We've been using winlogbeat 1.3 for months now and have wanted to be able to pre-process the data shipped by event and trim the fields sent. Seems like the new features in the Beta 5 would offer this. I am getting an error in my yml file (yaml: control characters are not allowed) - i have used yamllint to verify it's okay.
I wonder how strict the parser is and whether a more descriptive error could be provided.
First, i see variations in the formatting of processors in documentation - i have tried several permeations: online there are 2 spaces before the - for drop_fields and then 2 more spaces before the fields. In the example yml files (winlogbeat.full.yml) there is no apparent space before the - before the drop_fields.
Another inconsistency I am unsure matters is sometimes the field names are quoted (winlogbeat.full.yml) and sometimes they are not (filtering-and-enhancing-data.html).