Hi There,
I am importing logs with winlogbeat 7.3.0. All works fine 
However, some of the events I am collecting contains sometimes an explanation inside a message, e.g., 4679
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4769
which I do not need (is redundant and always the same for all the events of the same class) and occupy space in the shards.
I am wondering if it is possible to delete the explanation from "This event" to the end of the line through a processor, or if it is better to deal with the problem from the EventViewer itself.
Let me know if the question is off topic.
Thank you,
Mirko