How to know when indices mapping was updated

pratik_jain163 · October 15, 2023, 11:12am

hi All,

Someone has updated the mapping of any indices, so I want to know how we can find this.
And also, is there a way we can get all indices to also get udpated.
and if we want to enable auditing in ES how we can do.

iulia · October 16, 2023, 9:38am

Hi!
When you create a new mapping and then reindex your index to the new mapping, you can add the parameter wait_for_completion=False which will create a task ID for you to keep track of the process with.

Then you can use the tasks API to search through these tasks and see when a reindex task has been completed by searching with the ID, or even searching for all tasks of that kind.

It is also recommended to use the reindex API if you want to reindex multiple indeces, one by one. ( Reindex API | Elasticsearch Guide [8.10] | Elastic)

pratik_jain163 · October 16, 2023, 10:26am

Thanks for the reply, but I want to know when indices or mapping are updated.
For auditing purposes, I am asking.
if a task is present it will impact performance and without task how we can get.

leandrojmp · October 16, 2023, 12:04pm

You would need to have audit logs enabled, audit logs are available if you have a paid license.

Without audit logs you cannot know who updated anything.

Sunile_Manjee · October 16, 2023, 5:22pm

I thought about this approach and resisted responding to the question. From what I can tell (based on research), the audit events do not specifically include when a mapping is updated based on events captured: Audit events | Elasticsearch Guide [8.11] | Elastic

stephenb · October 16, 2023, 5:40pm

Hi everyone let me clarify a bit

As @leandrojmp mentioned auditing requires a commercial license
As @Sunile_Manjee mentioned updates to mappings is not one of the simple events that is easily auditable
You can do it by enabling REST logging audit logging and capturing the body of these REST events and then filtering and search on them. THIS can generate a large volume of data. And is usually a method of last resort.

In general, the more preferred approach is to apply Role Based Control on your non-admin users on the index privileges

pratik_jain163 · October 18, 2023, 7:58am

thanks for the reply but enabling REST will create huge data and it can impact performance correct.

i think we should get some feature that will add some additional fields in index such as last_update time something like that.

system · November 15, 2023, 7:58am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.