VirtualMetric · KorayErkan · Feb 27, 2026 · Feb 23, 2026 · Feb 24, 2026 · Feb 24, 2026
diff --git a/docs/about/key-features.mdx b/docs/about/key-features.mdx
@@ -135,7 +135,7 @@ The pipeline architecture is designed with flexibility and ease of use in mind,
 
 <Image id="feature-processor-support" maxWidth="250px"/>
 
-Offering **169+** processors, **DataStream** has the most comprehensive support in the industry for _low-code_/_no-code_ management, enabling tasks like parsing, filtering, enrichment, schema transformation, normalization, routing, and more. Engineers with **Elastic** experience can leverage this robust and flexible pipeline engine while benefiting from extended multi-platform capabilities.
+Offering **174+** processors, **DataStream** has the most comprehensive support in the industry for _low-code_/_no-code_ management, enabling tasks like parsing, filtering, enrichment, schema transformation, normalization, routing, and more. Engineers with **Elastic** experience can leverage this robust and flexible pipeline engine while benefiting from extended multi-platform capabilities.
 
 Key capabilities include:
 

diff --git a/docs/configuration/pipelines/processors/break.mdx b/docs/configuration/pipelines/processors/break.mdx
@@ -0,0 +1,168 @@
+---
+description: Halts execution of remaining processors in the current pipeline chain and forwards the log entry to its target
+sidebar_custom_props:
+  customCategory: Flow Control
+  customIcon: ⛔
+---
+
+# Break
+
+<span className="theme-doc-version-badge badge badge--primary">Flow Control</span>
+
+## Synopsis
+
+Halts the remaining processors in the current pipeline chain and forwards the log entry to its target without further processing, similar to a `break` statement in programming languages.
+
+## Schema
+
+```yaml
+- break:
+    description: <text>
+    if: <script>
+    ignore_failure: <boolean>
+    on_failure: <processor[]>
+    on_success: <processor[]>
+    tag: <string>
+```
+
+## Configuration
+
+The following fields are used to define the processor:
+
+|Field|Required|Default|Description|
+|---|---|---|---|
+|`description`|N||Explanatory note|
+|`if`|N||Condition to run|
+|`ignore_failure`|N|`false`|Continue processing if operation fails|
+|`on_failure`|N||See <Topic id="pipelines-handling-failures">Handling Failures</Topic>|
+|`on_success`|N||See <Topic id="pipelines-handling-success">Handling Success</Topic>|
+|`tag`|N||Identifier|
+
+## Details
+
+The `break` processor stops execution of all remaining processors in the current pipeline chain. The log entry is not dropped — it is forwarded to its configured target as-is, with all field values set up to the point of the break.
+
+This processor has no required fields. When used without an `if` condition, it unconditionally halts further processing. The most common usage is with an `if` expression to conditionally exit the pipeline when specific criteria are met.
+
+The `break` processor is classified as a finalizer: once triggered, the pipeline engine stops processing the current processor list and returns the log entry for delivery.
+
+## Examples
+
+### Unconditional Break
+
+<ExampleGrid>
+  <CommentCol>
+    Halting all further processing unconditionally...
+  </CommentCol>
+  <CodeCol>
+    ```json
+    {
+      "source": {"ip": "192.168.1.1"},
+      "event": {"action": "login"}
+    }
+    ```
+    ```yaml
+    - set:
+        field: processed
+        value: true
+    - break:
+        description: "Stop processing here"
+    - set:
+        field: should_not_appear
+        value: true
+    ```
+  </CodeCol>
+  <CommentCol>
+    Processing stops at break; log entry is forwarded with only the fields set before break...
+  </CommentCol>
+  <CodeCol>
+    ```json
+    {
+      "source": {"ip": "192.168.1.1"},
+      "event": {"action": "login"},
+      "processed": true
+    }
+    ```
+  </CodeCol>
+</ExampleGrid>
+
+### Conditional Break
+
+<ExampleGrid>
+  <CommentCol>
+    Stopping processing when packet count matches condition...
+  </CommentCol>
+  <CodeCol>
+    ```json
+    {
+      "source": {"packets": 10},
+      "network": {"protocol": "tcp"}
+    }
+    ```
+    ```yaml
+    - set:
+        field: initial_check
+        value: true
+    - break:
+        if: "ctx.source.packets == 10"
+        description: "Exit early for 10-packet events"
+    - geo_ip:
+        field: source.ip
+        target: source.geo
+    - threat_intel:
+        field: source.ip
+    ```
+  </CodeCol>
+  <CommentCol>
+    Pipeline halts when condition is met; expensive enrichment processors are skipped...
+  </CommentCol>
+  <CodeCol>
+    ```json
+    {
+      "source": {"packets": 10},
+      "network": {"protocol": "tcp"},
+      "initial_check": true
+    }
+    ```
+  </CodeCol>
+</ExampleGrid>
+
+### Break with `on_success` Notification
+
+<ExampleGrid>
+  <CommentCol>
+    Marking the log entry before breaking out of the pipeline...
+  </CommentCol>
+  <CodeCol>
+    ```json
+    {
+      "event": {"type": "heartbeat"},
+      "host": {"name": "monitor-01"}
+    }
+    ```
+    ```yaml
+    - break:
+        if: "ctx.event.type == 'heartbeat'"
+        description: "Skip enrichment for heartbeat events"
+        on_success:
+          - set:
+              field: pipeline.skipped
+              value: true
+    - enrich:
+        field: host.name
+        target: host.details
+    ```
+  </CodeCol>
+  <CommentCol>
+    Heartbeat events exit early with the skip marker set; non-heartbeat events proceed to enrichment...
+  </CommentCol>
+  <CodeCol>
+    ```json
+    {
+      "event": {"type": "heartbeat"},
+      "host": {"name": "monitor-01"},
+      "pipeline": {"skipped": true}
+    }
+    ```
+  </CodeCol>
+</ExampleGrid>
diff --git a/docs/configuration/pipelines/processors/contains.mdx b/docs/configuration/pipelines/processors/contains.mdx
@@ -7,7 +7,7 @@ sidebar_custom_props:
 
