We are trying to anonymize some data by dropping some identifying data using the drop_fields feature of winlogbeat 5. As I write this post, i think i am understanding the problem - does anyone have a suggestion? We wanted to drop the SubjectUserName and TargetUserName but i gather this is not parsed by the beat as it is packaged in a single field
we could drop the field on the server but would rather not see this data on our server.
Thoughts for how to remove fields within event_data? We can not index it on the server side, but looking for a client-side solution.