It depends on how they are indexed. If there is a "message" field indexed as text for example, you should be able to simply do message: "Health check took" in the KQL bar.
It depends on how they are indexed. If there is a "message" field indexed as text for example, you should be able to simply do message: "Health check took" in the KQL bar.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.