create ingest processor to do some action like append tags or insert an alert to other index when a document match some conditions ?

Example:
I want to get some conditions from my config like:
if "message" contains "some text" and "age" > 18 then trigger an alert to "alerts" index and append "18+" to field "tags" on this document.

Thanks all.

ndhcoder · June 28, 2021, 1:49am

hello

warkolm · June 28, 2021, 1:59am

Why not use the Alerting functionality in the stack to do that?

Christian_Dahlqvist · June 28, 2021, 6:13am

Ingest processors can alter the event so it is possible to add a tag. You can however not spawn new documents for other indices. For that you might need to use Logstash which has that capability through the clone filter.

Topic		Replies	Views
Any plans for an Ingest-Alerting integration Elasticsearch elastic-stack-alerting	2	824	May 1, 2017
Can I do query to retrieve some doc in ingest processor Elasticsearch	6	1077	November 16, 2017
How to add ingest pipelin to alerts connector Kibana	1	261	August 8, 2022
Logstash equivalents with ingest pipeline Elasticsearch	1	581	May 5, 2017
Ingest pipeline write to different index Elasticsearch	1	4188	September 7, 2019

Can I create ingest processor to do some action like append tags or insert an alert to other index when a document match some conditions

Related topics