Is there a way to show the field _ignored in graylog?

Hi all, we added to the ignore_malformed to index template, and its working has intended, since when doing the query “exists:_ignored” returns results. The problem is that this field “_ignored” it’s not visible in graylog. Is there a way to show this field in graylog?

Enviroment: Docker (Linux)
Version: Graylog 4.2.5

1 Like

Hello && Welcome @TheKahuna

I was looking here to find out how ignore_malformed works.

What I understand is _ignored field is searchable with term, terms and exists queries, and is returned as part of the search hits.
Have you tired expanding your search query time?

OR

Perhaps using ALL or all including reserved fields. These are links so you just need to click them

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.