I upload some logs into elastic via filebeat, but there is some other information added to my original logs like the host name ,os kernel and other information about host..., and the main message become unformatted, i want to delete all the field that are unnecessary and only keep my original message in the initial form.
I have tried to delete add_host_metadata from filebeat.yml but the problem still persist.
I'm working with elk on windows.
You could use the include_fields processor enter link description here or what you could do is use the drop_fields for the fields you don’t need. Filebeat will sometimes add in fields such as host, or log, which can be dropped. There are some That can’t be dropped though.