The amount of logs inserted in opensearch are too large

aws-samples / siem-on-amazon-opensearch-service

A solution for collecting, correlating and visualizing multiple types of logs to help investigate security incidents.

MIT No Attribution

558 stars 185 forks source link

The amount of logs inserted in opensearch are too large #452

Open ripperi8u opened 2 months ago

ripperi8u commented 2 months ago

As stated in the title,the processed logs in opensearch are too large. For example,there are many fields in the cloudtrail logs,such as "@message",it is raw log context.And what if i delete the "@message" field, will it be OK?

nakajiak commented 1 month ago

That is good feedback. Would it be useful if there was an option to delete specific fields such as @message?

ripperi8u commented 1 month ago

That is good feedback. Would it be useful if there was an option to delete specific fields such as @message?

Yes, i think it will be good to configure it in user.ini