System Integration Filters


For the System integration for elastic-agent, I was curious if we could filter by log level, or eliminate various Event ID's that we may not want to collect due to noise. Collection of all informational logs at scale is just too much.

By default, does it collect every informational message for Application and Security logs, or are there any types of paths or specific Event ID's that it does not parse?

In beats, we could specify the informational level and also use a processor for event ID's to drop, but I am not seeing that in the options for the built in System integration.


Hello @bm11100 !

The integration might need to be adjusted accordingly so as to include these options too, so thnak you for reporting this. @MarianaD do you think we can add such options to the package?

@bm11100 , @ChrsMark , looks like those filters did not make it on the integrations side, @bm11100 , can you create an issue in the integrations github repo ( elastic/integrations: Elastic Integrations ( , it would be great to have those filters back in.

Opened this issue - [Feature] System Integration Filters · Issue #1632 · elastic/integrations (

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.