diff --git a/packages/journald/0.0.3/changelog.yml b/packages/journald/0.0.3/changelog.yml
deleted file mode 100755
index d0c8e5ab93..0000000000
--- a/packages/journald/0.0.3/changelog.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-# newer versions go on top
-- version: "0.0.3"
-  changes:
-    - description: Add documentation for multi-fields
-      type: enhancement
-      link: https://github.com/elastic/integrations/pull/2916
-- version: "0.0.2"
-  changes:
-    - description: Update package description for consistency with other packages.
-      type: enhancement
-      link: https://github.com/elastic/integrations/pull/2326
-- version: "0.0.1"
-  changes:
-    - description: Initial release of generic journald input package.
-      type: enhancement
-      link: https://github.com/elastic/integrations/pull/1739
diff --git a/packages/journald/0.0.3/data_stream/log/agent/stream/journald.yml.hbs b/packages/journald/0.0.3/data_stream/log/agent/stream/journald.yml.hbs
deleted file mode 100755
index d18a743a3a..0000000000
--- a/packages/journald/0.0.3/data_stream/log/agent/stream/journald.yml.hbs
+++ /dev/null
@@ -1,29 +0,0 @@
-condition: ${host.platform} == 'linux'
-
-{{#if paths}}
-paths:
-{{#each paths as |path i|}}
-  - {{path}}
-{{/each}}
-{{/if}}
-
-{{#if include_matches}}
-include_matches:
-{{#each include_matches as |include_match i|}}
-  - '{{include_match}}'
-{{/each}}
-{{/if}}
-
-tags:
-{{#each tags as |tag i|}}
-  - {{tag}}
-{{/each}}
-
-{{#contains "forwarded" tags}}
-publisher_pipeline.disable_host: true
-{{/contains}}
-
-{{#if processors}}
-processors:
-{{processors}}
-{{/if}}
diff --git a/packages/journald/0.0.3/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/journald/0.0.3/data_stream/log/elasticsearch/ingest_pipeline/default.yml
deleted file mode 100755
index 78ce9da894..0000000000
--- a/packages/journald/0.0.3/data_stream/log/elasticsearch/ingest_pipeline/default.yml
+++ /dev/null
@@ -1,43 +0,0 @@
----
-description: Pipeline for processing journald logs.
-processors:
-  - remove:
-      field:
-        - container.id_truncated # CONTAINER_ID from journald driver.
-        - syslog.facility # Duplicated as log.syslog.facility.code.
-        - syslog.priority # Duplicated as log.syslog.priority.
-      ignore_missing: true
-
-  # Journald CODE_FILE, CODE_LINE, CODE_FUNC.
-  - rename:
-      field: journald.code.file
-      target_field: log.origin.file.name
-      ignore_missing: true
-  - rename:
-      field: journald.code.line
-      target_field: log.origin.file.line
-      ignore_missing: true
-  - rename:
-      field: journald.code.func
-      target_field: log.origin.function
-      ignore_missing: true
-
-  # Journald SYSLOG_IDENTIFIER, SYSLOG_PID.
-  - rename:
-      field: syslog.pid
-      target_field: log.syslog.pid
-      ignore_missing: true
-  - rename:
-      field: syslog.identifier
-      target_field: log.syslog.identifier
-      ignore_missing: true
-
-  # Cleanup an empty syslog object.
-  - remove:
-      if: ctx?.syslog != null && ctx.syslog instanceof Map && ctx.syslog.isEmpty()
-      field: syslog
-
-on_failure:
-- set:
-    field: error.message
-    value: '{{ _ingest.on_failure_message }}'
\ No newline at end of file
diff --git a/packages/journald/0.0.3/data_stream/log/fields/agent.yml b/packages/journald/0.0.3/data_stream/log/fields/agent.yml
deleted file mode 100755
index 051c104fae..0000000000
--- a/packages/journald/0.0.3/data_stream/log/fields/agent.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-- name: input.type
-  type: keyword
diff --git a/packages/journald/0.0.3/data_stream/log/fields/base-fields.yml b/packages/journald/0.0.3/data_stream/log/fields/base-fields.yml
deleted file mode 100755
index 7c798f4534..0000000000
--- a/packages/journald/0.0.3/data_stream/log/fields/base-fields.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-- name: data_stream.type
-  type: constant_keyword
-  description: Data stream type.
-- name: data_stream.dataset
-  type: constant_keyword
-  description: Data stream dataset.
-- name: data_stream.namespace
-  type: constant_keyword
-  description: Data stream namespace.
-- name: '@timestamp'
-  type: date
-  description: Event timestamp.
diff --git a/packages/journald/0.0.3/data_stream/log/fields/ecs.yml b/packages/journald/0.0.3/data_stream/log/fields/ecs.yml
deleted file mode 100755
index 1d41e9d2cd..0000000000
--- a/packages/journald/0.0.3/data_stream/log/fields/ecs.yml
+++ /dev/null
@@ -1,62 +0,0 @@
-- description: |-
-    ECS version this event conforms to. `ecs.version` is a required field and must exist in all events.
-    When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events.
-  name: ecs.version
-  type: keyword
-- description: |-
-    Hostname of the host.
-    It normally contains what the `hostname` command returns on the host machine.
-  name: host.hostname
-  type: keyword
-- description: |-
-    Unique host id.
-    As hostname is not always unique, use values that are meaningful in your environment.
-    Example: The current usage of `beat.name`.
-  name: host.id
-  type: keyword
-- description: |-
-    The Syslog numeric facility of the log event, if available.
-    According to RFCs 5424 and 3164, this value should be an integer between 0 and 23.
-  name: log.syslog.facility.code
-  type: long
-- description: |-
-    Syslog numeric priority of the event, if available.
-    According to RFCs 5424 and 3164, the priority is 8 * facility + severity. This number is therefore expected to contain a value between 0 and 191.
-  name: log.syslog.priority
-  type: long
-- description: |-
-    For log events the message field contains the log message, optimized for viewing in a log viewer.
-    For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event.
-    If multiple messages exist, they can be combined into one message.
-  name: message
-  type: text
-- description: |-
-    Array of process arguments, starting with the absolute path to the executable.
-    May be filtered to protect sensitive information.
-  name: process.args
-  type: keyword
-- description: |-
-    Length of the process.args array.
-    This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity.
-  name: process.args_count
-  type: long
-- description: |-
-    Full command line that started the process, including the absolute path to the executable, and all arguments.
-    Some arguments may be filtered to protect sensitive information.
-  multi_fields:
-    - name: text
-      type: text
-  name: process.command_line
-  type: keyword
-- description: Process id.
-  name: process.pid
-  type: long
-- description: List of keywords used to tag each event.
