Hello,
I’m trying to optimize database space on my Graylog installation, and I have created some pipeline rules to remove fields and part of messages that I don’t need. When I run a search, I see the fields gl2_remote_ip, gl2_remote_port, gl2_source_input, gl2_source_input and gl2_source_node, but those fields are not part of the message. I create a pipeline to remove the gl2 fields, but they are still there on search, but not on the message. My questions are: These gl2 fields are stored on elasticsearch? If yes, there is a way to not store, or remove them? They are mandatory, like timestamp, source and message?
I searched documentation and forums and did not find much information about these fields. Thanks in advance.