How can i take user action in elasticsearch or kibana

Our ELK has 10 users like, A, B, C, D.

I want to monitor user action by log.

However, our system uses 'Basic' license so we can't log user action to log when i activate the audit configuration.

So is there any other method to monitor user action?

I want to see like below information.

ex) A, GET, /index/mominoting................

May be you can add a reverse proxy on top of elasticsearch like nginx, then install filebeat to monitor the logs and send them to elasticsearch?

Not sure how complicated is that and if you can actually do it but that's the only idea I had so far.

May be others will have better thoughts?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.