Create a filter for sending App labels to Elasticsearch

The Kubernetes metadata_filter plugin is having issues with the way certain labels are ingested.

The index is being created to accept app labels like app.kubernetes.io/instance=logging-loki; and is rejecting labels like app=neuvector-controller-pod (Example error below)

elasticsearch {"@timestamp":"2025-05-27T18:06:10.402Z", "log.level": "INFO", "message":"Error while
parsing document for index [logstash-2025.05.27]: [1:629] object mapping for kubernetes.labels.app[]
tried to parse field [app] as object, but found a concrete value"

As a temporary solution, we've added the skip_pod_labels true configuration to the plugin filter, this will need to removed or made false prior to starting the ticket.

• Elasticsearch able to index all app label types