I'm trying to start elasticsearch with the index audit logging enabled, but the x-pack plugin are not able to write the events to the cluster. In the logs I only get a lot of these messages:
failed to index audit event: [access_granted]. internal queue is full, which may be caused by a high indexing rate or issue with the destination
Enabling debug logging, I found this:
security audit index template [security_audit_log] does not exist, so service cannot start
How do I install that template?