Ignore_filters option for audit index method


(Djtecha) #1

Hey there,
So I'm really happy to see that es 6.2 offers the ignore_filters for the audit trail (super helpful). But I was curious if this option is coming to the index output method? I tried adding it and ES doesn't register it as an option.

  security:
    enabled: true
    audit:
      enabled: true
      outputs: [ index ]
      index:
        events:
          ignore_filters:
            policy1:
              users: ["filebeat"]
        exclude: [ connection_granted, realm_authentication_failed ]
        emit_request_body: true

(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.