How to trace/log all delete action

I have a shared ELK in my Enterprise and we need to trace/log 2 type of action :

  1. Delete Index by API DELETE Call
  2. Delete doc by Delete_by_query

I try without success with Audit and slowlog.
Is there a way to have this information?

PS : ELK 7.5.1 with Basic License

Audit log is the easiest way to go IMO but you need a Gold+ license (Subscriptions | Elastic Stack Products & Support | Elastic).

Otherwise you can:

  • Do that in your application and log when your application is calling those APIs
  • Enable slow log but this can lead to a lot of data
  • Add a proxy (like ngnix) on top of your elasticsearch instances

May be others have nice ideas?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.