enterprise-search running as a service - which means that I have changed ownership of its logs to the
enterprise-search user (otherwise it crashes on startup)
For some reason however, it doesn't show any query statistics, API logs or click-throughs. If I stop the service and start it manually as sudo, then all is fine so I'm guessing this is some sort of permission issue.
Which user should the logs belong to?