Hello folks 
I have an ELK 6.5 server Debian 9 server (Bitnami build for Google Cloud Environment) to which I have to send my PostgreSQL 9.5 server (Debian 9) logs using Filebeat.
I chose to send data directly to Elasticsearch but I have a strange issue.
In the DB server, where Filebeat resides, I edited fields.yml and removed all groups but host, beats and postgres.
I also set filebeat to overwrite templates.
After starting filebeat if I connect with Kibana to ES server and create an index template, I see the one I created, but it has 670 fields(!!!) instead of the about 40 that I configured in fields.yml
I tried also using drop_fields processor, but it didn't work (I get a strange error about having an invalid character (sorry for not having kept the actual message), that I actually did not have, also checked with hexdump, that prevents the daemon to start)
Am I missing something?
Thanks in advance
Moreno.-