Our 'kibana' principle figures in 20-80+ million log records pr day in our .security* xpack/security indices daily, related to searches in .reporting-$date indices, constantly.
We dont have any report jobs, and the contents of the existing .reporting* indices is < 50 docs per index. We had 8 .reporting indices, of various dates.
How do i find out why Kibana is searching there so frequently that it's trashing the .security* indices? It generates quite the log volume. Also, naturally, the text log is getting quite big.
I have a snapshot of the indices; however I've deleted the .reporting indices, and that has dropped the rate of logging into the .audit* indices dramatically.
However, when I look into the Monitoring dashboards in Kibana, the drop in indexing rate into the .security$date index isn't matching the drop in reported searches (they might be cumulatively/bulk indexed).
Why is this excessive search (and consequentual logging of searches) into .reporting indices happening?
Also, I see logs related to .monitoring indices in excessive amounts (millions), when looking at the Monitoring dashboard, even for a short duration of time.
Can some of this logging be filtered out so it does'nt hit the .security index and log file? If not, can I disable Security logging of access to the .reporting or .monitoring indices?