diff --git a/HarfangLab/harfanglab/_meta/fields.yml b/HarfangLab/harfanglab/_meta/fields.yml
index 1ad5ffb1e..d9fcdaa24 100644
--- a/HarfangLab/harfanglab/_meta/fields.yml
+++ b/HarfangLab/harfanglab/_meta/fields.yml
@@ -998,11 +998,6 @@ harfanglab.grandparent.process.ancestors:
   name: harfanglab.grandparent.process.ancestors
   type: keyword
 
-harfanglab.grandparent.process.command_line:
-  description: Command line that started the grandparent process
-  name: harfanglab.grandparent.process.command_line
-  type: keyword
-
 harfanglab.grandparent.process.executable:
   description: Absolute path to the grandparent process executable
   name: harfanglab.grandparent.process.executable
diff --git a/HarfangLab/harfanglab/ingest/parser.yml b/HarfangLab/harfanglab/ingest/parser.yml
index 2b8fb9c96..9a07a2fe4 100644
--- a/HarfangLab/harfanglab/ingest/parser.yml
+++ b/HarfangLab/harfanglab/ingest/parser.yml
@@ -207,7 +207,6 @@ stages:
           process.working_directory: "{{json_event.message.current_directory}}"
           process.pe.imphash: "{{json_event.message.pe_imphash}}"
           harfanglab.grandparent.process.executable: "{{json_event.message.grandparent_image}}"
-          harfanglab.grandparent.process.command_line: "{{json_event.message.parent_commandline}}"
           harfanglab.grandparent.process.ancestors: "{{json_event.message.ancestors.split('|')}}"
 
           user.name: >
diff --git a/HarfangLab/harfanglab/tests/process-event.json b/HarfangLab/harfanglab/tests/process-event.json
index 9f1f078f3..3428ebe94 100644
--- a/HarfangLab/harfanglab/tests/process-event.json
+++ b/HarfangLab/harfanglab/tests/process-event.json
@@ -28,7 +28,6 @@
     "harfanglab": {
       "grandparent": {
         "process": {
-          "command_line": "C:\\ProgramData\\CentraStage\\AEMAgent\\AEMAge.exe",
           "executable": "C:\\Program Files (x86)\\Centra\\CagServ.exe"
         }
       },
diff --git a/HarfangLab/harfanglab/tests/process.json b/HarfangLab/harfanglab/tests/process.json
index 024f674a3..0f1dd018c 100644
--- a/HarfangLab/harfanglab/tests/process.json
+++ b/HarfangLab/harfanglab/tests/process.json
@@ -25,13 +25,6 @@
         "sha256": "100af46c952e58105dbc51eb92510f6990377a3ffc57e82074a8bfb64c56c529"
       }
     },
-    "harfanglab": {
-      "grandparent": {
-        "process": {
-          "command_line": "E:\\Program Files\\Microsoft\\Exchange Server\\V15\\Bin\\Microsoft.Exchange.Diagnostics.Service.exe"
-        }
-      }
-    },
     "host": {
       "domain": "NIVURA",
       "hostname": "EXCHANGE",
diff --git a/HarfangLab/harfanglab/tests/process3.json b/HarfangLab/harfanglab/tests/process3.json
index 3e464ccab..94dc5cd95 100644
--- a/HarfangLab/harfanglab/tests/process3.json
+++ b/HarfangLab/harfanglab/tests/process3.json
@@ -25,13 +25,6 @@
         "sha256": "b5c78bef3883e3099f7ef844da1446db29107e5c0223b97f29e7fafab5527f15"
       }
     },
-    "harfanglab": {
-      "grandparent": {
-        "process": {
-          "command_line": "C:\\Windows\\system32\\svchost.exe -k DcomLaunch -p"
-        }
-      }
-    },
     "host": {
       "domain": "WORKGROUP",
       "hostname": "REDACTED",
diff --git a/HarfangLab/harfanglab/tests/process4.json b/HarfangLab/harfanglab/tests/process4.json
index 3f32333c2..81c856502 100644
--- a/HarfangLab/harfanglab/tests/process4.json
+++ b/HarfangLab/harfanglab/tests/process4.json
@@ -34,7 +34,6 @@
             "C:\\Windows\\test2.exe",
             "C:\\Windows\\test3.exe"
           ],
-          "command_line": "test.exe -p -e test_script.py | find test",
           "executable": "C:\\Windows\\grandparent_image.exe"
         }
       },