We require to enable an audit for a specific user, meaning that whenever the user logs in or performs any CRUD operations in Elasticsearch, it should be recorded. The user has reported intermittent connectivity and query issues with Elasticsearch without any specfic pattern, making it difficult for us to troubleshoot. Therefore, we are considering to implment an audit trail for this user. The application is developed using Node.js. Could you kindly assist us in understanding how we can accomplish this within Elasticsearch?
You can do this through audit logging in Elasticsearch. Note that this does require a commercial license and is not available with the free Basic license. If that is not an option you may need to implement this yourself in some kind of proxy ahead of Elasticsearch.
Thanks for response. As I mentioned above any way to audit user level all activities starting from connection creation to all kind of CRUD operations he is perfroming.
The audit logging I mentioned will log what Elasticsearch sees in terms of user interaction. Issues the customer sees from the client side that prevent connection to Elasticsearch, e.g. DNS or network issues, is only available to the client so would need to be logged there.
In my deployment, the parameter is set to true, but the mobelastic_audit.json file does not contain any records. We had basic licensing, could this be the reason why the audit file contains zero records?
Could you please confirm?
I am currently utilizing version 8.12 of Elasticsearch. Are you suggesting that it operates with a BASIC license? If so, I am curious as to why the file mobelastic_audit.json contains zero records.
Is there something we may be overlooking?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.