From 17b698c9006b1bc389739fde9b110f4f22c2f47c Mon Sep 17 00:00:00 2001
From: MehmedSalihbasic <mehmed_salihbasic@cargill.com>
Date: Fri, 2 Aug 2024 15:53:38 -0500
Subject: [PATCH] trying to fix event.dataset missing field

---
 config/processors/syslog_security_skyhigh.swg.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/processors/syslog_security_skyhigh.swg.conf b/config/processors/syslog_security_skyhigh.swg.conf
index b0b70df8..c89e4d12 100644
--- a/config/processors/syslog_security_skyhigh.swg.conf
+++ b/config/processors/syslog_security_skyhigh.swg.conf
@@ -9,7 +9,7 @@ input {
 }
 filter {
   mutate {
-    remove_field => [ "host","event" ]
+
     add_field => { "[event][module]" => "skyhigh" }
     add_field => { "[event][dataset]" => "skyhigh.swg" }
     copy => { "message" => "[event][original]" }