You can define processors in your configuration to process events before they are sent to the configured output. The libbeat library provides processors for:
- reducing the number of exported fields
- enhancing events with additional metadata
- performing additional processing and decoding
Each processor receives an event, applies a defined action to the event, and returns the event. If you define a list of processors, they are executed in the order they are defined in the Auditbeat configuration file.
event -> processor 1 -> event1 -> processor 2 -> event2 ...
Intro to Kibana
ELK for Logs & Metrics