Logfile exclude filter example flagged as invalid in Kibana

rugenl · March 22, 2019, 1:08am

From the blog post the example gets an error in Kibana that I can't figure out.

This sample:

PUT /_cluster/settings {
    "transient": {
        "xpack.security.audit.logfile.events.ignore_filters": {
            "single_policy": {
                "users": [
                    "_system",
                    "_xpack_security"
                ]
                "indices": [
                    ".kibana"
                ]
            }
        }
    }
}

Immediately gets this error that I can't seem to fix:

Any ideas?

Thanks

rugenl · March 22, 2019, 1:14am

Never mind....

PUT /_cluster/settings 
{
    "persistent": {
        "xpack.security.audit.logfile.events.ignore_filters": {......

Moving the { to a new line fixes it.

system · April 19, 2019, 1:14am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
6.4 xpack.security.audit.logfile.events.ignore_filters.*.realms broken? Elasticsearch	9	1159	January 17, 2019
Use logcheck ignore rules Logstash	6	1829	July 6, 2017
AuditLog index filtering problem Elasticsearch elastic-stack-security	2	396	February 4, 2019
[Kibana] - Add filter using specific regex Kibana	4	4071	April 12, 2019
Xpack.security.enabled: true Enable Kibana Security Features (Elasticsearch 7.10) Kibana elastic-stack-security	3	818	January 7, 2021

Logfile exclude filter example flagged as invalid in Kibana

Related topics