I've recently migrated our deployments for EDOT to use the Open-Telemetry operator to bring them in line with the guidelines from Elastic.
Something that seems to be missing from this is parsing of structured logs (in this case ndjson).
I added in a ingest pipeline (logs@custom) that parses the message (or should that be body.text, this is called by the default logs pipeline (logs@default-pipeline) .
I could see that the messages were being parse as expected, however I wasn't able to search in kibana using them. For example if the there was a keyword field of http_path then I use a KQL of http_path : /api/* I would get no results found, even though I can see this field in the documents.
Am I doing anything incorrect here?