If I search index=nessus sourcetype="nessus:scan" all the (interesting) fields that I am in search of (i.e. plugin_id, host-ip, risk_factor, severity) display in the fields side bar.
Same if I search index=nessus sourcetype="nessus:plugin", (id, solution, synopsis, cve, description) they all show in the fields side bar.
If I search index=nessus sourcetype="nessus:*" - none of the interesting fields display that displayed in #1 above.
I believe something is wrong with the "nessus:scan" data...
... View more