Hello,
I've just found that there are Ingest Pipelines and I was wondering if there is an equivalent template for logstash or maybe if you know how to convert it to logstash format ?
It would be useful especially for the windows security logs 
e.g: The last processor of the winlogbeat security ingest pipeline is removing the field event.original, I know how to translate this action in logstash format but for the other processors its look difficult to find the equivalent.
Actually there is a tool ! Converting Ingest Node Pipelines | Logstash Reference [8.13] | Elastic
Sorry for my dumb question ! Next time i will RTFM ^^
True, but it looks like it hasn't been updated in four years, so I would not be surprised if it is unable to do the conversion on some (much?) of the functionality that has been added to ingest pipelines since then.
Yes I just saw that, especially that the Winlogbeat ingest pipelines has many scripts processors and the tool is unable to convert it.
Yep, it seems not to work I have an exception:
bin/ingest-convert.sh --input file:///usr/share/logstash/pipeline/winlogbeat/winlogbeat-8.13.2-security.json --output file:///usr/share/logstash/pipeline/winlogbeat/winlog-security-parser.conf
Exception in thread "main" java.lang.NullPointerException: Cannot invoke "java.util.List.stream()" because "processors" is null
at org.logstash.ingest.IngestPipeline.toLogstash(IngestPipeline.java:44)
at org.logstash.ingest.JsUtil.convert(JsUtil.java:165)
at org.logstash.ingest.Pipeline.main(Pipeline.java:35)
Hello, I found an alternative to convert the painless scripts which are difficult to me as I'm not a developer..
I used chatgpt to convert the painless script Kerberos Ticket Options from winlogbeat-security Ingest pipelines.
Here's the details, my questions are in french but you can translate, what's important is the result and it can convert easily to a logstash format 
https://chatgpt.com/share/c3fe2c6c-db73-4e50-821f-3fec92be2d71
It even explain each steps on how it works ! the same method can be used to convert all other painless scripts
Merci !
Thanks for sharing.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.