Feature request: enrich processor

A feature request - would really like the ability to enrich documents going through an ingest pipeline with fields from documents in another elasticsearch index.

I’m sure this has many use cases, but for SIEM use, enriching IP addresses against threat intel.

Thanks!

1 Like

Hey @jimmyjones,

Absolutely. We are looking into it. Would you be ok for us to connect with you offline to share some of our approach and seek your feedback? Please DM and I’ll schedule a call with the team.

Thanks,
Pavani

Hey @bpavani

Sure. I can’t seem to DM, maybe my account is too new? Can you DM me and we’ll chat?

Thanks!

Just FYI, enrich processor is available in v7.5.0 of main ES stack.