diff --git a/config/processors/syslog_audit_linux_rsyslog.conf b/config/processors/syslog_audit_linux_rsyslog.conf
index 45866979..23fcd27f 100644
--- a/config/processors/syslog_audit_linux_rsyslog.conf
+++ b/config/processors/syslog_audit_linux_rsyslog.conf
@@ -9,6 +9,7 @@ filter {
   mutate {
     add_field => { "[event][module]" => "linux" }
     add_field => { "[event][dataset]" => "linux.rsyslog" }
+    remove_field => [ "host" ]
   }
   mutate {
     replace => {