A feature request - would really like the ability to enrich documents going through an ingest pipeline with fields from documents in another elasticsearch index.
I’m sure this has many use cases, but for SIEM use, enriching IP addresses against threat intel.
Thanks!
Hey @jimmyjones,
Absolutely. We are looking into it. Would you be ok for us to connect with you offline to share some of our approach and seek your feedback? Please DM and I’ll schedule a call with the team.
Thanks,
Pavani
Hey @bpavani
Sure. I can’t seem to DM, maybe my account is too new? Can you DM me and we’ll chat?
Thanks!
Just FYI, enrich processor is available in v7.5.0 of main ES stack.
Hi,
We are also keen to begin using the Enrich Processor functionality, when is this likely to be available?
Thanks,
John
FYI, I asked a similar question in the OpenSearch forum: Enrich processor