Drop eventsedit

The drop_event processor drops the entire event if the associated condition is fulfilled. The condition is mandatory, because without one, all the events are dropped.

Exampleedit

  - drop_event:
      when:
        condition

See Conditions for a list of supported conditions.

Elastic Agent processors execute before ingest pipelines, which means that they process the raw event data rather than the final event sent to Elasticsearch. For related limitations, refer to What are some limitations of using processors?