Elasticsearch Ingest Processors

Alexander Reelsen

October 30, 2018

270

Elasticsearch Ingest Processors

A BoF session held at the elastic on tour event in Frankfurt in October 2018.

Alexander Reelsen

October 30, 2018

Tweet

More Decks by Alexander Reelsen

See All by Alexander Reelsen

Understanding Apache Lucene - More than just full-text search

0

140

Elasticsearch: From Keyword Search To Data Science

0

200

Evolving Search at an ecommerce marketplace

0

250

The new generation of data stores

0

300

Search Evolution - Keeping up with the hype?

0

420

Mirror mirror... what am I typing next?

0

520

The New Generation of Data Stores

0

280

Elasticsearch: Distributed Search Under the Hood

0

180

Working distributed - but how?

0

250

Other Decks in Technology

See All in Technology

会社紹介資料 / Sansan Company Profile

PRO

16

410k

遊びで始めたNew Relic MCP、気づいたらChatOpsなオブザーバビリティボットができてました/From New Relic MCP to a ChatOps Observability Bot

1

120

【AWS】CloudTrail LakeとCloudWatch Logs Insightsの使い分け方針

0

130

トイルを超えたCREは何屋になるのか

0

100

「お金で解決」が全てではない！大規模WebアプリのCI高速化 #phperkaigi

5

2.4k

やさしいとこから始めるGitHubリポジトリのセキュリティ

3

2.1k

GitHub Advanced Security × Defender for Cloudで開発とSecOpsのサイロを超える: コードとクラウドをつなぐ、開発プラットフォームのセキュリティ

1

110

Oracle AI Database@Google Cloud：サービス概要のご紹介

oracle4engineer

PRO

5

1.3k

パワポ作るマンをMCP Apps化してみた

PRO

0

240

Datadog で実現するセキュリティ対策 ~オブザーバビリティとセキュリティを一緒にやると何がいいのか~

0

180

How to install a gem

0

2k

「AIエージェントで変わる開発プロセス―レビューボトルネックからの脱却」

PRO

0

190

Featured

See All Featured

Sharpening the Axe: The Primacy of Toolmaking

46

2.7k

89

10k

Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum

0

430

PRO

2

560

Raft: Consensus for Rubyists

141

7.4k

Visual Storytelling: How to be a Superhuman Communicator

2

480

Art, The Web, and Tiny UX

304

21k

Navigating Team Friction

192

16k

Optimizing for Happiness

378

71k

30

1.4k

Imperfection Machines: The Place of Print at Facebook

269

14k

Rails Girls Zürich Keynote

96

14k

Transcript

Alexander Reelsen [email protected] @spinscale Elasticsearch Ingest Processors Luca Wintergerst [email protected]
@LucaWintergerst
‣ Update ‣ Writing your own processors ‣ Use-Cases ‣
Discussion Agenda
Update
‣ bytes (convert to human readable bytes) ‣ dissect (grok
without regexes, much faster) ‣ pipeline processor, referring to other pipelines New processors
‣ - drop processor to fully drop an event ‣
"drop" : { "if": "ctx.foo == 'bar'" } ‣ - scripting can invoke other processors ‣ "ctx.target_field = Processors.bytes(ctx.source_field)" ‣ if in every processor using scripting New processors
‣ performance bump in geoip processor ‣ per processor metrics
‣ index default pipeline: ‣ settings.index.default_pipeline: "my_pipeline" Others
‣ Aligning dissect filters in logstash/beats/ES ‣ https://github.com/elastic/dissect-specification ‣ UI
Future
Writing your own
‣ https://github.com/spinscale/cookiecutter-elasticsearch-ingest-processor ‣ https://github.com/spinscale/elasticsearch-ingest-langdetect ‣ https://github.com/spinscale/elasticsearch-ingest-opennlp Write your own ingest
plugin
Use-Cases
… ask all the things! Discussion