User Account Details

Hi All, I'm new to ELK...how to we get information about user accounts like user account creation or expiration? something similar to a table in Database

I can see _security/user api has only username,fullname,email and roles.

Thanks in Advance.

Thanks & Regards,
Pradeep

Welcome to our community! :smiley:

There is a creation_time field that is filled out. There is also a expiration_time but it is not valid as we don't automatically expire accounts.

where is it available?

In the _source.

We currently don't record the creation time or update time for users. So there is no way to find them out using APIs. The alternative that I can think of is using audit logs which can log the exact time when the user creation request is issued.

Also as warkolm said, users don't expire. They can be disabled and this status does show in the GetUser API.

1 Like

@Yang_Wang what's creation_time in each document referencing?

API Key uses both creation_time and expiration_time. The security index is shared between different type of documents. Not all fields are used by each of them. That said, in hindsight, we probably would have recorded creation_time for user if API Key was introduced earlier.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.