Question about Auditlog Setup


I wanted to try out the Searchguard audit feature.
I do see login level audit logs, but not READ request level audit logs.

Here are my configs specific to audit settings:


searchguard.audit.type: debug
    - "*"

Elasticsearch Nodes: 7.4.0
Kibana: 7.4.0
SG plugin: 7.4.0-36.2.0

Can someone help with this?
Thank you.

Please see Read History | Security for Elasticsearch | Search Guard

It should be look more like:

searchguard.audit.type: debug
    - "*,*"

(First wildcard means: all indices, second means all fields)

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.