ES version 7.6.1
I notice that there are some problematic queries in my cluster, but i have no idea where they come from.
I'd wonder if I can find the source IP/hostname of a query?
Thanks
If you have a gold/plat license, you can activate the audit log.
Otherwise, you probably need to add something like a reverse proxy (nginx or so) and read the logs?
I'm not sure that "slow logs" actually displays the source URL but just the slow query itself.