I am ingesting logs from Windows Domain Controllers (example full_message), which are quite lengthy. I am using extractors to pull out the fields that I need, how can I remove or nullify the full_message field safely without effecting the extractors?
I am starting to think that these long messages could be the cause of the performance issues in my previous post
You can drop the field in the pipeline as long as you make sure your pipeline processor comes after the message filter chain under system/configurations.
