How to lower the burden of audit log

ivanyu · February 12, 2019, 5:30am

Dear,

My cluster broke down several times and the elasticsearch log says:
failed to index audit event：[access_granted]. internal queue is full. which may be caused by a high indexing rate or issue with the destination

And after I disable the audit, the cluster is stable until now.
But because of company policy, we need to record the audit.
So my question is how to solve the above problem? Is it helpful to increase some of the internal queue or just send the audit log to another elasticsearch cluster?

Thanks

system · March 12, 2019, 5:30am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Index audit output Elasticsearch	3	2573	January 13, 2017
"IndexAuditTrail failed to index audit event" warning in elasticsearch.log Elasticsearch	1	1760	August 8, 2017
Cluster overflooded with tasks and growing! Elasticsearch	4	1094	March 29, 2019
Issues with Audit Log Elasticsearch	8	1231	January 4, 2018
Audit logs stop on certain nodes in cluster Elasticsearch elastic-stack-security	8	375	March 6, 2023

How to lower the burden of audit log

Related topics