I believe that my issue is related to Elasticsearch itself, so I will post my question here. If this is more appropriate for another topic, I will move it.
I have a Kafka process that I am monitoring and I am not able to search for it using Kibana DSL. Specific value is in system.process.cmdline field.
I am using following query to search for all Java processes on specific machine (in last 15 minutes):
system.process.name: java AND beat.hostname: ip-xx-xx-xx-xx.ec2.internal AND system.process.cmdline: /.*java.*/, however, this query never returns the document with the Kafka process.
Complete string is more than 4096 characters long, and I have adjusted the mapping in metric beat as the process was never visible in ES (Kibana).
If I am usinthe g following query, document is never returned:
system.process.name: java AND beat.hostname: ip-xx-xx-xx-xx.ec2.internal AND system.process.cmdline: /.*kafka.Kafka.*/.
Complete process cmdline is pasted here.
How can I query for this process? Is it possible that process is not indexed? Or my wildcard query is wrong?