Limit audit logs to a certain number of days

We have the following configuration in our elasticsearch.yml file. Is there any way we can limit the audit logs to be stored only for the last 2 weeks. true [ index, logfile ] true

ES version: 7.3.2
X-pack tier: Platinum pack

Here is an approach that can provide a solution. you have to index the data in a daily index. 1 index per day. Then, either you use the curator tool to define a retention date of 2 weeks (either 2 * 7 days = 14 days), or you create a script that will do this job.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.