Why filebeat provided dashboard filtered out error log on map

Please refer to the link for the problem history. since the title does not fit the questions in the end after I have digged further in the problem, maybe it is better to rephrase.

I got filebeat to feed apache access and error log to elasticsearch. It is awesome and the filebeat provided dashboard is great as well.
However, when I filtered and show only data from the error log, the map will become empty. After some investigation, it is found that the Visualize request has a filter to query "access" log only and that is why the map is empty when I looked for the error log.
The filter looks like this:

"bool": {
            "should": [
                "match": {
                  "event.dataset": "apache.access"

But I cannot find any filters configured in the Visualize. So:

  1. how can I remove the filter from the Visualize?
  2. why on earth Elasticsearch set filter on this (I am using the provided dashboard)? should we also care about where those clients are located though the requests were denied?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.