Correct way to remove unnecessary fields from filebeat

sfenman · July 1, 2020, 8:53am

Hello,

I send different types of logs from filebeat directly to ES and I have noticed in kibana discover tab that my some logs have empty fields which they are used by other log entries. For example, my production log entries have fields like :

    aws.cloudtrail.user_identity.session_context.creation_date  
    cef.extensions.fileCreateTime

which as I can understand are,module fields, but I never activated those modules.
Can you suggest me the correct way to drop them, or to disable from being generated?

sfenman · July 23, 2020, 7:19am

Update on this: Filebeat puts those module fields in all of my log files even from different filebeat agents installed in different instances. All those fields are empty though.

system · August 20, 2020, 9:19am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.