Update cloudtrail.md (#5292)

* Update cloudtrail.md

* Update cloudtrail.md

* Update cloudtrail.md

Author: JV0812

docs/integrations/amazon-aws/cloudtrail.md

@@ -83,14 +83,13 @@ Once you begin uploading data, your daily data usage will increase. It's a good
 ### Field Extraction Template
 
 ```sql
-| parse "\"sourceIPAddress\":\"*\"" as source_ipaddress
-| parse "\"eventName\":\"*\"" as event_name
-| parse "\"eventSource\":\"*\"" as event_source
-| parse "\"awsRegion\":\"*\"" as aws_Region
-| parse "\"userName\":\"*\"" as user
+| parse "\"sourceIPAddress\":\"*\"" as source_ipaddress nodrop
+| parse "\"eventName\":\"*\"" as event_name nodrop
+| parse "\"eventSource\":\"*\"" as event_source nodrop
+| parse "\"awsRegion\":\"*\"" as aws_Region nodrop
+| parse "\"userName\":\"*\"" as user nodrop
 ```
 
-
 ### Enable Sumo Logic to track AWS Admin Activity
 
 To track Admin activity in your AWS account, and to provide data for all Administrator Activity panels in the User Monitoring Dashboard, you'll need to inform Sumo Logic for the Admin AWS account. You can do this by uploading a CSV file via HTTP Source.
@@ -309,4 +308,4 @@ See information about S3 public objects and buckets, including counts of new pub
 ## Additional resources
 
 * Blog: [What is AWS CloudTrail?](https://www.sumologic.com/blog/what-is-aws-cloudtrail/)
-* App description: [Logs for Security app for AWS CloudTrail](https://www.sumologic.com/application/aws-cloudtrail/)
+* App description: [Logs for Security app for AWS CloudTrail](https://www.sumologic.com/application/aws-cloudtrail/)