Hi,
I have created many users and i want details regarding which user has updated/created the index.
How to find out all the actions performed on the index by the user ?
We need to any changes in elastic yml file ?
Requesting anyone to please help me on this. Thanks!
You can use https://www.elastic.co/guide/en/elasticsearch/reference/current/auditing-settings.html. I think it requires a trial or gold license (commercial).
Thanks for your reply @dadoonet.
I am using trial version and i have already enabled that in my yml file. But it will show only related to these things - access_denied, access_granted, anonymous_access_denied, authentication_failed, connection_denied, tampered_request, run_as_denied, run_as_granted.
The logs will be like below :
{"@timestamp":"2019-08-19T09:53:10,029", "node.id":"wnSs8X2oRmmmd0LMaj3HBA", "event.type":"rest", "event.action":"anonymous_access_denied", "origin.type":"rest", "origin.address":"127.0.0.1:54520", "url.path":"/", "request.method":"GET", "request.id":"21aOudd2RC-3cTyTelPKQA"}
But it will not show which user has updated/created index, at what the index has been updated. All these things it will not show.
Can you please tell me is there any other way. Thanks!
Hi,
Can anyone please provide the solution for this topic.
Thanks!
I don't really know but I guess you can see some messages like:
{ ..., "url.path":"/foo", "request.method":"PUT"}
{ ..., "url.path":"/foo", "request.method":"DELETE"}
Can't you?
Now Im able get those things. But whats happening is its generating many logs for fraction of seconds.
How to limit these logs to particular indices only ?
I have added the below line in my YML file :
xpack.monitoring.collection.indices: employee
But its not working. Its generating many logs for fraction of seconds. Please help on this @dadoonet. Thanks for your response @dadoonet.
I don't know. Leaving the question to someone else.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.