xpack.security.audit.outputs
Specifies where audit logs are output. For example: [ index, logfile ] . The default value is logfile , which puts the auditing events in a dedicated file named <clustername>_audit.log on each node. You can also specify index , which puts the auditing events in an Elasticsearch index that is prefixed with .security_audit_log . The index can reside on the same cluster or a separate cluster.
what does index mean here? A collection of documents?