The main goals of Elasticsearch are indexing, searching, and analytics, but it's often required to modify or enhance the documents before storing them in Elasticsearch.
The following are the most common scenarios in this case:
- Preprocessing the log string to extract meaningful data
- Enriching the content of textual fields with Natural Language Processing (NLP) tools
- Enriching the content using machine learning (ML) computed fields
- Adding data modification or transformation during ingestion, such as the following:
- Converting IP in geolocalization
- Adding datetime fields at ingestion time
- Building custom fields (via scripting) at ingestion time