Tracking user activity in Elastic Cloud

I need to find a way to track user activity inside the Elastic Cloud. So in case the user hasn't logged in for a certain time we may get a sort of alert about it.

So far I've found this auditing article but not only I'm unaware about how to set it in the cloud, it seems it hasn't been updated for quite some time.

So I would like some help in exploring my options in this case.

Best regards.

Hi @SamuelSMendes

Here is the latest I would suggest reading through it carefully and filtering for the events you are interested in.

With elastic cloud you'll have to set up shipping the logs under the logs and metrics.

You will need a configure the audit logging under the user settings of Elasticsearch and need to be careful. It can be very verbose.

Then you'll have an audit trail and you'll be able to query and alert on it.

Typically we would suggest shipping metrics and audit logs to a separate cluster ie not the main workload cluster.

1 Like

Would it be possible to have these logs shipped into a basic license cluster?

I'm not sure I could have another dedicated cluster on cloud just for this, but if I could have a simpler one just so I could monitor these activities it might work for me.

No I'm sorry that is not supported....

Elastic Cloud only ships logs to Elastic Cloud clusters.

You can ship them back to the same cluster. It's just not considered best practice because that will put load on the primary cluster, but that's absolutely possible.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.