Exclude user from security audit logging? (logstash's elasticsearch output user)

Myles · May 24, 2017, 1:16am

Hey Guys,

I would be very interested in a way to exclude the user I use to authenticate my elasticsearch output in logstash from the security auditing feature. The auditing is very helpful and I want all the audit events turned on. The problem is when I have 10k EPS coming from my logstash cluster into my elasticsearch cluster with each bulk operation being audit logged. Is there either a way to exclude users from audit logging or just a better way to output to elasticsearch from logstash to avoid the audit logging of said operation in the first place?

system · June 21, 2017, 1:16am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Audit Log Exclude by Origin / Principal Elasticsearch	8	1704	February 22, 2018
Discovery - Exclude wildcard? Elasticsearch	2	333	August 14, 2018
How to log users trying to preform actions they arent allowed to preform Elasticsearch elastic-stack-security	3	466	December 25, 2019
SOLVED: Logstash issue with shield - "action [indices:data/write/bulk] is unauthorized for user [logstash]" Logstash elastic-stack-security	15	13629	July 6, 2017
Action [indices:data/write/bulk] is unauthorized for user [logstash_system]\ Logstash	1	2416	August 30, 2017

Exclude user from security audit logging? (logstash's elasticsearch output user)

Related topics