From 538297bfa7623f18e111ac1e28e713b3daeb4de5 Mon Sep 17 00:00:00 2001
From: Peter Burkholder <peter.burkholder@gsa.gov>
Date: Tue, 10 Dec 2024 13:54:58 -0500
Subject: [PATCH] Update _kbarticles/2024-12-10-using-opensearch-dashboards.md

Co-authored-by: Mark Boyd <markdavidboyd@gmail.com>
Signed-off-by: Peter Burkholder <pburkholder@pobox.com>
---
 _kbarticles/2024-12-10-using-opensearch-dashboards.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/_kbarticles/2024-12-10-using-opensearch-dashboards.md b/_kbarticles/2024-12-10-using-opensearch-dashboards.md
index 6099022ec..830c7dfd7 100644
--- a/_kbarticles/2024-12-10-using-opensearch-dashboards.md
+++ b/_kbarticles/2024-12-10-using-opensearch-dashboards.md
@@ -26,9 +26,10 @@ Cloudfoundry has 3 fields that can be very helpful to filter down what app logs
 @cf.space - The space in a organization.
 @cf.app - The app in a space.
 
-For further query
-@message - the app specific message attached to the log
-@raw - the entire log, useful when looking for cloudfoundry specific values, when looking for app use @message
+Other fields that may be useful for querying:
+
+`@message` - the app specific message attached to the log. This field supports full-text searching, so you can do a search of `@message: "foo"` to find all logs where `@message` contains `foo`. 
+`@raw` - the raw message received by OpenSearch before parsing into other fields. This field also supports full-text searching
 
 ## How to visualize application traffic