-  name: tags
-  type: keyword
-- description: Unique identifier for the group on the system/platform.
-  name: user.group.id
-  type: keyword
-- description: Unique identifier of the user.
-  name: user.id
-  type: keyword
diff --git a/packages/journald/0.0.3/data_stream/log/fields/input.yml b/packages/journald/0.0.3/data_stream/log/fields/input.yml
deleted file mode 100755
index 3604de6ab5..0000000000
--- a/packages/journald/0.0.3/data_stream/log/fields/input.yml
+++ /dev/null
@@ -1,194 +0,0 @@
-- name: container.log.tag
-  type: keyword
-  description: >
-    User defined tag of a container. Originates from the Docker journald logging driver.
-
-- name: container.partial
-  type: boolean
-  description: >
-    A field that flags log integrity when a message is split. The docker journald logging driver splits long message into multiple events.
-
-- name: journald.audit.login_uid
-  type: long
-  description: >
-    The login UID of the process the journal entry originates from, as maintained by the kernel audit subsystem.
-
-- name: journald.audit.session
-  type: keyword
-  description: >
-    The session of the process the journal entry originates from, as maintained by the kernel audit subsystem.
-
-- name: journald.code.file
-  type: keyword
-  description: >
-    The code location generating this message, if known. Contains the source filename.
-
-- name: journald.code.func
-  type: keyword
-  description: >
-    The code location generating this message, if known. Contains the function name.
-
-- name: journald.code.line
-  type: long
-  description: >
-    The code location generating this message, if known. Contains the line number.
-
-- name: journald.coredump.unit
-  type: keyword
-  description: >
-    Used to annotate messages containing coredumps from system units.
-
-- name: journald.coredump.user_unit
-  type: keyword
-  description: >
-    Used to annotate messages containing coredumps from user units.
-
-- name: journald.gid
-  type: long
-  description: >
-    The group ID of the process the journal entry originates from formatted as a decimal string. Note that entries obtained via "stdout" or "stderr" of forked processes will contain credentials valid for a parent process.
-
-- name: journald.host.boot_id
-  type: keyword
-  description: >
-    The kernel boot ID for the boot the message was generated in, formatted as a 128-bit hexadecimal string.
-
-- name: journald.kernel.device
-  type: keyword
-  description: >
-    The kernel device name. If the entry is associated to a block device, contains the major and minor numbers of the device node, separated by ":" and prefixed by "b". Similarly for character devices, but prefixed by "c". For network devices, this is the interface index prefixed by "n". For all other devices, this is the subsystem name prefixed by "+", followed by ":", followed by the kernel device name.
-
-- name: journald.kernel.device_name
-  type: keyword
-  description: >
-    The kernel device name as it shows up in the device tree below `/sys/`.
-
-- name: journald.kernel.device_node_path
-  type: keyword
-  description: >
-    The device node path of this device in `/dev/`.
-
-- name: journald.kernel.device_symlinks
-  type: keyword
-  description: >
-    Additional symlink names pointing to the device node in `/dev/`. This field is frequently set more than once per entry.
-
-- name: journald.kernel.subsystem
-  type: keyword
-  description: >
-    The kernel subsystem name.
-
-- name: journald.object.pid
-  type: long
-  description: >
-    Privileged programs (currently UID 0) may attach OBJECT_PID= to a message. This will instruct systemd-journald to attach additional `journald.object.*` on behalf of the caller. These additional fields added automatically by systemd-journald. These additional `journald.object.*` fields are the same as the equivalent `journald.*` field except that the process identified by PID is described, instead of the process which logged the message.
-
-- name: journald.object.audit.login_uid
-  type: long
-- name: journald.object.audit.session
-  type: long
-- name: journald.object.gid
-  type: long
-- name: journald.object.process.command_line
-  type: keyword
-- name: journald.object.process.executable
-  type: keyword
-- name: journald.object.process.name
-  type: keyword
-- name: journald.object.systemd.owner_uid
-  type: long
-- name: journald.object.systemd.session
-  type: keyword
-- name: journald.object.systemd.unit
-  type: keyword
-- name: journald.object.systemd.user_unit
-  type: keyword
-- name: journald.object.uid
-  type: long
-- name: journald.pid
-  type: long
-  description: >
-    The process ID of the process the journal entry originates from formatted as a decimal string. Note that entries obtained via "stdout" or "stderr" of forked processes will contain credentials valid for a parent process.
-
-- name: journald.process.capabilities
-  type: keyword
-  description: The effective capabilities(7) of the process the journal entry originates from.
-- name: journald.process.command_line
-  type: keyword
-  description: >
-    The command line of the process the journal entry originates from.
-
-- name: journald.process.executable
-  type: keyword
-  description: >
-    The executable path of the process the journal entry originates from.
-
-- name: journald.process.name
-  type: keyword
-  description: >
-    The name of the process the journal entry originates from.
-
-- name: journald.uid
-  type: long
-  description: >
-    The user ID of the process the journal entry originates from formatted as a decimal string. Note that entries obtained via "stdout" or "stderr" of forked processes will contain credentials valid for a parent process.
-
-- name: log.syslog.identifier
-  type: keyword
-  description: >
-    Identifier (usually process) contained in the syslog header.
-
-- name: log.syslog.pid
-  type: long
-  description: >
-    PID contained in the syslog header.
-
-- name: systemd.cgroup
-  type: keyword
-  description: >
-    The control group path in the systemd hierarchy.
-
-- name: systemd.invocation_id
-  type: keyword
-  description: >
-    The invocation ID for the runtime cycle of the unit the message was generated in, as available to processes of the unit in $INVOCATION_ID.
-
-- name: systemd.owner_uid
-  type: long
-  description: >
-    The owner UID of the systemd user unit or systemd session (if any) of the process the journal entry originates from.
-
-- name: systemd.session
-  type: keyword
-  description: >
-    The systemd session ID (if any).
-
-- name: systemd.slice
-  type: keyword
-  description: >
-    The systemd slice unit name.
-
-- name: systemd.transport
-  type: keyword
-  description: >
-    How the entry was received by the journal service.
-
-- name: systemd.unit
-  type: keyword
-  description: >
-    The systemd unit name.
-
-- name: systemd.user_slice
-  type: keyword
-  description: >
-    The systemd user slice name.
-
-- name: systemd.user_unit
-  type: keyword
-  description: >
-    The unit name in the systemd user manager (if any).
