You’ll find Ingest Node Pipelines in Stack Management > Ingest. With this feature, you can:

    • View a list of your pipelines and drill down into details.
    • Create a pipeline that defines a series of tasks, known as processors.
    • Delete a pipeline that is no longer needed.

    The minimum required permissions to access Ingest Node Pipelines are the and cluster:monitor/nodes/info cluster privileges.

    You can add these privileges in Stack Management > Security > Roles.

    Privileges required for Ingest Node Pipelines

    From the list view, you can to drill down into the details of a pipeline. To edit, clone, or delete a pipeline, use the Actions menu.

    Example: Create a pipeline

    In this example, you’ll create a pipeline to handle server logs in the Common Log Format. The log looks similar to this:

    The log contains an IP address, timestamp, and user agent. You want to give these three items their own field in Elasticsearch for fast search and visualization. You also want to know where the request is coming from.

    1. In Ingest Node Pipelines, click Create a pipeline.
    2. Provide a name and description for the pipeline.

    3. Define the processors:

      This code defines four processors that run sequentially: , date, , and user_agent. Your form should look similar to this:

    4. To verify that the pipeline gives the expected outcome, click Test pipeline.

    6. If everything looks correct, close the panel, and then click Create pipeline.

      At this point, you’re ready to use the Elasticsearch index API to load the logs data.

    7. In the Kibana Console, index a document with the pipeline you created.

    8. To verify, run: