Hi,
I'm using fleet to insert Azure logs into elasticsearch.
I want to enrich my index with a new field so I created a new ingest pipeline named: logs-azure.eventhub@custom which I see that is been called from the managed pipeline.
I ran a simulate command to check the pipeline and it seems to work and do as expected:
POST _ingest/pipeline/logs-azure.eventhub@custom/_simulate
but for some reason I don't see the new field created.
I tried to add the field manually to the data view but obviously it's not the correct way.
So I wonder what should I do next as everything is managed by fleet so I'm not sure how to handle it as oppose to an index I create myself.
Any suggestions would be much appreciated