diff --git a/x-pack/auditbeat/processors/sessionmd/add_session_metadata.go b/x-pack/auditbeat/processors/sessionmd/add_session_metadata.go
index a4646b6b6685..699db4a49af0 100644
--- a/x-pack/auditbeat/processors/sessionmd/add_session_metadata.go
+++ b/x-pack/auditbeat/processors/sessionmd/add_session_metadata.go
@@ -166,7 +166,7 @@ func (p *addSessionMetadata) enrich(ev *beat.Event) (*beat.Event, error) {
 		proc, err := p.provider.GetProcess(pid)
 		if err != nil {
 			e := fmt.Errorf("pid %v not found in db: %w", pid, err)
-			p.logger.Warnw("PID not found in provider", "pid", pid, "error", err)
+			p.logger.Debugw("PID not found in provider", "pid", pid, "error", err)
 			return nil, e
 		}
 		fullProcess = *proc
@@ -174,7 +174,7 @@ func (p *addSessionMetadata) enrich(ev *beat.Event) (*beat.Event, error) {
 		fullProcess, err = p.db.GetProcess(pid)
 		if err != nil {
 			e := fmt.Errorf("pid %v not found in db: %w", pid, err)
-			p.logger.Warnw("PID not found in provider", "pid", pid, "error", err)
+			p.logger.Debugw("PID not found in provider", "pid", pid, "error", err)
 			return nil, e
 		}
 	}
diff --git a/x-pack/auditbeat/processors/sessionmd/processdb/db.go b/x-pack/auditbeat/processors/sessionmd/processdb/db.go
index e18c247a8590..1f97f7d0fd58 100644
--- a/x-pack/auditbeat/processors/sessionmd/processdb/db.go
+++ b/x-pack/auditbeat/processors/sessionmd/processdb/db.go
@@ -421,7 +421,7 @@ func (db *DB) InsertExit(exit types.ProcessExitEvent) {
 	pid := exit.PIDs.Tgid
 	process, ok := db.processes[pid]
 	if !ok {
-		db.logger.Errorf("could not insert exit, pid %v not found in db", pid)
+		db.logger.Debugf("could not insert exit, pid %v not found in db", pid)
 		return
 	}
 	process.ExitCode = exit.ExitCode
diff --git a/x-pack/auditbeat/processors/sessionmd/procfs/procfs.go b/x-pack/auditbeat/processors/sessionmd/procfs/procfs.go
index b76dfdfdb485..992e24858363 100644
--- a/x-pack/auditbeat/processors/sessionmd/procfs/procfs.go
+++ b/x-pack/auditbeat/processors/sessionmd/procfs/procfs.go
@@ -196,7 +196,7 @@ func (r ProcfsReader) GetAllProcesses() ([]ProcessInfo, error) {
 	for _, proc := range procs {
 		process_info, err := r.getProcessInfo(proc)
 		if err != nil {
-			r.logger.Warnf("failed to read process info for %v", proc.PID)
+			r.logger.Debugf("failed to read process info for %v", proc.PID)
 		}
 		ret = append(ret, process_info)
 	}
diff --git a/x-pack/auditbeat/processors/sessionmd/provider/kerneltracingprovider/kerneltracingprovider_linux.go b/x-pack/auditbeat/processors/sessionmd/provider/kerneltracingprovider/kerneltracingprovider_linux.go
index 506d840b5efa..d3ec4ba7bd3d 100644
--- a/x-pack/auditbeat/processors/sessionmd/provider/kerneltracingprovider/kerneltracingprovider_linux.go
+++ b/x-pack/auditbeat/processors/sessionmd/provider/kerneltracingprovider/kerneltracingprovider_linux.go
@@ -211,7 +211,7 @@ func (p *prvdr) Sync(_ *beat.Event, pid uint32) error {
 func (p *prvdr) handleBackoff(now time.Time) {
 	if p.inBackoff {
 		if now.Sub(p.backoffStart) > backoffDuration {
-			p.logger.Warnw("ended backoff, skipped processes", "backoffSkipped", p.backoffSkipped)
+			p.logger.Infow("ended backoff, skipped processes", "backoffSkipped", p.backoffSkipped)
 			p.inBackoff = false
 			p.combinedWait = 0 * time.Millisecond
 		} else {
@@ -220,7 +220,7 @@ func (p *prvdr) handleBackoff(now time.Time) {
 		}
 	} else {
 		if p.combinedWait > combinedWaitLimit {
-			p.logger.Warn("starting backoff")
+			p.logger.Info("starting backoff")
 			p.inBackoff = true
 			p.backoffStart = now
 			p.backoffSkipped = 0
diff --git a/x-pack/auditbeat/processors/sessionmd/provider/procfsprovider/procfsprovider.go b/x-pack/auditbeat/processors/sessionmd/provider/procfsprovider/procfsprovider.go
index e29e70a0549b..34c3166f26fa 100644
--- a/x-pack/auditbeat/processors/sessionmd/provider/procfsprovider/procfsprovider.go
+++ b/x-pack/auditbeat/processors/sessionmd/provider/procfsprovider/procfsprovider.go
@@ -68,7 +68,7 @@ func (p prvdr) Sync(ev *beat.Event, pid uint32) error {
 			pe.Env = procInfo.Env
 			pe.Filename = procInfo.Filename
 		} else {
-			p.logger.Warnw("couldn't get process info from proc for pid", "pid", pid, "error", err)
+			p.logger.Debugw("couldn't get process info from proc for pid", "pid", pid, "error", err)
 			// If process info couldn't be taken from procfs, populate with as much info as
 			// possible from the event
 			pe.PIDs.Tgid = pid