I create an index with data comming from a Database (network events) and data from UDP port (syslogs events), this logs have different numbers of fields and diferent names, but four in common (same name): timestamp, message, hostname and type.
so when I go to Kibana discover I only get listed the data from one source( syslogs events)
when I select those common fields, on both sources, to be displayed in Discover only syslog events are displayed
only when I filter the data to get the network events I can se them.
in logstash pipelines.yml I have both sources separated, pointing to the same index
any ideas on what is going on here? why discover can not display both sources?