FSCrawler - Ingest pipeline error

Elastic Stack Elasticsearch
2

FSCrawler does not generate the extracted content in message field but in content (see https://fscrawler.readthedocs.io/en/latest/admin/fs/elasticsearch.html#generated-fields).

Update the pipeline to:

PUT _ingest/pipeline/test_pipeline_id
{
    "description" : "parse multiple patterns",
  "processors": [
    {
      "grok": {
        "field": "content",
        "patterns": ["additionalfield1: (?<additionalfield1>([^,]*))additionalfield2: (?<additionalfield2>([^,]*))"]
      }
    }
  ]
}

And that should be good.