-
-- name: journald.custom
-  type: flattened
-  description: >-
-    Structured fields added to the log message by the caller.
diff --git a/packages/journald/0.0.3/data_stream/log/manifest.yml b/packages/journald/0.0.3/data_stream/log/manifest.yml
deleted file mode 100755
index ebe6eeaab4..0000000000
--- a/packages/journald/0.0.3/data_stream/log/manifest.yml
+++ /dev/null
@@ -1,41 +0,0 @@
-title: "Journald Log"
-type: logs
-streams:
-  - input: journald
-    title: Journald logs
-    template_path: journald.yml.hbs
-    description: Collect journald logs
-    vars:
-      - name: include_matches
-        type: text
-        title: Include Matches
-        multi: true
-        show_user: true
-        description: >
-          A list of filter expressions used to select the logs to read (e.g. `_SYSTEMD_UNIT=vault.service`). Defaults to all logs. See [include_matches](https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-input-journald.html#filebeat-input-journald-include-matches) for details.
-
-      - name: paths
-        type: text
-        title: Journal paths
-        multi: true
-        show_user: false
-        description: >
-          List of journals to read from. Defaults to the system journal.
-
-      - name: tags
-        type: text
-        title: Tags
-        multi: true
-        required: true
-        show_user: false
-        default:
-          - journald-log
-      - name: processors
-        type: yaml
-        title: Processors
-        multi: false
-        required: false
-        show_user: false
-        description: >
-          Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata.  This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
-
diff --git a/packages/journald/0.0.3/docs/README.md b/packages/journald/0.0.3/docs/README.md
deleted file mode 100755
index b114cbbb54..0000000000
--- a/packages/journald/0.0.3/docs/README.md
+++ /dev/null
@@ -1,77 +0,0 @@
-# Journald Input
-
-The journald input integration reads logs from the `journald` system service.
-The journald input reads the log data and the metadata associated with it.
-
-The journald input is available on Linux systems with `systemd` installed.
-
-**Exported fields**
-
-| Field | Description | Type |
-|---|---|---|
-| @timestamp | Event timestamp. | date |
-| container.log.tag | User defined tag of a container. Originates from the Docker journald logging driver. | keyword |
-| container.partial | A field that flags log integrity when a message is split. The docker journald logging driver splits long message into multiple events. | boolean |
-| data_stream.dataset | Data stream dataset. | constant_keyword |
-| data_stream.namespace | Data stream namespace. | constant_keyword |
-| data_stream.type | Data stream type. | constant_keyword |
-| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword |
-| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword |
-| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword |
-| input.type |  | keyword |
-| journald.audit.login_uid | The login UID of the process the journal entry originates from, as maintained by the kernel audit subsystem. | long |
-| journald.audit.session | The session of the process the journal entry originates from, as maintained by the kernel audit subsystem. | keyword |
-| journald.code.file | The code location generating this message, if known. Contains the source filename. | keyword |
-| journald.code.func | The code location generating this message, if known. Contains the function name. | keyword |
-| journald.code.line | The code location generating this message, if known. Contains the line number. | long |
-| journald.coredump.unit | Used to annotate messages containing coredumps from system units. | keyword |
-| journald.coredump.user_unit | Used to annotate messages containing coredumps from user units. | keyword |
-| journald.custom | Structured fields added to the log message by the caller. | flattened |
-| journald.gid | The group ID of the process the journal entry originates from formatted as a decimal string. Note that entries obtained via "stdout" or "stderr" of forked processes will contain credentials valid for a parent process. | long |
-| journald.host.boot_id | The kernel boot ID for the boot the message was generated in, formatted as a 128-bit hexadecimal string. | keyword |
-| journald.kernel.device | The kernel device name. If the entry is associated to a block device, contains the major and minor numbers of the device node, separated by ":" and prefixed by "b". Similarly for character devices, but prefixed by "c". For network devices, this is the interface index prefixed by "n". For all other devices, this is the subsystem name prefixed by "+", followed by ":", followed by the kernel device name. | keyword |
-| journald.kernel.device_name | The kernel device name as it shows up in the device tree below `/sys/`. | keyword |
-| journald.kernel.device_node_path | The device node path of this device in `/dev/`. | keyword |
-| journald.kernel.device_symlinks | Additional symlink names pointing to the device node in `/dev/`. This field is frequently set more than once per entry. | keyword |
-| journald.kernel.subsystem | The kernel subsystem name. | keyword |
-| journald.object.audit.login_uid |  | long |
-| journald.object.audit.session |  | long |
-| journald.object.gid |  | long |
-| journald.object.pid | Privileged programs (currently UID 0) may attach OBJECT_PID= to a message. This will instruct systemd-journald to attach additional `journald.object.\*` on behalf of the caller. These additional fields added automatically by systemd-journald. These additional `journald.object.\*` fields are the same as the equivalent `journald.\*` field except that the process identified by PID is described, instead of the process which logged the message. | long |
-| journald.object.process.command_line |  | keyword |
-| journald.object.process.executable |  | keyword |
-| journald.object.process.name |  | keyword |
-| journald.object.systemd.owner_uid |  | long |
-| journald.object.systemd.session |  | keyword |
-| journald.object.systemd.unit |  | keyword |
-| journald.object.systemd.user_unit |  | keyword |
-| journald.object.uid |  | long |
-| journald.pid | The process ID of the process the journal entry originates from formatted as a decimal string. Note that entries obtained via "stdout" or "stderr" of forked processes will contain credentials valid for a parent process. | long |
-| journald.process.capabilities | The effective capabilities(7) of the process the journal entry originates from. | keyword |
-| journald.process.command_line | The command line of the process the journal entry originates from. | keyword |
-| journald.process.executable | The executable path of the process the journal entry originates from. | keyword |
-| journald.process.name | The name of the process the journal entry originates from. | keyword |
-| journald.uid | The user ID of the process the journal entry originates from formatted as a decimal string. Note that entries obtained via "stdout" or "stderr" of forked processes will contain credentials valid for a parent process. | long |
-| log.syslog.facility.code | The Syslog numeric facility of the log event, if available. According to RFCs 5424 and 3164, this value should be an integer between 0 and 23. | long |
