I'm looking to re-index the .siem-signals-default index into an index called alerts and have created a pipeline to remove fields from the .siem-signals-default index.
It looks similar to below -
However, it doesn't actually remove the fields. If I uncheck ignore missing I see the error -
"reason": "[params] is not an integer, cannot be used as an index as part of path [signal.rule.actions.params.message]"
Basically I want to drop every field that begins with the word signal, Events, and kibana. Any ideas?