Unable to search all fields for IP address

I'm trying to search for an IP (example query on search page:, and the results indicate 0. If I put *.ip: it works fine (I get results with desintation and source IPs).

My concern and question is, shouldn't kibana be searching all fields if I don't specify one? I'm running the latest cluster 7.4.2, filebeat w/ suricata module for ingesting these logs.

Update: I checked other indices and they appear to work very well, catching all instances of the lone IP address. Not sure why filebeat index is not.

Hi @JSkier,

In the query bar, do you have KQL or Lucene selected as your query language?


I've tried both, single and double qoutes as well. No results found.

