Question about Auditlog Setup

Hello,

I wanted to try out the Searchguard audit feature.
I do see login level audit logs, but not READ request level audit logs.

Here are my configs specific to audit settings:

Elasticsearch.yml:

searchguard.audit.type: debug
searchguard.compliance.history.read.watched_fields:
    - "*"

Versions:
Elasticsearch Nodes: 7.4.0
Kibana: 7.4.0
SG plugin: 7.4.0-36.2.0

Can someone help with this?
Thank you.

Please see https://docs.search-guard.com/latest/compliance-read-history

It should be look more like:

searchguard.audit.type: debug
searchguard.compliance.history.read.watched_fields:
    - "*,*"

(First wildcard means: all indices, second means all fields)

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.