Thanks for your reply,
I already explored that feature (Log the User and Query submited thru Kibana)
But unfortunately that feature doesn't log the username that performed the query, and I need to log both for audit purposes...
That is why I turned into Kibana since it seemed me that it would be possible to develop a plugin to log both (user and query) at the same time (or even feed it back to an elastic index like you suggested). Right now I'm trying to do the most simple thing, output to stdout with console.log() or server.log().
I was not able yet to print the POST content that I see being sent from the browser into the kibana server. I can hook in and dump the whole request variable, but the POST payload is not visible
I was also not able to print the username that is currently logged in kibana (it seems to me that the username string isn't being saved on the session variables on the kibana server side?)
I will also be required later on to add an input field that users need to fill in on the kibana interface whenever they perform a search, that piece of information they enter also needs to be logged in together with username and query. The final audit log doesn't have to be the whole json sent to elastic backend, it can be the multiple HTML parameters they entered/selected on the kibana discovery interface (i.e. query string + index name + timeframe + custom field I'll need to add), but as far as I can see the kibana server does not received those parameters isolated, it already receives the final elastic json in the POST (probably constructed on by the angular component on the browser) and it just proxies it to the elastic backend, so I'm also not sure how I can inject there my custom input field...
Sorry for the long post, any suggestions on the best approachs to accomplish my final goal are really appreciated