diff --git a/app/Http/Controllers/Api/AssetsController.php b/app/Http/Controllers/Api/AssetsController.php
index 160f4a120a20..1a7e80e313f3 100644
--- a/app/Http/Controllers/Api/AssetsController.php
+++ b/app/Http/Controllers/Api/AssetsController.php
@@ -117,15 +117,21 @@ public function index(Request $request, $action = null, $upcoming_status = null)
             'jobtitle',
         ];
 
+        $all_custom_fields = CustomField::all(); //used as a 'cache' of custom fields throughout this page load
+        foreach ($all_custom_fields as $field) {
+            // custom fields are prefixed with "custom_fields.".
+            // We'll add them to the allowed columns so they can be searched.
+            $allowed_columns[] = 'custom_fields.' . $field->db_column_name();
+        }
+
         $filter = [];
 
         if ($request->filled('filter')) {
             $filter = json_decode($request->input('filter'), true);
-        }
 
-        $all_custom_fields = CustomField::all(); //used as a 'cache' of custom fields throughout this page load
-        foreach ($all_custom_fields as $field) {
-            $allowed_columns[] = $field->db_column_name();
+            $filter = array_filter($filter, function ($key) use ($allowed_columns) {
+                return in_array($key, $allowed_columns);
+            }, ARRAY_FILTER_USE_KEY);
         }
 
         $assets = Asset::select('assets.*')