This behavior seems fairly new with a recent kibana or other update - when looking at the expanded document for an item in the discover list I see lots of empty fields.
Apparently these are “date_time” fields that kibana adds to the “docvalue_fields” parameter to queries:
"docvalue_fields": [
{
"field": "@timestamp",
"format": "date_time"
},
{
"field": "aws.cloudtrail.user_identity.session_context.creation_date",
"format": "date_time"
},
{
"field": "azure.auditlogs.properties.activity_datetime",
"format": "date_time"
},
There is some discussion of this here: Kibana using docvalue_fields for no apparent reason
But I’m not sure why these fields are being displayed in the results.