Merge pull request #529 from Cargill/rsyslog_ecs

Added remove host to rsyslog incase ecs is not configured correctly
Cargill · Aug 21, 2024 · 2a6f414 · 2a6f414
2 parents 4b57382 + 1972340
commit 2a6f414
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/config/processors/syslog_audit_linux_rsyslog.conf b/config/processors/syslog_audit_linux_rsyslog.conf
@@ -9,6 +9,7 @@ filter {
   mutate {
     add_field => { "[event][module]" => "linux" }
     add_field => { "[event][dataset]" => "linux.rsyslog" }
+    remove_field => [ "host" ]
   }
   mutate {
     replace => {