Hi All,
In my elastic cluster, I see there are some records in docs.deleted for some of the indices, and I am not sure how to find out who deleted the docs?
My 3 node elastic cluster version is 7.16.1 and it is Not an enterprise version, and we are using a free opensource version.
I tried enabling xpack.security.audit.enabled in elastic config on all nodes and restarted cluster, and manually deleted records to check if its getting logged, but its not writing anything in the audit log file.
Is the auditing feature is available ONLY on the enterprise version?
Can anyone please help me how to find out the docs.deleted data?
Okay, so do you mean that if same document when indexed again, will result as updates, and it will do a delete and index That document again? Is my understanding correct?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.