Ignore_filters option for audit index method

djtecha · February 7, 2018, 6:47pm

Hey there,
So I'm really happy to see that es 6.2 offers the ignore_filters for the audit trail (super helpful). But I was curious if this option is coming to the index output method? I tried adding it and ES doesn't register it as an option.

  security:
    enabled: true
    audit:
      enabled: true
      outputs: [ index ]
      index:
        events:
          ignore_filters:
            policy1:
              users: ["filebeat"]
        exclude: [ connection_granted, realm_authentication_failed ]
        emit_request_body: true

system · March 7, 2018, 6:47pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
6.4 xpack.security.audit.logfile.events.ignore_filters.*.realms broken? Elasticsearch	9	1159	January 17, 2019
AuditLog index filtering problem Elasticsearch elastic-stack-security	2	396	February 4, 2019
Audit logs on ES 7.16.3 Elasticsearch elastic-stack-security	3	423	March 14, 2022
How to index Elasticsearch security audit events in 7.0? Elasticsearch	1	312	May 17, 2019
Elasticsearch input missing [@metadata][_index] Logstash	14	2349	April 15, 2020

Ignore_filters option for audit index method

Related topics