Our elasticsearch _audit.json files get rolled over daily to -audit-YYYY-MM-DD.json files and appear to be kept for 8 days. For some test nodes, I'd like to reduce the number of days these are kept for disk space usage. I can't find any place in the audit options or settings that controls the retention, is there a retention days option?
This in version 7.13.2
Thanks
Hi rugenl,
Did you have a look at the log4j configuration options noted in the documentation?
Possibly the appender.rolling.strategy.action.condition.nested_condition.age option can help you.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.