Logfile exclude filter example flagged as invalid in Kibana

rugenl · March 22, 2019, 1:08am

From the blog post the example gets an error in Kibana that I can't figure out.

This sample:

PUT /_cluster/settings {
    "transient": {
        "xpack.security.audit.logfile.events.ignore_filters": {
            "single_policy": {
                "users": [
                    "_system",
                    "_xpack_security"
                ]
                "indices": [
                    ".kibana"
                ]
            }
        }
    }
}

Immediately gets this error that I can't seem to fix:

Any ideas?

Thanks

rugenl · March 22, 2019, 1:14am

Never mind....

PUT /_cluster/settings 
{
    "persistent": {
        "xpack.security.audit.logfile.events.ignore_filters": {......

Moving the { to a new line fixes it.

Topic		Replies	Views
6.4 xpack.security.audit.logfile.events.ignore_filters.*.realms broken? Elasticsearch	9	1272	January 17, 2019
Log4j regex filter to avoid audit logs Elasticsearch elastic-stack-security	3	961	April 29, 2020
Exclude logs on kibana Kibana	3	177	February 9, 2023
AuditLog index filtering problem Elasticsearch elastic-stack-security	2	419	February 4, 2019
KIBANA : xpack.security.audit issue Kibana elastic-stack-security	16	1467	March 31, 2021

Logfile exclude filter example flagged as invalid in Kibana

Related topics