From 1972340c9b568cbfdcca1b6c08d7a9c3e4a9499d Mon Sep 17 00:00:00 2001
From: Brian Grabau <brian_grabau@cargill.com>
Date: Wed, 21 Aug 2024 12:48:37 -0500
Subject: [PATCH] Added remove host to rsyslog incase ecs is not configured
 correctly

---
 config/processors/syslog_audit_linux_rsyslog.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/processors/syslog_audit_linux_rsyslog.conf b/config/processors/syslog_audit_linux_rsyslog.conf
index 45866979..23fcd27f 100644
--- a/config/processors/syslog_audit_linux_rsyslog.conf
+++ b/config/processors/syslog_audit_linux_rsyslog.conf
@@ -9,6 +9,7 @@ filter {
   mutate {
     add_field => { "[event][module]" => "linux" }
     add_field => { "[event][dataset]" => "linux.rsyslog" }
+    remove_field => [ "host" ]
   }
   mutate {
     replace => {