I had deployed elasticsearch-operator(1.3.0) with elasticsearch 7.9.0 in GKE. I have used below line in my elasticsearch.yaml to enable audit logging:
As per the documentation(Enabling audit logging | Elasticsearch Guide [7.9] | Elastic), there will be some file "clustername>_audit.json" like this if I do exec into the pod. But I am not able to see that file.
can anyone suggest , is there anything that I need to add.