Audit log rolling file retention question

Our elasticsearch _audit.json files get rolled over daily to -audit-YYYY-MM-DD.json files and appear to be kept for 8 days. For some test nodes, I'd like to reduce the number of days these are kept for disk space usage. I can't find any place in the audit options or settings that controls the retention, is there a retention days option?

This in version 7.13.2


Hi rugenl,

Did you have a look at the log4j configuration options noted in the documentation?

Possibly the appender.rolling.strategy.action.condition.nested_condition.age option can help you.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.