[DOCS] Update ingest node pipelines doc #79187
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alisonelizabeth
added
v8.0.0
release_note:skip
alisonelizabeth
commented
Oct 1, 2020
| Once complete, click *Update*. | ||
| . Add 3 more processors with the following data: | ||
| + | ||
| *Date* |
There was a problem hiding this comment.
There might be a better way to display this data 😄
There was a problem hiding this comment.
Yeah, especially the way that the table is rendered. I think I'd split up the steps differently, instead. Something like:
. Add a grok processor to parse the log message:
.. Click *Add a processor* and select the *Grok* processor type.
.. Set the field input to `message` and enter the following grok pattern.
.. Click *Update* to save the processor.
. Add processors to map the Date, GeopIP, and User agent fields:
.. Select the ***Field*** processor type.
.. Map the appropriate parsed value to each field:
+
--
* Date: `timestamp`
* GeoIp: `clientip`
* User agent: `agent`
For the Date field, you also need to specify the date format you want to use.
--
There was a problem hiding this comment.
Thanks! I like this a lot better. I followed this pattern, but changed the copy in a few places where I felt it wasn't 100% clear.
debadair
reviewed
Oct 1, 2020
| Once complete, click *Update*. | ||
| . Add 3 more processors with the following data: | ||
| + | ||
| *Date* |
There was a problem hiding this comment.
Yeah, especially the way that the table is rendered. I think I'd split up the steps differently, instead. Something like:
. Add a grok processor to parse the log message:
.. Click *Add a processor* and select the *Grok* processor type.
.. Set the field input to `message` and enter the following grok pattern.
.. Click *Update* to save the processor.
. Add processors to map the Date, GeopIP, and User agent fields:
.. Select the ***Field*** processor type.
.. Map the appropriate parsed value to each field:
+
--
* Date: `timestamp`
* GeoIp: `clientip`
* User agent: `agent`
For the Date field, you also need to specify the date format you want to use.
--
|
|
||
| |=== | ||
| + | ||
| You now have defined 4 {ref}/ingest-processors.html[processors] that run sequentially: | ||
| {ref}/grok-processor.html[grok], {ref}/date-processor.html[date], | ||
| {ref}/geoip-processor.html[geoip], and {ref}/user-agent-processor.html[user_agent]. | ||
| Your form should look similar to this: |
There was a problem hiding this comment.
I'd move this before the part about them running sequentially.
Co-authored-by: debadair <[email protected]>
Co-authored-by: debadair <[email protected]>
Co-authored-by: debadair <[email protected]>
|
Thanks @debadair for the helpful review! I addressed your feedback. Would you mind taking another look when you get a chance? |
jloleysens
reviewed
Oct 2, 2020
There was a problem hiding this comment.
@alisonelizabeth I am happy with the proposed set of changes. I wonder if it might be worth mentioning something about the capability to re-order processors too - don't think this is a hard requirement though.
|
Thanks @jloleysens! I added a sentence about reordering - good idea! I also added back the processors JSON and mentioned the "Import processors" ability. |
debadair
approved these changes
Oct 12, 2020
Co-authored-by: debadair <[email protected]>
|
@elasticmachine merge upstream |
alisonelizabeth
added a commit
to alisonelizabeth/kibana
that referenced
this pull request
Oct 13, 2020
jloleysens
added a commit
to jloleysens/kibana
that referenced
this pull request
Oct 13, 2020
…otphase-to-formlib * 'master' of github.com:elastic/kibana: (59 commits) [Security Solution][Resolver] Replace copy-to-clipboard with native navigator.clipboard (elastic#80193) [Security Solution] Reduce initial bundle size (elastic#78992) [Security Solution][Resolver] Fix Resize node box-shadow bug (elastic#80223) Move observability content (elastic#79978) skip flaky suite (elastic#79389) removing kibana_datatable` in favor of `datatable` (elastic#75184) [ML] Fixes for anomaly swim lane (elastic#80299) [Lens] Smokescreen lens test unskip (elastic#80190) Improved AlertsClient tests structure by splitting a huge alerts_client.tests.ts file into a specific files defined by its responsibility. (elastic#80088) [APM] React key warning when opening popover with external resources (elastic#80328) [Step 1] use Observables on server search API (elastic#79874) Apply back pressure in Task Manager whenever Elasticsearch responds with a 429 (elastic#75666) [Lens] Leverage original http request error (elastic#79831) [Security Solution][Case] Improve ServiceConnectorCaseParams type (elastic#80109) [SECURITY_SOLUTION] Fix query on alert histogram (elastic#80219) [DOCS] Update ingest node pipelines doc (elastic#79187) [Ingest Manager] Split up OpenAPI spec file (elastic#80107) [SECURITY_SOLUTION][ENDPOINT] Fix label on Trusted App create name field (elastic#80001) [Ingest Manager] Fix agent policy bump revision to create only one POLICY_CHANGE action (elastic#80081) Grid layout fixes (elastic#80305) ... # Conflicts: # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/phases/shared/data_tier_allocation_field.tsx # x-pack/plugins/index_lifecycle_management/public/shared_imports.ts
alisonelizabeth
added a commit
that referenced
this pull request
Oct 14, 2020
alisonelizabeth
added a commit
that referenced
this pull request
Oct 14, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR updates the ingest node pipeline doc based on changes made to the UI in
7.9and7.10. The bulk of the changes are related to the example, which showed the old processors JSON editor, instead of the new processors editor component./cc @jloleysens if there's anything else you think we should add.