diff --git a/etc/opensearch/pipelines.json b/etc/opensearch/pipelines.json
index 9060c22..380674b 100644
--- a/etc/opensearch/pipelines.json
+++ b/etc/opensearch/pipelines.json
@@ -590,6 +590,38 @@
       }
     ]
   },
+  "filebeat_opengnsys_pipeline" : {
+    "description": "Parsea message y extrae JSON interno de data",
+    "processors": [
+      {
+        "set": {
+          "field": "message_raw",
+          "value": "{{message}}"
+        }
+      },
+      {
+        "json": {
+          "field": "message",
+          "target_field": "message_decoded",
+          "ignore_failure": true
+        }
+      },
+      {
+        "grok": {
+          "field": "message_decoded.message",
+          "patterns": ["data: %{GREEDYDATA:data_json}"],
+          "ignore_failure": true
+        }
+      },
+      {
+        "json": {
+          "field": "data_json",
+          "target_field": "data_decoded",
+          "ignore_failure": true
+        }
+      }
+    ]
+  },
   "copy-message-pipeline" : {
     "description" : "Pipeline que copia el campo message a message_raw",
     "processors" : [