Hi, i'm trying to drop an event from being sent to my elastic cluster.
On the Windows integration i have added a processor under the Windows Powershell channel and the Microsoft-Windows-Powershell/Operational channel.
The processor:
- drop_event:
when:
equals:
source: "powershell.exe -Executionpolicy Bypass -File C:\\Script\\somescript.ps1"
fields: ["process.command_line"]
But the in the agent logs i get the following error:
Elastic Agent status changed to "error": "app filebeat--8.4.1-a53645b8: 1 error occurred:\n\t* 2 errors: Error creating runner from config: unexpected fields option in processors.2.drop_event;
I guess i have something wrong in my processor, can someone point me in the right directions? Thanks.