Hello,
I had a fully functional GROK written for filebeat and we recently just moved to using Elastic Agent. Now the GROK isn't functioning the same. It seems to take the first few lines of the GROK and execute them but then it doesn't listen to the rest of it. I do have some If statements, mutates, remove, overwrite, KV and add statements in the GROK. It was my understanding that the GROK and filters worked with Elastic agent as well.
Am I supposed to be doing or ordering something different with the elastic-agent-pipeline.conf? Any help with this would be greatly appreciated.