Document log processors and component templates #1863
Description
We have a list of logs component templates that aren't documented anywhere, aside from logs@custom. We should mention all the defaults, when they are applied and how users can make use of them if they don't follow the naming conventions. These include the following:
logs@mappings: general mappings for log data streams that include disabling automatic date detection from string fields and specifying mappings for data_stream ECS fields.
logs@settings: general settings for log data streams including the following:
The default lifecycle policy that rolls over when the primary shard reaches 50 GB or after 30 days.
The default pipeline uses the ingest timestamp if there is no specified @timestamp and places a hook for the logs@custom pipeline. If a logs@custom pipeline is installed, it’s applied to logs ingested into this data stream.
Sets the ignore_malformed flag to true. When ingesting a large batch of log data, a single malformed field like an IP address can cause the entire batch to fail. When set to true, malformed fields with a mapping type that supports this flag are still processed.
ecs@mappings: dynamic templates that automatically ensure your data stream mappings comply with the Elastic Common Schema (ECS).