default filebeat ingest pipelines

[maseron]

What is the idea behind that not all filebeat default ingest pipelines are created?

Before elasticsearch 8 all filebeat ingest pipelines was created automatically at onion setup time, but after elasticsearch 8 at setup time some third party pipelines and some onion default ones are created, but not for example system.syslog.
So for me it looks strange that some third party pipelines are created, but no the default ones.

From documentation it's also not clearly stated that for each used filebeat module ingest pipelines should be created on onion.

So I fixed my install using thous commands to create missing filebeat ingest pipelines:
docker exec -i so-filebeat filebeat setup modules -pipelines -modules system -M 'system.syslog.enabled=true' -c /usr/share/filebeat/module-setup.yml

docker exec -i so-filebeat filebeat setup modules -pipelines -modules system -M 'system.auth.enabled=true' -c /usr/share/filebeat/module-setup.yml

docker exec -i so-filebeat filebeat setup modules -pipelines -modules iptables -M 'iptables.log.enabled=true' -c /usr/share/filebeat/module-setup.yml

[cm-ops]

Take a look at /opt/so/saltstack/default/salt/filebeat/thirdpartydefaults.yaml The modules listed there are then referenced in /opt/so/saltstack/default/salt/filebeat/modules.map.jinja and those pipelines are loaded. The thirdpartydefaults.yaml was the same in 2.3.120 (when Elastic 7.17.4 was the version).

That file is also not an all-inclusive for all the modules.