diff --git a/config/processors/syslog_audit_cisco.router.conf b/config/processors/syslog_audit_cisco.router.conf
index 7ec7d3b8..f1df9ae3 100644
--- a/config/processors/syslog_audit_cisco.router.conf
+++ b/config/processors/syslog_audit_cisco.router.conf
@@ -101,7 +101,7 @@ filter {
     tag_on_failure => "_dateparsefailure_ei"
   }
   mutate {
-    remove_field => [ "[tmp]", "[log][syslog]", "[observer][egress]", "[observer][ingress]" ]
+    remove_field => [ "[tmp]", "[log][syslog]", "[observer]" ]
   }
 }
 output {