Elasticsearch version: 7.17.22
Kibana version: 7.17.22
Filebeat version: 7.17.7
Hello all, we're using Filebeat to ingest the Microsoft System Center Endpoint protection logs so we can monitor and alert on malware / virus detections etc.
An example is shown below if I run message:* in Kibana:
However if I try to query for an individual word e.g. message:tanium then nothing is returned - the only time I can get anything back from the message: field is if I do a wildcard query or search for an individual letter e.g. message:t
Can anyone help?
Thanks.