-| log.syslog.identifier | Identifier (usually process) contained in the syslog header. | keyword |
-| log.syslog.pid | PID contained in the syslog header. | long |
-| log.syslog.priority | Syslog numeric priority of the event, if available. According to RFCs 5424 and 3164, the priority is 8 \* facility + severity. This number is therefore expected to contain a value between 0 and 191. | long |
-| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | text |
-| process.args | Array of process arguments, starting with the absolute path to the executable. May be filtered to protect sensitive information. | keyword |
-| process.args_count | Length of the process.args array. This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. | long |
-| process.command_line | Full command line that started the process, including the absolute path to the executable, and all arguments. Some arguments may be filtered to protect sensitive information. | keyword |
-| process.command_line.text | Multi-field of `process.command_line`. | text |
-| process.pid | Process id. | long |
-| systemd.cgroup | The control group path in the systemd hierarchy. | keyword |
-| systemd.invocation_id | The invocation ID for the runtime cycle of the unit the message was generated in, as available to processes of the unit in $INVOCATION_ID. | keyword |
-| systemd.owner_uid | The owner UID of the systemd user unit or systemd session (if any) of the process the journal entry originates from. | long |
-| systemd.session | The systemd session ID (if any). | keyword |
-| systemd.slice | The systemd slice unit name. | keyword |
-| systemd.transport | How the entry was received by the journal service. | keyword |
-| systemd.unit | The systemd unit name. | keyword |
-| systemd.user_slice | The systemd user slice name. | keyword |
-| systemd.user_unit | The unit name in the systemd user manager (if any). | keyword |
-| tags | List of keywords used to tag each event. | keyword |
-| user.group.id | Unique identifier for the group on the system/platform. | keyword |
-| user.id | Unique identifier of the user. | keyword |
-
diff --git a/packages/journald/0.0.3/img/systemd-logo.svg b/packages/journald/0.0.3/img/systemd-logo.svg
deleted file mode 100755
index 24278b6978..0000000000
--- a/packages/journald/0.0.3/img/systemd-logo.svg
+++ /dev/null
@@ -1,5 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 86 26">
-    <path overflow="visible" font-weight="400" d="M0 0v26h10v-4H4V4h6V0zm76 0v4h6v18h-6v4h10V0z" style="line-height:normal;font-variant-ligatures:normal;font-variant-position:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;white-space:normal;shape-padding:0;isolation:auto;mix-blend-mode:normal;solid-color:#000;solid-opacity:1" color="#000" font-family="sans-serif" fill="#201a26"/>
-    <path d="M45 13L63 3v20z" fill="#30d475"/>
-    <circle cx="30.001" cy="13.001" r="9" fill="#30d475"/>
-</svg>
\ No newline at end of file
diff --git a/packages/journald/0.0.3/manifest.yml b/packages/journald/0.0.3/manifest.yml
deleted file mode 100755
index fe036fd26c..0000000000
--- a/packages/journald/0.0.3/manifest.yml
+++ /dev/null
@@ -1,27 +0,0 @@
-format_version: 1.0.0
-name: journald
-title: "Custom Journald logs"
-version: 0.0.3
-license: basic
-description: Collect logs from journald with Elastic Agent.
-type: integration
-categories:
-  - custom
-release: experimental
-conditions:
-  kibana.version: "^7.16.0"
-icons:
-  - src: /img/systemd-logo.svg
-    title: systemd logo
-    size: 32x32
-    type: image/svg+xml
-policy_templates:
-  - name: logs
-    title: Journald
-    description: Collect sample logs
-    inputs:
-      - type: journald
-        title: Journald logs
-        description: Collect journald logs
-owner:
-  github: elastic/integrations
diff --git a/packages/journald/0.0.4/changelog.yml b/packages/journald/0.0.4/changelog.yml
deleted file mode 100755
index 06562a356a..0000000000
--- a/packages/journald/0.0.4/changelog.yml
+++ /dev/null
@@ -1,24 +0,0 @@
-# newer versions go on top
-- version: "0.0.4"
-  changes:
-    - description: Update Kibana requirement to support 8.x.
-      type: enhancement
-      link: https://github.com/elastic/integrations/pull/4037
-    - description: Map `message_id` to ECS `event.code`.
-      type: enhancement
-      link: https://github.com/elastic/integrations/pull/4037
-- version: "0.0.3"
-  changes:
-    - description: Add documentation for multi-fields
-      type: enhancement
-      link: https://github.com/elastic/integrations/pull/2916
-- version: "0.0.2"
-  changes:
-    - description: Update package description for consistency with other packages.
-      type: enhancement
-      link: https://github.com/elastic/integrations/pull/2326
-- version: "0.0.1"
-  changes:
-    - description: Initial release of generic journald input package.
-      type: enhancement
-      link: https://github.com/elastic/integrations/pull/1739
diff --git a/packages/journald/0.0.4/data_stream/log/agent/stream/journald.yml.hbs b/packages/journald/0.0.4/data_stream/log/agent/stream/journald.yml.hbs
deleted file mode 100755
index d18a743a3a..0000000000
--- a/packages/journald/0.0.4/data_stream/log/agent/stream/journald.yml.hbs
+++ /dev/null
@@ -1,29 +0,0 @@
-condition: ${host.platform} == 'linux'
-
-{{#if paths}}
-paths:
-{{#each paths as |path i|}}
-  - {{path}}
-{{/each}}
-{{/if}}
-
-{{#if include_matches}}
-include_matches:
-{{#each include_matches as |include_match i|}}
-  - '{{include_match}}'
-{{/each}}
-{{/if}}
-
-tags:
-{{#each tags as |tag i|}}
-  - {{tag}}
-{{/each}}
-
-{{#contains "forwarded" tags}}
-publisher_pipeline.disable_host: true
-{{/contains}}
-
-{{#if processors}}
-processors:
-{{processors}}
-{{/if}}
diff --git a/packages/journald/0.0.4/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/journald/0.0.4/data_stream/log/elasticsearch/ingest_pipeline/default.yml
deleted file mode 100755
index 96217b5c87..0000000000
--- a/packages/journald/0.0.4/data_stream/log/elasticsearch/ingest_pipeline/default.yml
+++ /dev/null
@@ -1,48 +0,0 @@
----
-description: Pipeline for processing journald logs.
-processors:
-  - remove:
-      field:
-        - container.id_truncated # CONTAINER_ID from journald driver.
-        - syslog.facility # Duplicated as log.syslog.facility.code.
-        - syslog.priority # Duplicated as log.syslog.priority.
-      ignore_missing: true
-
-  # Journald CODE_FILE, CODE_LINE, CODE_FUNC.
-  - rename:
-      field: journald.code.file
-      target_field: log.origin.file.name
-      ignore_missing: true
-  - rename:
-      field: journald.code.line
-      target_field: log.origin.file.line
-      ignore_missing: true
-  - rename:
-      field: journald.code.func
-      target_field: log.origin.function
-      ignore_missing: true
-
-  # Journald SYSLOG_IDENTIFIER, SYSLOG_PID.
-  - rename:
-      field: syslog.pid
-      target_field: log.syslog.pid
-      ignore_missing: true
-  - rename:
-      field: syslog.identifier
-      target_field: log.syslog.identifier
-      ignore_missing: true
-
-  - rename:
-      field: message_id
-      target_field: event.code
-      ignore_missing: true
-
-  # Cleanup an empty syslog object.
