I have been using Search Guard Compliance Plugin (Beta For ElasticSearch 6.2.2) and I have a trouble with blacklisting indices using provided configuration syntax for this module.
What I would like to achieve is to monitor all indices except ones that have “dot” at the beginning (e.g. .monitoring-). There is a possibility to use wildcards for “searchguard.compliance.history.read.watched_fields” option so I can set it to - ".", but I do not know how to set it to prevent search guard from adding information about .monitroing- indices.
Maybe I can use “searchguard.audit.ignore_requests” for this purpose?
Link to documentation - https://docs.search-guard.com/6.x-20/compliance-read-history