Check where a query comes from

ES version 7.6.1

I notice that there are some problematic queries in my cluster, but i have no idea where they come from.

I'd wonder if I can find the source IP/hostname of a query?


If you have a gold/plat license, you can activate the audit log.

Otherwise, you probably need to add something like a reverse proxy (nginx or so) and read the logs?

I'm not sure that "slow logs" actually displays the source URL but just the slow query itself.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.