Audit log - logging the query


#1

Hi there,

Is there any way to log the actual search query in the audit log? I need to log every query coming from the end users, but after going through the docs don’t see any way to do this.

I know that X-pack may be able to do it, and slow logs can also be used for this, but it would be nice all the auditing info to be contained in a single record.


Audit log to optionally log executed queries
(Simone Scarduzio) #2

Hi @socket! When you say the search query you mean the JSON body of the associated HTTP request?


#3

Hi,

Yes for example if I have the following query:

GET _search
{
“query”: {
“query_string”: {
“query”: “makale”
}
}
}

Would like to have “makale” logged in the audit log as the search term.