Hi, i enabled Audit on all my elasticsearch.yml :
xpack.security.audit.enabled: true
I have already enabled https and transport inside my cluster.
I don't know why my _audit.json file is empty . The owner - group to the file is elasticsearch:elasticsearch
Help thanks 
Audit logging is a Gold and above license feature - https://www.elastic.co/subscriptions
What license level do you have?
Platinum license
You can reach out to your support engineer then, they will be able to help you.
eemh, i'm the engineer, i tried several ways but the file is not populated, i don't know how to fix
Mark meant the elastic support.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.