Logs-azure.eventhub@custom

Eran_Hadad · April 4, 2024, 1:01pm

Hi,
I'm using fleet to insert Azure logs into elasticsearch.
I want to enrich my index with a new field so I created a new ingest pipeline named: logs-azure.eventhub@custom which I see that is been called from the managed pipeline.
I ran a simulate command to check the pipeline and it seems to work and do as expected:
POST _ingest/pipeline/logs-azure.eventhub@custom/_simulate
but for some reason I don't see the new field created.
I tried to add the field manually to the data view but obviously it's not the correct way.
So I wonder what should I do next as everything is managed by fleet so I'm not sure how to handle it as oppose to an index I create myself.
Any suggestions would be much appreciated

Julia_Bardi · May 21, 2024, 9:41am

You can add the new field mapping to the logs-azure.eventhub@custom component template. You can create it from the UI if it doesn't exist, from the Edit integration policy page.

Topic		Replies	Views
Enrich Fleet Integration Elasticsearch fleet	4	144	April 23, 2024
Custom Logs Ingest Pipeline Elasticsearch fleet	9	3807	February 21, 2022
Fleet Custom Logs Ingest Pipeline Elasticsearch fleet	2	1611	March 4, 2021
Elastic Fleet - Add GeoData to winlog through Ingest Pipeline Elasticsearch ingest-pipeline	1	170	October 23, 2023
Elastic fleet change datastream name based on field value Beats fleet	10	627	May 9, 2022

Logs-azure.eventhub@custom

Related topics