From f5410f73ac8f3f38e309c015c37829978d69a649 Mon Sep 17 00:00:00 2001 From: Mike Birnstiehl Date: Tue, 9 Sep 2025 10:18:49 -0500 Subject: [PATCH 1/2] Remove k-v processor from streams --- .../logs/streams/management/extract.md | 1 - .../streams/management/extract/key-value.md | 35 ------------------- 2 files changed, 36 deletions(-) delete mode 100644 solutions/observability/logs/streams/management/extract/key-value.md diff --git a/solutions/observability/logs/streams/management/extract.md b/solutions/observability/logs/streams/management/extract.md index 639e483635..8bccb06e82 100644 --- a/solutions/observability/logs/streams/management/extract.md +++ b/solutions/observability/logs/streams/management/extract.md @@ -26,7 +26,6 @@ To add a processor: - [Date](./extract/date.md) - [Dissect](./extract/dissect.md) - [Grok](./extract/grok.md) - - [Key-Value (KV)](./extract/key-value.md) - GeoIP - Rename - Set diff --git a/solutions/observability/logs/streams/management/extract/key-value.md b/solutions/observability/logs/streams/management/extract/key-value.md deleted file mode 100644 index 5a1cb34210..0000000000 --- a/solutions/observability/logs/streams/management/extract/key-value.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -navigation_title: KV processor -applies_to: - serverless: preview - stack: preview 9.1 ---- -# Key value processor [streams-kv-processor] - -The key value (KV) processor allows you to extract key-value pairs from a field and assign them to a target field or the root of the document. - -This functionality uses the {{es}} KV pipeline processor. Refer to the [KV processor](elasticsearch://reference/enrich-processor/kv-processor.md) {{es}} documentation for more information. - -## Required fields [streams-kv-required-fields] - -The KV processor requires the following fields: - -| Field | Description| -| ------- | --------------- | -| Field | The field to be parsed.| -| Field split | Regex pattern used to delimit the key-value pairs. Typically a space character (" "). | -| Value split | Regex pattern used to delimit the key from the value. Typically an equals sign (`=`). | - -## Optional fields [streams-kv-optional-fields] - -The following fields are optional for the KV processor: - -| Field | Description| -| ------- | --------------- | -| Target field | The field to assign the parsed key-value pairs to. If not specified, the key-value pairs are assigned to the root of the document. | -| Include keys | A list of extracted keys to include in the output. If not specified, all keys are included by default. Type and then hit "ENTER" to add keys. | -| Exclude keys | A list of extracted keys to exclude from the output. Type and then hit "ENTER" to add keys. | -| Prefix | A prefix to add to extracted keys. | -| Trim key | A string of characters to trim from extracted keys. | -| Trim value | A string of characters to trim from extracted values. | -| Strip brackets | Removes brackets (`(), <>, []`) and quotes (`', "`) from extracted values.| From 6d6763069f962ea5929c840257779d836d5128b3 Mon Sep 17 00:00:00 2001 From: Mike Birnstiehl Date: Tue, 9 Sep 2025 10:27:45 -0500 Subject: [PATCH 2/2] fix toc --- solutions/toc.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/solutions/toc.yml b/solutions/toc.yml index 9547c5c8a6..971d790238 100644 --- a/solutions/toc.yml +++ b/solutions/toc.yml @@ -422,7 +422,6 @@ toc: - file: observability/logs/streams/management/extract/date.md - file: observability/logs/streams/management/extract/dissect.md - file: observability/logs/streams/management/extract/grok.md - - file: observability/logs/streams/management/extract/key-value.md - file: observability/logs/streams/management/retention.md - file: observability/logs/streams/management/advanced.md - file: observability/incident-management.md @@ -500,7 +499,7 @@ toc: - file: security/ai.md children: - file: security/ai/ease/ease-intro.md - children: + children: - file: security/ai/ease/ease-alerts.md - file: security/ai/ease/ease-value-report.md - file: security/ai/ease/ease-upgrade.md