Hello,
I am currently researching for a solution to create a multi pipeline structure with ingest pipelines in elastic. The idea is to have some kind of post processing on the existing elastic-agent logs, for instance for enriching my data with security related information.
I found this feature request Specify multiple ingest pipelines for a data stream · Issue #61185 · elastic/elasticsearch · GitHub. But this is still open. So I need another solution.
One option for me is the final pipeline ".fleet_final_pipeline-1" where I could append a new pipeline within a processor and create this mentioned structure. It would look like this:
Pipeline: .fleet_final_pipeline-1
- processor A
- ...
- processor Z
- My-Pipeline
Does this work properly or is there any event, like a new patch, which overwrites my changes?
Or is there a better solution?
Thanks