Removing event.message but log.message cannot be searched #8
Description
Hello,
Since event.message and log.message are pretty much a duplicate of the logs, I decided to drop event.message since we have a cleaner log.message - this allows to save space as some logs are quite long.
But when I search using "query strings" in Kibana, it doesn't search log.message at all. It does search event.message when it's there as well as other fields such as log.process.
I don't know why Kibana refuses to search log.message when using "query strings" (just typing a word or sentence with double-quotes in the KQL box), can you help?
Thanks!