Enrich policy definitionedit

Enrich policies are defined as JSON objects like the following:

{
  "<enrich_policy_type>": {
    "indices": [ "..." ],
    "match_field": "...",
    "enrich_fields": [ "..." ],
    "query": {... }
  }
}

Parametersedit

<enrich_policy_type>

(Required, enrich policy object) The enrich policy type determines how enrich data is matched to incoming documents.

Supported enrich policy types include:

geo_match
Matches enrich data to incoming documents based on a geographic location using a geo_shape query. For an example, see Example: Enrich your data based on geolocation.
match
Matches enrich data to incoming documents based on a precise value, such as an email address or ID, using a term query. For an example, see Example: Enrich your data based on exact values.
indices

(Required, String or array of strings) Source indices used to create the enrich index.

If multiple indices are provided, they must share a common match_field, which the enrich processor can use to match incoming documents.

match_field
(Required, string) Field in the source indices used to match incoming documents.
enrich_fields
(Required, Array of strings) Fields to add to matching incoming documents. These fields must be present in the source indices.
query
(Optional, Query DSL query object) Query used to filter documents in the enrich index for matching. Defaults to a match_all query.