Clarify docs to indicate where processors are valid in the config (#7085

) * Add module specific prospectors to processors I have to close the previous commit as the file location and contents had changed too much to merge over. Slightly expanded on why you would want to scope processors to a module (You use the module terminology in the config directory, and that might be clearest for readers looking at the setup file structure) * Edit user submission
elastic · Jul 10, 2018 · 9d865a7 · 9d865a7
1 parent c94a02a
commit 9d865a7
Showing 1 changed file with 137 additions and 15 deletions.
diff --git a/libbeat/docs/processors-using.asciidoc b/libbeat/docs/processors-using.asciidoc
@@ -1,37 +1,159 @@
 [[defining-processors]]
 === Define processors
 
-You define processors in the +{beatname_lc}.yml+ file to filter and enhance the
-data before sending events to the configured output.
-
-To define a processor, you specify the processor name, an optional condition,
-and a set of parameters:
+You can use processors to filter and enhance data before sending it to the
+configured output. To define a processor, you specify the processor name, an
+optional condition, and a set of parameters:
 
 [source,yaml]
 ------
 processors:
- - <processor_name>:
-     <parameters>
-     when:
-       <condition>
- - <processor_name>:
-     <parameters>
-     when:
-       <condition>
-...
+- <processor_name>:
+    when:
+      <condition>
+    <parameters>
+
+- <processor_name>:
+    when:
+      <condition>
+    <parameters>
 
+...
 ------
 
 Where:
 
 * `<processor_name>` specifies a <<processors,processor>> that performs some kind
 of action, such as selecting the fields that are exported or adding metadata to
 the event.
-* `<when: condition>` specifies an optional <<conditions,condition>>. If the
+* `<condition>` specifies an optional <<conditions,condition>>. If the
 condition is present, then the action is executed only if the condition is
 fulfilled. If no condition is passed, then the action is always executed.
 * `<parameters>` is the list of parameters to pass to the processor.
 
+
+[[where-valid]]
+==== Where are processors valid?
+
+// TODO: ANY NEW BEATS THAT RE-USE THIS TOPIC NEED TO DEFINE processor-scope.
+
+ifeval::["{beatname_lc}"=="filebeat"]
+:processor-scope: input
+endif::[]
+
+ifeval::["{beatname_lc}"=="auditbeat" or "{beatname_lc}"=="metricbeat"]
+:processor-scope: module
+endif::[]
+
+ifeval::["{beatname_lc}"=="packetbeat"]
+:processor-scope: protocol
+endif::[]
+
+ifeval::["{beatname_lc}"=="heartbeat"]
+:processor-scope: monitor
+endif::[]
+
+ifeval::["{beatname_lc}"=="winlogbeat"]
+:processor-scope: event log shipper
+endif::[]
+
+Processors are valid:
+
+* At the top-level in the configuration. The processor is applied to all data
+collected by {beatname_uc}.
+* Under a specific {processor-scope}. The processor is applied to the data
+collected for that {processor-scope}. For example:
++
+ifeval::["{beatname_lc}"=="filebeat"]
+[source,yaml]
+------
+- type: <input_type>
+  processors:
+  - <processor_name>:
+      when:
+        <condition>
+      <parameters>
+...
+------
++
+Similarly, for {beatname_uc} modules, you can define processors under the
+`input` section of the module definition. 
+endif::[]
+ifeval::["{beatname_lc}"=="metricbeat"]
+[source,yaml]
+----
+- module: <module_name>
+  metricsets: ["<metricset_name>"]
+  processors:
+  - <processor_name>:
+      when:
+        <condition>
+      <parameters> 
+----
+endif::[]
+ifeval::["{beatname_lc}"=="auditbeat"]
+[source,yaml]
+----
+auditbeat.modules:
+- module: <module_name>
+  processors:
+  - <processor_name>:
+      when:
+        <condition>
+      <parameters> 
+----
+endif::[]
+ifeval::["{beatname_lc}"=="packetbeat"]
+[source,yaml]
+----
+packetbeat.protocols:
+- type: <protocol_type>  
+  processors:
+  - <processor_name>:
+      when:
+        <condition>
+      <parameters>
+----
+
+* Under `packetbeat.flows`. The processor is applied to the data in
+<<configuration-flows,network flows>>:
++
+[source,yaml]
+----
+packetbeat.flows:
+  processors:
+  - <processor_name>:
+      when:
+        <condition>
+      <parameters>
+----
+endif::[]
+ifeval::["{beatname_lc}"=="heartbeat"]
+[source,yaml]
+----
+heartbeat.monitors:
+- type: <monitor_type>
+  processors:
+  - <processor_name>:
+      when:
+        <condition>
+      <parameters>
+----
+endif::[]
+ifeval::["{beatname_lc}"=="winlogbeat"]
+[source,yaml]
+----
+winlogbeat.event_logs:
+- name: <network_shipper_name>
+  processors:
+  - <processor_name>:
+      when:
+        <condition>
+      <parameters>
+----
+endif::[]
+
+
 [[processors]]
 ==== Processors