When using KQL expressions such as
*keyword*, no results are displayed if the text field contains an slash ('/') and the "keyword" is located afterwards the slash. For example with the following text field value:
Process '848' hidden from /proc. Possible kernel level rootkit.
With the query
*hidden* it works, but with
*rootkit* no results are displayed .
Is that the intended behaviour?