Details related to the index


I have created many users and i want details regarding which user has updated/created the index.
How to find out all the actions performed on the index by the user ?

We need to any changes in elastic yml file ?

Requesting anyone to please help me on this. Thanks!

You can use I think it requires a trial or gold license (commercial).

Thanks for your reply @dadoonet.

I am using trial version and i have already enabled that in my yml file. But it will show only related to these things - access_denied, access_granted, anonymous_access_denied, authentication_failed, connection_denied, tampered_request, run_as_denied, run_as_granted.

The logs will be like below :

{"@timestamp":"2019-08-19T09:53:10,029", "":"wnSs8X2oRmmmd0LMaj3HBA", "event.type":"rest", "event.action":"anonymous_access_denied", "origin.type":"rest", "origin.address":"", "url.path":"/", "request.method":"GET", "":"21aOudd2RC-3cTyTelPKQA"}

But it will not show which user has updated/created index, at what the index has been updated. All these things it will not show.

Can you please tell me is there any other way. Thanks!


Can anyone please provide the solution for this topic.

I don't really know but I guess you can see some messages like:

{ ..., "url.path":"/foo", "request.method":"PUT"}
{ ..., "url.path":"/foo", "request.method":"DELETE"}

Can't you?

Now Im able get those things. But whats happening is its generating many logs for fraction of seconds.

How to limit these logs to particular indices only ?

I have added the below line in my YML file :

xpack.monitoring.collection.indices: employee

But its not working. Its generating many logs for fraction of seconds. Please help on this @dadoonet. Thanks for your response @dadoonet.

I don't know. Leaving the question to someone else.

Okay thanks @dadoonet. Anyone please help me on this.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.