-  - remove:
-      if: ctx?.syslog != null && ctx.syslog instanceof Map && ctx.syslog.isEmpty()
-      field: syslog
-
-on_failure:
-- set:
-    field: error.message
-    value: '{{ _ingest.on_failure_message }}'
\ No newline at end of file
diff --git a/packages/journald/0.0.4/data_stream/log/fields/agent.yml b/packages/journald/0.0.4/data_stream/log/fields/agent.yml
deleted file mode 100755
index 051c104fae..0000000000
--- a/packages/journald/0.0.4/data_stream/log/fields/agent.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-- name: input.type
-  type: keyword
diff --git a/packages/journald/0.0.4/data_stream/log/fields/base-fields.yml b/packages/journald/0.0.4/data_stream/log/fields/base-fields.yml
deleted file mode 100755
index 7c798f4534..0000000000
--- a/packages/journald/0.0.4/data_stream/log/fields/base-fields.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-- name: data_stream.type
-  type: constant_keyword
-  description: Data stream type.
-- name: data_stream.dataset
-  type: constant_keyword
-  description: Data stream dataset.
-- name: data_stream.namespace
-  type: constant_keyword
-  description: Data stream namespace.
-- name: '@timestamp'
-  type: date
-  description: Event timestamp.
diff --git a/packages/journald/0.0.4/data_stream/log/fields/ecs.yml b/packages/journald/0.0.4/data_stream/log/fields/ecs.yml
deleted file mode 100755
index 89114b7f23..0000000000
--- a/packages/journald/0.0.4/data_stream/log/fields/ecs.yml
+++ /dev/null
@@ -1,67 +0,0 @@
-- description: |-
-    ECS version this event conforms to. `ecs.version` is a required field and must exist in all events.
-    When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events.
-  name: ecs.version
-  type: keyword
-- description: |-
-    Identification code for this event, if one exists.
-    Some event sources use event codes to identify messages unambiguously, regardless of message language or wording adjustments over time. An example of this is the Windows Event ID.
-  name: event.code
-  type: keyword
-- description: |-
-    Hostname of the host.
-    It normally contains what the `hostname` command returns on the host machine.
-  name: host.hostname
-  type: keyword
-- description: |-
-    Unique host id.
-    As hostname is not always unique, use values that are meaningful in your environment.
-    Example: The current usage of `beat.name`.
-  name: host.id
-  type: keyword
-- description: |-
-    The Syslog numeric facility of the log event, if available.
-    According to RFCs 5424 and 3164, this value should be an integer between 0 and 23.
-  name: log.syslog.facility.code
-  type: long
-- description: |-
-    Syslog numeric priority of the event, if available.
-    According to RFCs 5424 and 3164, the priority is 8 * facility + severity. This number is therefore expected to contain a value between 0 and 191.
-  name: log.syslog.priority
-  type: long
-- description: |-
-    For log events the message field contains the log message, optimized for viewing in a log viewer.
-    For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event.
-    If multiple messages exist, they can be combined into one message.
-  name: message
-  type: match_only_text
-- description: |-
-    Array of process arguments, starting with the absolute path to the executable.
-    May be filtered to protect sensitive information.
-  name: process.args
-  type: keyword
-- description: |-
-    Length of the process.args array.
-    This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity.
-  name: process.args_count
-  type: long
-- description: |-
-    Full command line that started the process, including the absolute path to the executable, and all arguments.
-    Some arguments may be filtered to protect sensitive information.
-  multi_fields:
-    - name: text
-      type: match_only_text
-  name: process.command_line
-  type: wildcard
-- description: Process id.
-  name: process.pid
-  type: long
-- description: List of keywords used to tag each event.
-  name: tags
-  type: keyword
-- description: Unique identifier for the group on the system/platform.
-  name: user.group.id
-  type: keyword
-- description: Unique identifier of the user.
-  name: user.id
-  type: keyword
diff --git a/packages/journald/0.0.4/data_stream/log/fields/input.yml b/packages/journald/0.0.4/data_stream/log/fields/input.yml
deleted file mode 100755
index 3604de6ab5..0000000000
--- a/packages/journald/0.0.4/data_stream/log/fields/input.yml
+++ /dev/null
@@ -1,194 +0,0 @@
-- name: container.log.tag
-  type: keyword
-  description: >
-    User defined tag of a container. Originates from the Docker journald logging driver.
-
-- name: container.partial
-  type: boolean
-  description: >
-    A field that flags log integrity when a message is split. The docker journald logging driver splits long message into multiple events.
-
-- name: journald.audit.login_uid
-  type: long
-  description: >
-    The login UID of the process the journal entry originates from, as maintained by the kernel audit subsystem.
-
-- name: journald.audit.session
-  type: keyword
-  description: >
-    The session of the process the journal entry originates from, as maintained by the kernel audit subsystem.
-
-- name: journald.code.file
-  type: keyword
-  description: >
-    The code location generating this message, if known. Contains the source filename.
-
-- name: journald.code.func
-  type: keyword
-  description: >
-    The code location generating this message, if known. Contains the function name.
-
-- name: journald.code.line
-  type: long
-  description: >
-    The code location generating this message, if known. Contains the line number.
-
-- name: journald.coredump.unit
-  type: keyword
-  description: >
-    Used to annotate messages containing coredumps from system units.
-
-- name: journald.coredump.user_unit
-  type: keyword
-  description: >
-    Used to annotate messages containing coredumps from user units.
-
-- name: journald.gid
-  type: long
-  description: >
-    The group ID of the process the journal entry originates from formatted as a decimal string. Note that entries obtained via "stdout" or "stderr" of forked processes will contain credentials valid for a parent process.
-
-- name: journald.host.boot_id
-  type: keyword
-  description: >
-    The kernel boot ID for the boot the message was generated in, formatted as a 128-bit hexadecimal string.
-
-- name: journald.kernel.device
-  type: keyword
-  description: >
-    The kernel device name. If the entry is associated to a block device, contains the major and minor numbers of the device node, separated by ":" and prefixed by "b". Similarly for character devices, but prefixed by "c". For network devices, this is the interface index prefixed by "n". For all other devices, this is the subsystem name prefixed by "+", followed by ":", followed by the kernel device name.
-
-- name: journald.kernel.device_name
-  type: keyword
-  description: >
-    The kernel device name as it shows up in the device tree below `/sys/`.
-
-- name: journald.kernel.device_node_path
-  type: keyword
-  description: >
-    The device node path of this device in `/dev/`.
-
-- name: journald.kernel.device_symlinks
-  type: keyword
-  description: >
-    Additional symlink names pointing to the device node in `/dev/`. This field is frequently set more than once per entry.
-
-- name: journald.kernel.subsystem
-  type: keyword
-  description: >
-    The kernel subsystem name.
