diff --git a/config/processors/syslog_security_skyhigh.swg.conf b/config/processors/syslog_security_skyhigh.swg.conf
index b0b70df8..c89e4d12 100644
--- a/config/processors/syslog_security_skyhigh.swg.conf
+++ b/config/processors/syslog_security_skyhigh.swg.conf
@@ -9,7 +9,7 @@ input {
 }
 filter {
   mutate {
-    remove_field => [ "host","event" ]
+
     add_field => { "[event][module]" => "skyhigh" }
     add_field => { "[event][dataset]" => "skyhigh.swg" }
     copy => { "message" => "[event][original]" }