Details related to the index

SukeshGupta · August 20, 2019, 9:50am

Hi,

I have created many users and i want details regarding which user has updated/created the index.
How to find out all the actions performed on the index by the user ?

We need to any changes in elastic yml file ?

Requesting anyone to please help me on this. Thanks!

dadoonet · August 20, 2019, 10:18am

You can use https://www.elastic.co/guide/en/elasticsearch/reference/current/auditing-settings.html. I think it requires a trial or gold license (commercial).

SukeshGupta · August 20, 2019, 11:03am

Thanks for your reply @dadoonet.

I am using trial version and i have already enabled that in my yml file. But it will show only related to these things - access_denied, access_granted, anonymous_access_denied, authentication_failed, connection_denied, tampered_request, run_as_denied, run_as_granted.

The logs will be like below :

{"@timestamp":"2019-08-19T09:53:10,029", "node.id":"wnSs8X2oRmmmd0LMaj3HBA", "event.type":"rest", "event.action":"anonymous_access_denied", "origin.type":"rest", "origin.address":"127.0.0.1:54520", "url.path":"/", "request.method":"GET", "request.id":"21aOudd2RC-3cTyTelPKQA"}

But it will not show which user has updated/created index, at what the index has been updated. All these things it will not show.

Can you please tell me is there any other way. Thanks!

SukeshGupta · August 22, 2019, 4:51am

Hi,

Can anyone please provide the solution for this topic.
Thanks!

dadoonet · August 22, 2019, 8:33am

I don't really know but I guess you can see some messages like:

{ ..., "url.path":"/foo", "request.method":"PUT"}
{ ..., "url.path":"/foo", "request.method":"DELETE"}

Can't you?

SukeshGupta · August 22, 2019, 1:01pm

Now Im able get those things. But whats happening is its generating many logs for fraction of seconds.

How to limit these logs to particular indices only ?

I have added the below line in my YML file :

xpack.monitoring.collection.indices: employee

But its not working. Its generating many logs for fraction of seconds. Please help on this @dadoonet. Thanks for your response @dadoonet.

dadoonet · August 22, 2019, 6:18pm

I don't know. Leaving the question to someone else.

SukeshGupta · August 23, 2019, 5:17am

Okay thanks @dadoonet. Anyone please help me on this.

system · September 20, 2019, 5:18am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logging which user creates and deletes indexes Elasticsearch	7	612	July 23, 2020
Secure specific indices from users manually updating documents Elasticsearch elastic-stack-security	3	265	September 12, 2022
How to track user actions (process list)? Elasticsearch	3	2005	July 11, 2019
Nothing in the error logs for RBAC Elasticsearch	5	403	March 11, 2020
Action [indices:admin/create] is unauthorized for user Elasticsearch elastic-stack-security	3	14600	May 27, 2022

Details related to the index

Related topics