Logfile exclude filter example flagged as invalid in Kibana

From the blog post the example gets an error in Kibana that I can't figure out.

This sample:

PUT /_cluster/settings {
    "transient": {
        "xpack.security.audit.logfile.events.ignore_filters": {
            "single_policy": {
                "users": [
                "indices": [

Immediately gets this error that I can't seem to fix:

Any ideas?


Never mind....

PUT /_cluster/settings 
    "persistent": {
        "xpack.security.audit.logfile.events.ignore_filters": {......

Moving the { to a new line fixes it.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.