I had deployed elasticsearch-operator(1.3.0) with elasticsearch 7.9.0 in GKE. I have used below line in my elasticsearch.yaml to enable audit logging:
xpack.security.audit.enabled: true
As per the documentation(Enabling audit logging | Elasticsearch Guide [7.9] | Elastic), there will be some file "clustername>_audit.json" like this if I do exec into the pod. But I am not able to see that file.
can anyone suggest , is there anything that I need to add.
Can anyone tell whether it will be supporting for free users or only for subscribed users.
Audit logging requires a commercial subscription.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.