ELK 7.1 - search filter - incomplete search

Elastic Stack Logstash
1

Hello,
I have problem and I don't understand that.
I send logs with filebeat to logstash, it looks like this

image
image.png940×79 7.89 KB

When I want to search something ex. a word error, I get something like below,

image
image.png943×293 21 KB

rest default fields I cut out,
below there are fields except message - which is default - created by me in grok filter

image
image.png890×198 15.8 KB

In field

m19-custom	[GW4665p uPGEDf70 OPOM_PWD - error #50073]

there is word error but it is not mark. It looks like search don't work on fields created by me. On default fields search works normally.

fields created in grok filter
(%{TIMESTAMP_ISO8601:m01-date-time})?,
(%{GREEDYDATA:m06-source-context})?,
(%{NUMBER:m10-internal-id})?,
(%{GREEDYDATA:m12-id})?,
(%{NUMBER:m16-count})?,
(%{GREEDYDATA:m19-custom})?,

What and where should I do to fix search in all fields?

2

Nobody knows why my custom fields created in logstash are not searchable?
In Index Patterns it looks like this

image
image.png779×100 4.14 KB

rest fields are the same.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.