-
-- name: journald.object.pid
-  type: long
-  description: >
-    Privileged programs (currently UID 0) may attach OBJECT_PID= to a message. This will instruct systemd-journald to attach additional `journald.object.*` on behalf of the caller. These additional fields added automatically by systemd-journald. These additional `journald.object.*` fields are the same as the equivalent `journald.*` field except that the process identified by PID is described, instead of the process which logged the message.
-
-- name: journald.object.audit.login_uid
-  type: long
-- name: journald.object.audit.session
-  type: long
-- name: journald.object.gid
-  type: long
-- name: journald.object.process.command_line
-  type: keyword
-- name: journald.object.process.executable
-  type: keyword
-- name: journald.object.process.name
-  type: keyword
-- name: journald.object.systemd.owner_uid
-  type: long
-- name: journald.object.systemd.session
-  type: keyword
-- name: journald.object.systemd.unit
-  type: keyword
-- name: journald.object.systemd.user_unit
-  type: keyword
-- name: journald.object.uid
-  type: long
-- name: journald.pid
-  type: long
-  description: >
-    The process ID of the process the journal entry originates from formatted as a decimal string. Note that entries obtained via "stdout" or "stderr" of forked processes will contain credentials valid for a parent process.
-
-- name: journald.process.capabilities
-  type: keyword
-  description: The effective capabilities(7) of the process the journal entry originates from.
-- name: journald.process.command_line
-  type: keyword
-  description: >
-    The command line of the process the journal entry originates from.
-
-- name: journald.process.executable
-  type: keyword
-  description: >
-    The executable path of the process the journal entry originates from.
-
-- name: journald.process.name
-  type: keyword
-  description: >
-    The name of the process the journal entry originates from.
-
-- name: journald.uid
-  type: long
-  description: >
-    The user ID of the process the journal entry originates from formatted as a decimal string. Note that entries obtained via "stdout" or "stderr" of forked processes will contain credentials valid for a parent process.
-
-- name: log.syslog.identifier
-  type: keyword
-  description: >
-    Identifier (usually process) contained in the syslog header.
-
-- name: log.syslog.pid
-  type: long
-  description: >
-    PID contained in the syslog header.
-
-- name: systemd.cgroup
-  type: keyword
-  description: >
-    The control group path in the systemd hierarchy.
-
-- name: systemd.invocation_id
-  type: keyword
-  description: >
-    The invocation ID for the runtime cycle of the unit the message was generated in, as available to processes of the unit in $INVOCATION_ID.
-
-- name: systemd.owner_uid
-  type: long
-  description: >
-    The owner UID of the systemd user unit or systemd session (if any) of the process the journal entry originates from.
-
-- name: systemd.session
-  type: keyword
-  description: >
-    The systemd session ID (if any).
-
-- name: systemd.slice
-  type: keyword
-  description: >
-    The systemd slice unit name.
-
-- name: systemd.transport
-  type: keyword
-  description: >
-    How the entry was received by the journal service.
-
-- name: systemd.unit
-  type: keyword
-  description: >
-    The systemd unit name.
-
-- name: systemd.user_slice
-  type: keyword
-  description: >
-    The systemd user slice name.
-
-- name: systemd.user_unit
-  type: keyword
-  description: >
-    The unit name in the systemd user manager (if any).
-
-- name: journald.custom
-  type: flattened
-  description: >-
-    Structured fields added to the log message by the caller.
diff --git a/packages/journald/0.0.4/data_stream/log/manifest.yml b/packages/journald/0.0.4/data_stream/log/manifest.yml
deleted file mode 100755
index ebe6eeaab4..0000000000
--- a/packages/journald/0.0.4/data_stream/log/manifest.yml
+++ /dev/null
@@ -1,41 +0,0 @@
-title: "Journald Log"
-type: logs
-streams:
-  - input: journald
-    title: Journald logs
-    template_path: journald.yml.hbs
-    description: Collect journald logs
-    vars:
-      - name: include_matches
-        type: text
-        title: Include Matches
-        multi: true
-        show_user: true
-        description: >
-          A list of filter expressions used to select the logs to read (e.g. `_SYSTEMD_UNIT=vault.service`). Defaults to all logs. See [include_matches](https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-input-journald.html#filebeat-input-journald-include-matches) for details.
-
-      - name: paths
-        type: text
-        title: Journal paths
-        multi: true
-        show_user: false
-        description: >
-          List of journals to read from. Defaults to the system journal.
-
-      - name: tags
-        type: text
-        title: Tags
-        multi: true
-        required: true
-        show_user: false
-        default:
-          - journald-log
-      - name: processors
-        type: yaml
-        title: Processors
-        multi: false
-        required: false
-        show_user: false
-        description: >
-          Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata.  This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
-
diff --git a/packages/journald/0.0.4/data_stream/log/sample_event.json b/packages/journald/0.0.4/data_stream/log/sample_event.json
deleted file mode 100755
index 94a2da2a42..0000000000
--- a/packages/journald/0.0.4/data_stream/log/sample_event.json
+++ /dev/null
@@ -1,102 +0,0 @@
-{
-    "@timestamp": "2020-07-22T13:17:10.012Z",
-    "agent": {
-        "ephemeral_id": "27e2a00a-dab2-4790-8d45-29ad272d0392",
-        "id": "bef8099b-68f6-4621-8089-2229b35a669d",
-        "name": "docker-fleet-agent",
-        "type": "filebeat",
-        "version": "8.3.2"
-    },
-    "data_stream": {
-        "dataset": "journald.log",
-        "namespace": "ep",
-        "type": "logs"
-    },
-    "ecs": {
-        "version": "8.0.0"
-    },
-    "elastic_agent": {
-        "id": "bef8099b-68f6-4621-8089-2229b35a669d",
-        "snapshot": false,
-        "version": "8.3.2"
-    },
-    "event": {
-        "agent_id_status": "verified",
-        "code": "ec387f577b844b8fa948f33cad9a75e6",
-        "created": "2022-08-18T18:14:11.588Z",
-        "dataset": "journald.log",
-        "ingested": "2022-08-18T18:14:15Z",
-        "kind": "event"
-    },
-    "host": {
-        "hostname": "sleipnir",
-        "id": "505afdafda3b4f33a63749ae39284742"
-    },
-    "input": {
-        "type": "journald"
-    },
-    "journald": {
-        "custom": {
-            "available": "0",
-            "available_pretty": "0B",
-            "current_use": "1023455232",
-            "current_use_pretty": "976.0M",
-            "disk_available": "6866636800",
-            "disk_available_pretty": "6.3G",
-            "disk_keep_free": "1466253312",
-            "disk_keep_free_pretty": "1.3G",
-            "journal_name": "System journal",
-            "journal_path": "/var/log/journal/505afdafda3b4f33a63749ae39284742",
-            "limit": "977502208",
-            "limit_pretty": "932.2M",
-            "max_use": "977502208",
-            "max_use_pretty": "932.2M"
-        },
-        "gid": 0,
-        "host": {
-            "boot_id": "fa3c2e3080dc4cd5be5cb5a43e140d51"
-        },
-        "pid": 19317,
-        "process": {
-            "capabilities": "25402800cf",
-            "command_line": "/lib/systemd/systemd-journald",
-            "executable": "/lib/systemd/systemd-journald",
-            "name": "systemd-journal"
-        },
-        "uid": 0
-    },
-    "log": {
-        "syslog": {
-            "facility": {
-                "code": 3
-            },
-            "identifier": "systemd-journald",
-            "priority": 6
-        }
-    },
-    "message": "System journal (/var/log/journal/505afdafda3b4f33a63749ae39284742) is 976.0M, max 932.2M, 0B free.",
-    "process": {
-        "args": [
-            "/lib/systemd/systemd-journald"
-        ],
-        "args_count": 1,
-        "command_line": "/lib/systemd/systemd-journald",
-        "pid": 19317
-    },
-    "systemd": {
-        "cgroup": "/system.slice/systemd-journald.service",
-        "invocation_id": "7c11cda63635437bafe21c92851618a8",
-        "slice": "system.slice",
-        "transport": "driver",
-        "unit": "systemd-journald.service"
-    },
-    "tags": [
-        "forwarded"
-    ],
-    "user": {
-        "group": {
-            "id": "0"
-        },
-        "id": "0"
-    }
-}
\ No newline at end of file
diff --git a/packages/journald/0.0.4/docs/README.md b/packages/journald/0.0.4/docs/README.md
deleted file mode 100755
index 1073efbd7f..0000000000
--- a/packages/journald/0.0.4/docs/README.md
+++ /dev/null
@@ -1,184 +0,0 @@
-# Journald Input
-
-The journald input integration reads logs from the `journald` system service.
