Transform and enrich data

You can start with Elastic Agent and Elastic integrations, and still take advantage of additional processing options if you need them.

Elastic Agent processors: You can use Elastic Agent processors to sanitize or enrich raw data at the source. Use Elastic Agent processors if you need to control what data is sent across the wire, or if you need to enrich the raw data with information available on the host.
Elasticsearch ingest pipelines: You can use Elasticsearch ingest pipelines to enrich incoming data or normalize field data before the data is indexed. Elasticsearch ingest pipelines enable you to manipulate the data as it comes in. This approach helps you avoid adding processing overhead to the hosts from which you’re collecting data.
Elasticsearch runtime fields: You can use Elasticsearch runtime fields to define or alter the schema at query time. You can start working with your data without needing to understand how it is structured, add fields to existing documents without reindexing your data, override the value returned from an indexed field, and/or define fields for a specific use without modifying the underlying schema.
Logstash elastic_integration filter: You can use the Logstash elastic_integration filter and other Logstash filters to extend Elastic integrations by transforming data before it goes to Elasticsearch.