Elasticsearch Ingest Processors

D5cd900453405c985e97c63e9f92061d?s=47 Alexander Reelsen
October 30, 2018
Technology
0
54

Elasticsearch Ingest Processors

A BoF session held at the elastic on tour event in Frankfurt in October 2018.

D5cd900453405c985e97c63e9f92061d?s=128

Alexander Reelsen

October 30, 2018
Tweet

More Decks by Alexander Reelsen

See All by Alexander Reelsen
D5cd900453405c985e97c63e9f92061d?s=48 spinscale
0
53
D5cd900453405c985e97c63e9f92061d?s=48 spinscale
0
200
D5cd900453405c985e97c63e9f92061d?s=48 spinscale
1
41
D5cd900453405c985e97c63e9f92061d?s=48 spinscale
1
230
D5cd900453405c985e97c63e9f92061d?s=48 spinscale
4
590
D5cd900453405c985e97c63e9f92061d?s=48 spinscale
0
84
D5cd900453405c985e97c63e9f92061d?s=48 spinscale
1
280
D5cd900453405c985e97c63e9f92061d?s=48 spinscale
1
270
D5cd900453405c985e97c63e9f92061d?s=48 spinscale
1
9.5k

Other Decks in Technology

See All in Technology
B1cc148711c6a37a5c922b6e72a4ad52?s=48 upura
1
970
A64ac825509279a770c13c6fc517f11a?s=48 kawaguti
0
130
229b1596ce57cd0935a2bacd410d87a0?s=48 aaaddress1
1
1.7k
9888b1cb1b2a5d93095bbd98daf2efa5?s=48 emi0726
0
230
877f92a3597118cda2715790fa170ad4?s=48 benzookapi
0
110
B440848190075251e012e587b82f54e2?s=48 czmirror
0
240
783718ebd2faaa896d4cb347835c07fb?s=48 tarotaro0
0
420
9e7a653ed313b3da4b263a772bfc5026?s=48 clustervr
0
280
835671ae91e49b2637313b91dacda1db?s=48 tdys13
2
1.9k
40301c0affdf359eaca771713e22b71a?s=48 harshbothra
0
980
53850955f15249a1a9dc49df6113e400?s=48 line_developers
0
140
992ab21437c2ec7c70d9af79ed2a2273?s=48 7110
0
240

Featured

See All Featured
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
50
3.9k
5f2da528927a2ec9ba4fec2069cbc958?s=48 kneath
293
38k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
681
180k
7edec06b5435e0dac07a353b2cc26253?s=48 geeforr
330
29k
282d599b414022eba5096510f675b6e2?s=48 chrislema
169
14k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
775
240k
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
183
14k
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
84
8.3k
7653c7c449918ff6542880a8c284f5e7?s=48 jponch
101
4.8k
C86443373fbfe92996aa882d0d7a59f8?s=48 imathis
477
150k
9952dfcd5d338f8a8e7175c8a8f65fb5?s=48 wjessup
333
15k
0fe2973fa8d27d96547e43322341183a?s=48 swwweet
203
6.6k

Transcript

  1. Alexander Reelsen alex@elastic.co @spinscale Elasticsearch Ingest Processors Luca Wintergerst luca.wintergerst@elastic.co

    @LucaWintergerst

  2. ‣ Update ‣ Writing your own processors ‣ Use-Cases ‣

    Discussion Agenda

  3. Update

  4. ‣ bytes (convert to human readable bytes) ‣ dissect (grok

    without regexes, much faster) ‣ pipeline processor, referring to other pipelines New processors

  5. ‣ - drop processor to fully drop an event ‣

    "drop" : { "if": "ctx.foo == 'bar'" } ‣ - scripting can invoke other processors ‣ "ctx.target_field = Processors.bytes(ctx.source_field)" ‣ if in every processor using scripting New processors

  6. ‣ performance bump in geoip processor ‣ per processor metrics

    ‣ index default pipeline: ‣ settings.index.default_pipeline: "my_pipeline" Others

  7. ‣ Aligning dissect filters in logstash/beats/ES ‣ https://github.com/elastic/dissect-specification ‣ UI

    Future

  8. Writing your own

  9. ‣ https://github.com/spinscale/cookiecutter-elasticsearch-ingest-processor ‣ https://github.com/spinscale/elasticsearch-ingest-langdetect ‣ https://github.com/spinscale/elasticsearch-ingest-opennlp Write your own ingest

    plugin

  10. Use-Cases

  11. … ask all the things! Discussion