- Winlogbeat Reference: other versions:
- Overview
- Getting Started With Winlogbeat
- Setting up and running Winlogbeat
- Upgrading Winlogbeat
- Configuring Winlogbeat
- Set up Winlogbeat
- Specify general settings
- Configure the internal queue
- Configure the output
- Specify SSL settings
- Filter and Enhance the exported data
- Parse data by using ingest node
- Set up project paths
- Set up the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- YAML tips and gotchas
- HTTP Endpoint
- winlogbeat.reference.yml
- Exported fields
- Monitoring Winlogbeat
- Securing Winlogbeat
- Troubleshooting
- Contributing to Beats
IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Drop fields from events
edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.
Drop fields from events
editThe drop_fields processor specifies which fields to drop if a certain
condition is fulfilled. The condition is optional. If it’s missing, the
specified fields are always dropped. The @timestamp and type fields cannot
be dropped, even if they show up in the drop_fields list.
processors: - drop_fields: when: condition fields: ["field1", "field2", ...]
See Conditions for a list of supported conditions.
If you define an empty list of fields under drop_fields, then no fields
are dropped.
Was this helpful?
Thank you for your feedback.