Hi,
I have a shared ELK in my Enterprise and we need to trace/log 2 type of action :
Delete Index by API DELETE Call
Delete doc by Delete_by_query
I try without success with Audit and slowlog.
Is there a way to have this information?
Regards,
Mike.
PS : ELK 7.5.1 with Basic License
dadoonet
(David Pilato)
May 4, 2021, 9:44am
2
Audit log is the easiest way to go IMO but you need a Gold+ license (Subscriptions | Elastic Stack Products & Support | Elastic ).
Otherwise you can:
Do that in your application and log when your application is calling those APIs
Enable slow log but this can lead to a lot of data
Add a proxy (like ngnix) on top of your elasticsearch instances
May be others have nice ideas?
system
(system)
Closed
June 1, 2021, 9:44am
3
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.