 # Contains
 
-<span className="theme-doc-version-badge badge badge--primary">Control Flow</span>
+<span className="theme-doc-version-badge badge badge--primary">Flow Control</span>
 
 ## Synopsis
 
@@ -18,14 +18,17 @@ Checks if a specified field value exists within a list of values, enabling condi
 ```yaml {2}
 - contains:
     field: <ident>
+    case_sensitive: <boolean>
     description: <text>
+    disabled: <boolean>
     if: <script>
     ignore_failure: <boolean>
     ignore_missing: <boolean>
     list: <string[]>
     list_field: <ident>
     on_failure: <processor[]>
     on_success: <processor[]>
+    partial: <boolean>
     tag: <string>
 ```
 
@@ -35,23 +38,32 @@ The following fields are used to define the processor:
 
 |Field|Required|Default|Description|
 |---|---|---|---|
-|`field`|Y|-|Field containing the value to check|
-|`description`|N|-|Explanatory note|
-|`if`|N|-|Condition to run|
+|`field`|Y||Field containing the value to check|
+|`case_sensitive`|N|`false`|When `true`, comparisons are case-sensitive|
+|`description`|N||Explanatory note|
+|`disabled`|N|`false`|When `true`, processor is skipped|
+|`if`|N||Condition to run|
 |`ignore_failure`|N|`false`|See <Topic id="pipelines-handling-failures">Handling Failures</Topic>|
-|`ignore_missing`|N|`false`|If `true` and `field` does not exist, exit quietly without making any modifications|
-|`list`|N|-|Static list of values to check against|
-|`list_field`|N|-|Field containing the dynamic list of values to check against|
-|`on_failure`|N|-|See <Topic id="pipelines-handling-failures">Handling Failures</Topic>|
-|`on_success`|N|-|See <Topic id="pipelines-handling-success">Handling Success</Topic>|
-|`tag`|N|-|Identifier|
+|`ignore_missing`|N|`false`|If `true` and `field` does not exist, exit quietly|
+|`list`|N||Static list of values to check against|
+|`list_field`|N||Field containing a dynamic `[]string` list to check against|
+|`on_failure`|N||See <Topic id="pipelines-handling-failures">Handling Failures</Topic>|
+|`on_success`|N||See <Topic id="pipelines-handling-success">Handling Success</Topic>|
+|`partial`|N|`false`|When `true`, uses substring matching instead of exact equality|
+|`tag`|N||Identifier|
 
-# Details
+## Details
 
-The list can be provided directly or referenced from another field.
+The processor checks whether the string value of `field` appears in a list of candidate values. The list is provided via `list` (static values defined inline) or `list_field` (a `[]string` field in the log entry). If both are set, `list_field` takes precedence. At least one must be specified; otherwise the processor fails with "no member specified".
 
-:::warning
-Either `list` or `list_field` must be specified, but not both, and the field being checked must contain a string value. The processor will fail if neither `list` nor `list_field` is provided, or if the specified field contains a non-string value.
+By default, comparison is **exact equality** and **case-insensitive**. Set `case_sensitive: true` for exact-case matching.
+
+When `partial` is `true`, the check changes from exact equality to bidirectional substring matching: the processor succeeds if the field value contains any list member as a substring, **or** if any list member contains the field value as a substring.
+
+List values support template syntax (`{{{field_name}}}`), allowing dynamic values constructed from other fields in the log entry.
+
+:::note
+For pattern-based matching (substring or regex) against a single value rather than a list, see <Topic id="processors-matches">Matches</Topic>.
 :::
 
 ## Examples
@@ -127,6 +139,54 @@ Either `list` or `list_field` must be specified, but not both, and the field bei
   </CommentCol>
 </ExampleGrid>
 
+### Partial Match
+
+<ExampleGrid>
+  <CommentCol>
+    Checking if a field value contains any list member as a substring...
+  </CommentCol>
+  <CodeCol>
+    ```json
+    {
+      "event_type": "user.login.success"
+    }
+    ```
+    ```yaml
+    - contains:
+        field: event_type
+        list: ["login", "logout"]
+        partial: true
+    ```
+  </CodeCol>
+  <CommentCol>
+    returns success because `"user.login.success"` contains `"login"`
+  </CommentCol>
+</ExampleGrid>
+
+### Case Sensitive
+
+<ExampleGrid>
+  <CommentCol>
+    Requiring exact case when checking against a list...
+  </CommentCol>
+  <CodeCol>
+    ```json
+    {
+      "severity": "WARNING"
+    }
+    ```
+    ```yaml
+    - contains:
+        field: severity
+        list: ["warning", "error", "critical"]
+        case_sensitive: true
+    ```
+  </CodeCol>
+  <CommentCol>
+    returns no match because `"WARNING"` does not equal `"warning"` in case-sensitive mode
+  </CommentCol>
+</ExampleGrid>
+
 ### Templates
 
 <ExampleGrid>