Hello everyone, I am using filebeat checkpoint module and want to reduce the log size of the logs, cutting fields like destination.geo.city.name.
My /etc/filebeat/filebeat.yml contains:
- drop_fields:
when:
equals:
event.module: "checkpoint"
fields: ["destination.geo.city.name"]
The same syntax is working fine for other filebeat modules such as imperva.
drop_event is also working fine but drop_fields is not dropping anything at all.
Tried as well as with fields: ["destination.geo.city.name.keyword"] but failed as well
Any ideas?