Uptil 6.2 the security audits could be sent to an ES index by setting this line elasticsearch.yml file
xpack.security.audit.outputs: [ index, logfile ] https://www.elastic.co/guide/en/x-pack/current/auditing.html#audit-log-settings
In 7.x the audit logs can be only written to clustername_audit.json or console.
My question is how can the audit logs be sent to an ES index, just like 6.2? Is there any such option anymore?