OpenSearch Enrichment Processor

[dlvenable]

Is your feature request related to a problem? Please describe.

Pipeline authors often want to enrich Events with data from an existing OpenSearch cluster. This allows authors to enrich events with data from other events which were already sent to OpenSearch.

Describe the solution you'd like

Provide an OpenSearch enrichment processor. It would take some of the following parameters.

• A query template which can perform queries using parameters from the input Event.
• Document to Event mappings.
• The same connection configuration options as available in the opensearch sink.

processor:
  - opensearch_enrichment:
        query: "requestId:${/requestId}"
        mappings:
          - from_key: "bytes"
             to_key: "bytes"
        hosts: ["https://localhost:9200"]
        cert: path/to/cert
        username: YOUR_USERNAME_HERE
        password: YOUR_PASSWORD_HERE

Context

This plugin would probably have some similarities to an OpenSearch plugin for Logstash, as proposed in the following issues.

opensearch-project/OpenSearch#1976
opensearch-project/opensearch-clients#4