-The journald input reads the log data and the metadata associated with it.
-
-The journald input is available on Linux systems with `systemd` installed.
-
-An example event for `log` looks as following:
-
-```json
-{
-    "@timestamp": "2020-07-22T13:17:10.012Z",
-    "agent": {
-        "ephemeral_id": "27e2a00a-dab2-4790-8d45-29ad272d0392",
-        "id": "bef8099b-68f6-4621-8089-2229b35a669d",
-        "name": "docker-fleet-agent",
-        "type": "filebeat",
-        "version": "8.3.2"
-    },
-    "data_stream": {
-        "dataset": "journald.log",
-        "namespace": "ep",
-        "type": "logs"
-    },
-    "ecs": {
-        "version": "8.0.0"
-    },
-    "elastic_agent": {
-        "id": "bef8099b-68f6-4621-8089-2229b35a669d",
-        "snapshot": false,
-        "version": "8.3.2"
-    },
-    "event": {
-        "agent_id_status": "verified",
-        "code": "ec387f577b844b8fa948f33cad9a75e6",
-        "created": "2022-08-18T18:14:11.588Z",
-        "dataset": "journald.log",
-        "ingested": "2022-08-18T18:14:15Z",
-        "kind": "event"
-    },
-    "host": {
-        "hostname": "sleipnir",
-        "id": "505afdafda3b4f33a63749ae39284742"
-    },
-    "input": {
-        "type": "journald"
-    },
-    "journald": {
-        "custom": {
-            "available": "0",
-            "available_pretty": "0B",
-            "current_use": "1023455232",
-            "current_use_pretty": "976.0M",
-            "disk_available": "6866636800",
-            "disk_available_pretty": "6.3G",
-            "disk_keep_free": "1466253312",
-            "disk_keep_free_pretty": "1.3G",
-            "journal_name": "System journal",
-            "journal_path": "/var/log/journal/505afdafda3b4f33a63749ae39284742",
-            "limit": "977502208",
-            "limit_pretty": "932.2M",
-            "max_use": "977502208",
-            "max_use_pretty": "932.2M"
-        },
-        "gid": 0,
-        "host": {
-            "boot_id": "fa3c2e3080dc4cd5be5cb5a43e140d51"
-        },
-        "pid": 19317,
-        "process": {
-            "capabilities": "25402800cf",
-            "command_line": "/lib/systemd/systemd-journald",
-            "executable": "/lib/systemd/systemd-journald",
-            "name": "systemd-journal"
-        },
-        "uid": 0
-    },
-    "log": {
-        "syslog": {
-            "facility": {
-                "code": 3
-            },
-            "identifier": "systemd-journald",
-            "priority": 6
-        }
-    },
-    "message": "System journal (/var/log/journal/505afdafda3b4f33a63749ae39284742) is 976.0M, max 932.2M, 0B free.",
-    "process": {
-        "args": [
-            "/lib/systemd/systemd-journald"
-        ],
-        "args_count": 1,
-        "command_line": "/lib/systemd/systemd-journald",
-        "pid": 19317
-    },
-    "systemd": {
-        "cgroup": "/system.slice/systemd-journald.service",
-        "invocation_id": "7c11cda63635437bafe21c92851618a8",
-        "slice": "system.slice",
-        "transport": "driver",
-        "unit": "systemd-journald.service"
-    },
-    "tags": [
-        "forwarded"
-    ],
-    "user": {
-        "group": {
-            "id": "0"
-        },
-        "id": "0"
-    }
-}
-```
-
-**Exported fields**
-
-| Field | Description | Type |
-|---|---|---|
-| @timestamp | Event timestamp. | date |
-| container.log.tag | User defined tag of a container. Originates from the Docker journald logging driver. | keyword |
-| container.partial | A field that flags log integrity when a message is split. The docker journald logging driver splits long message into multiple events. | boolean |
-| data_stream.dataset | Data stream dataset. | constant_keyword |
-| data_stream.namespace | Data stream namespace. | constant_keyword |
-| data_stream.type | Data stream type. | constant_keyword |
-| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword |
-| event.code | Identification code for this event, if one exists. Some event sources use event codes to identify messages unambiguously, regardless of message language or wording adjustments over time. An example of this is the Windows Event ID. | keyword |
-| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword |
-| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword |
-| input.type |  | keyword |
-| journald.audit.login_uid | The login UID of the process the journal entry originates from, as maintained by the kernel audit subsystem. | long |
-| journald.audit.session | The session of the process the journal entry originates from, as maintained by the kernel audit subsystem. | keyword |
-| journald.code.file | The code location generating this message, if known. Contains the source filename. | keyword |
-| journald.code.func | The code location generating this message, if known. Contains the function name. | keyword |
-| journald.code.line | The code location generating this message, if known. Contains the line number. | long |
-| journald.coredump.unit | Used to annotate messages containing coredumps from system units. | keyword |
-| journald.coredump.user_unit | Used to annotate messages containing coredumps from user units. | keyword |
-| journald.custom | Structured fields added to the log message by the caller. | flattened |
-| journald.gid | The group ID of the process the journal entry originates from formatted as a decimal string. Note that entries obtained via "stdout" or "stderr" of forked processes will contain credentials valid for a parent process. | long |
-| journald.host.boot_id | The kernel boot ID for the boot the message was generated in, formatted as a 128-bit hexadecimal string. | keyword |
-| journald.kernel.device | The kernel device name. If the entry is associated to a block device, contains the major and minor numbers of the device node, separated by ":" and prefixed by "b". Similarly for character devices, but prefixed by "c". For network devices, this is the interface index prefixed by "n". For all other devices, this is the subsystem name prefixed by "+", followed by ":", followed by the kernel device name. | keyword |
-| journald.kernel.device_name | The kernel device name as it shows up in the device tree below `/sys/`. | keyword |
