Logfile exclude filter example flagged as invalid in Kibana

rugenl · March 22, 2019, 1:08am

From the blog post the example gets an error in Kibana that I can't figure out.

This sample:

PUT /_cluster/settings {
    "transient": {
        "xpack.security.audit.logfile.events.ignore_filters": {
            "single_policy": {
                "users": [
                    "_system",
                    "_xpack_security"
                ]
                "indices": [
                    ".kibana"
                ]
            }
        }
    }
}

Immediately gets this error that I can't seem to fix:

Any ideas?

Thanks

rugenl · March 22, 2019, 1:14am

Never mind....

PUT /_cluster/settings 
{
    "persistent": {
        "xpack.security.audit.logfile.events.ignore_filters": {......

Moving the { to a new line fixes it.

system · April 19, 2019, 1:14am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.