Does doing a POST query via the devtools alter any elastic data or database?

Its been brought to my attention that my post query is updating the database. I would like to seek clarification that such queries like below are purely querying instead of altering or updating any data in the elastics each database.

POST /_query?format=txt
{
  "query": """
  FROM .ml-notifications*
|   WHERE (job_id) == "kibana-logs"
    AND message IN ("Datafeed stopped", "Job opened")
|   LIMIT 10
    """
}

POST /_query?format=txt
{
  "query": """
  FROM ABCD:.monitoring-*
|   WHERE @timestamp > NOW() - 8 hours
    AND (node_stats.process.cpu.percent) > 50
    OR (node_stats.jvm.mem.heap_used_percent) > 50
|   STATS 
      process_cpu = AVG(node_stats.process.cpu.percent),
      jvm_mem = AVG(node_stats.jvm.mem.heap_used_percent),
      fs_avail = AVG(elasticsearch.node.stats.fs.total.available_in_bytes)
    BY elasticsearch.node.name
    EVAL fs_avail_gb = ROUND((TO_DOUBLE(fs_avail) / 1,073,741,824) * 100, 2)
|   WHERE process_cpu > 50
|   SORT process_cpu DESC
|   LIMIT 100
    """
}

Also, how can I do an audit on who run what query that may update the database?

Its been brought to my attention that my post query is updating the database.

What is the context for this? It is not correct.

None of the queries you shared will alter anything, they are only retrieving data.

To alter data you would need to use the _update_by_query or _delete_by_query endpoints and use a DSL query.

You would need to enable audit logs which requires a paid license, do you have one? If you have a platinum or enterprise license you can enable audit logs, but keep in mind that logging all queries being made can be pretty noisy and require a lot of space in your monitoring cluster.