-| journald.kernel.device_node_path | The device node path of this device in `/dev/`. | keyword |
-| journald.kernel.device_symlinks | Additional symlink names pointing to the device node in `/dev/`. This field is frequently set more than once per entry. | keyword |
-| journald.kernel.subsystem | The kernel subsystem name. | keyword |
-| journald.object.audit.login_uid |  | long |
-| journald.object.audit.session |  | long |
-| journald.object.gid |  | long |
-| journald.object.pid | Privileged programs (currently UID 0) may attach OBJECT_PID= to a message. This will instruct systemd-journald to attach additional `journald.object.\*` on behalf of the caller. These additional fields added automatically by systemd-journald. These additional `journald.object.\*` fields are the same as the equivalent `journald.\*` field except that the process identified by PID is described, instead of the process which logged the message. | long |
-| journald.object.process.command_line |  | keyword |
-| journald.object.process.executable |  | keyword |
-| journald.object.process.name |  | keyword |
-| journald.object.systemd.owner_uid |  | long |
-| journald.object.systemd.session |  | keyword |
-| journald.object.systemd.unit |  | keyword |
-| journald.object.systemd.user_unit |  | keyword |
-| journald.object.uid |  | long |
-| journald.pid | The process ID of the process the journal entry originates from formatted as a decimal string. Note that entries obtained via "stdout" or "stderr" of forked processes will contain credentials valid for a parent process. | long |
-| journald.process.capabilities | The effective capabilities(7) of the process the journal entry originates from. | keyword |
-| journald.process.command_line | The command line of the process the journal entry originates from. | keyword |
-| journald.process.executable | The executable path of the process the journal entry originates from. | keyword |
-| journald.process.name | The name of the process the journal entry originates from. | keyword |
-| journald.uid | The user ID of the process the journal entry originates from formatted as a decimal string. Note that entries obtained via "stdout" or "stderr" of forked processes will contain credentials valid for a parent process. | long |
-| log.syslog.facility.code | The Syslog numeric facility of the log event, if available. According to RFCs 5424 and 3164, this value should be an integer between 0 and 23. | long |
-| log.syslog.identifier | Identifier (usually process) contained in the syslog header. | keyword |
-| log.syslog.pid | PID contained in the syslog header. | long |
-| log.syslog.priority | Syslog numeric priority of the event, if available. According to RFCs 5424 and 3164, the priority is 8 \* facility + severity. This number is therefore expected to contain a value between 0 and 191. | long |
-| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text |
-| process.args | Array of process arguments, starting with the absolute path to the executable. May be filtered to protect sensitive information. | keyword |
-| process.args_count | Length of the process.args array. This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. | long |
-| process.command_line | Full command line that started the process, including the absolute path to the executable, and all arguments. Some arguments may be filtered to protect sensitive information. | wildcard |
-| process.command_line.text | Multi-field of `process.command_line`. | match_only_text |
-| process.pid | Process id. | long |
-| systemd.cgroup | The control group path in the systemd hierarchy. | keyword |
-| systemd.invocation_id | The invocation ID for the runtime cycle of the unit the message was generated in, as available to processes of the unit in $INVOCATION_ID. | keyword |
-| systemd.owner_uid | The owner UID of the systemd user unit or systemd session (if any) of the process the journal entry originates from. | long |
-| systemd.session | The systemd session ID (if any). | keyword |
-| systemd.slice | The systemd slice unit name. | keyword |
-| systemd.transport | How the entry was received by the journal service. | keyword |
-| systemd.unit | The systemd unit name. | keyword |
-| systemd.user_slice | The systemd user slice name. | keyword |
-| systemd.user_unit | The unit name in the systemd user manager (if any). | keyword |
-| tags | List of keywords used to tag each event. | keyword |
-| user.group.id | Unique identifier for the group on the system/platform. | keyword |
-| user.id | Unique identifier of the user. | keyword |
diff --git a/packages/journald/0.0.4/img/systemd-logo.svg b/packages/journald/0.0.4/img/systemd-logo.svg
deleted file mode 100755
index 24278b6978..0000000000
--- a/packages/journald/0.0.4/img/systemd-logo.svg
+++ /dev/null
@@ -1,5 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 86 26">
-    <path overflow="visible" font-weight="400" d="M0 0v26h10v-4H4V4h6V0zm76 0v4h6v18h-6v4h10V0z" style="line-height:normal;font-variant-ligatures:normal;font-variant-position:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;white-space:normal;shape-padding:0;isolation:auto;mix-blend-mode:normal;solid-color:#000;solid-opacity:1" color="#000" font-family="sans-serif" fill="#201a26"/>
-    <path d="M45 13L63 3v20z" fill="#30d475"/>
-    <circle cx="30.001" cy="13.001" r="9" fill="#30d475"/>
-</svg>
\ No newline at end of file
diff --git a/packages/journald/0.0.4/manifest.yml b/packages/journald/0.0.4/manifest.yml
deleted file mode 100755
index 2766d7b43b..0000000000
--- a/packages/journald/0.0.4/manifest.yml
+++ /dev/null
@@ -1,27 +0,0 @@
-format_version: 1.0.0
-name: journald
-title: "Custom Journald logs"
-version: 0.0.4
-license: basic
-description: Collect logs from journald with Elastic Agent.
-type: integration
-categories:
-  - custom
-release: experimental
-conditions:
-  kibana.version: "^7.17.0 || ^8.1.0"
-icons:
-  - src: /img/systemd-logo.svg
-    title: systemd logo
-    size: 32x32
-    type: image/svg+xml
-policy_templates:
-  - name: logs
-    title: Journald
-    description: Collect sample logs
-    inputs:
-      - type: journald
-        title: Journald logs
-        description: Collect journald logs
-owner:
-  github: elastic/elastic-agent-data-plane