Xpack.security.audit.outputs: [ index, logfile ] in 7.x?


Uptil 6.2 the security audits could be sent to an ES index by setting this line elasticsearch.yml file

xpack.security.audit.outputs: [ index, logfile ]


In 7.x the audit logs can be only written to clustername_audit.json or console.

My question is how can the audit logs be sent to an ES index, just like 6.2? Is there any such option anymore?


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.