Removing fields not available in 7.6

elastic · Apr 2, 2020 · 6ee222a · 6ee222a
1 parent 704667b
commit 6ee222a
Showing 1 changed file with 1 addition and 8 deletions.
diff --git a/filebeat/module/elasticsearch/audit/test/test-audit-761.log-expected.json b/filebeat/module/elasticsearch/audit/test/test-audit-761.log-expected.json
@@ -23,24 +23,17 @@
         ],
         "elasticsearch.node.id": "vvj136QVQ2Ci2aXmrhyi3Q",
         "event.action": "access_granted",
-        "event.category": "database",
         "event.dataset": "elasticsearch.audit",
-        "event.kind": "event",
         "event.module": "elasticsearch",
-        "event.outcome": "success",
         "event.timezone": "-02:00",
         "fileset.name": "audit",
-        "host.id": "vvj136QVQ2Ci2aXmrhyi3Q",
         "input.type": "log",
         "log.offset": 0,
         "message": "{\"@timestamp\":\"2020-04-01T11:21:06,725+0200\", \"node.id\":\"vvj136QVQ2Ci2aXmrhyi3Q\", \"event.type\":\"transport\", \"event.action\":\"access_granted\", \"user.name\":\"logstash_manager\", \"user.realm\":\"native1\", \"user.roles\":[\"logstash_admin\",\"cluster_monitor\"], \"origin.type\":\"rest\", \"origin.address\":\"10.54.25.111:52148\", \"request.id\":\"rLBMfPM2Q9q-DQEB_g30ww\", \"action\":\"indices:data/read/mget[shard]\", \"request.name\":\"MultiGetShardRequest\", \"indices\":[\".logstash\",\".logstash\",\".logstash\",\".logstash\",\".logstash\",\".logstash\",\".logstash\",\".logstash\"]}",
-        "related.user": [
-            "logstash_manager"
-        ],
         "service.type": "elasticsearch",
         "source.address": "10.54.25.111:52148",
         "source.ip": "10.54.25.111",
         "source.port": 52148,
         "user.name": "logstash_manager"
     }
-]
+]