Hey Guys,
I would be very interested in a way to exclude the user I use to authenticate my elasticsearch output in logstash from the security auditing feature. The auditing is very helpful and I want all the audit events turned on. The problem is when I have 10k EPS coming from my logstash cluster into my elasticsearch cluster with each bulk operation being audit logged. Is there either a way to exclude users from audit logging or just a better way to output to elasticsearch from logstash to avoid the audit logging of said operation in the first place?