Audit log - logging the query

Hi there,

Is there any way to log the actual search query in the audit log? I need to log every query coming from the end users, but after going through the docs don’t see any way to do this.

I know that X-pack may be able to do it, and slow logs can also be used for this, but it would be nice all the auditing info to be contained in a single record.

Hi @socket! When you say the search query you mean the JSON body of the associated HTTP request?


Yes for example if I have the following query:

GET _search
“query”: {
“query_string”: {
“query”: “makale”

Would like to have “makale” logged in the audit log as the search term.