I have three indexes: ta-logs-info, ta-logs-error, and ta-logs-trace, all using the same mapping. I’ve also created four different index patterns:
ta-logs-infota-logs-errorta-logs-traceta-logs*(covering all three indexes)
When searching logs under the ta-logs* index pattern, it retrieves messages from ta-logs-info, ta-logs-error, and ta-logs-trace. However, fields like host.hostname and log.level appear as multi-fields, while other fields do not.
In contrast, when using the ta-logs-info index pattern, host.hostname and log.level do not appear as multi-fields.
Can someone explain why this happens?
