Hello.
I have an ELK stack hosted on elastic cloud. I have multiple different customers who regularly log in to view their respected dashboards.
I would like to collect logs showing successful and unsuccessful login attempts.
I used the API to see which setting i have enabled, and the only one concerning xpack was: xpack.monitoring.collection.enabled: true
So my question is, what concrete steps should i take to log and collect the events mentioned above?
Especially what settings should i change, and where?
I know how to use the APIs and that i can modify elasticsearch.yml and Kibana.yml in the edit section of the cloud management dashboard, i just don't understand what exactly i'm supposed to do.
However i now have another problem: Editing and then saving the elasticsearch.yml in the cloud dashboard returns xpack.security.audit.enabled is not allowed.
This happens for every other setting as well. Normally i would just edit the files manually, but because this is a cloud hosted version i cannot do that. Any ideas why i'm not allowed to change the settings?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.