What do you mean the query?
Do you see the println or not?
Yes,
see printPl entnry i log. nlease see my post from Apr 15:
For example, we want to audit the whole query.
GET /customer/_search
{
“query” : { “match” : { “name” : “ben” } }
}}
now we can see just: “GET /customer/_search”
without: " “query” : { “match” : { “name” : “ben” } } "I
If what you are missing is just logging the http body, just add it to the returned map:
theMap.put("query", context.getRequestContext().getContent());
Hi,
Still empty “query”
{
"_id": "555678544-25378676#3692063",
"_index": "readonlyrest_audit-2018-07-24",
"_score": 1.0,
"_source": {
"query": "TEST:getHistoryString():[passthrough->[]]"
},
"_type": "ror_audit_evt"
},
My Custom Serializer:
more MyCustomSerializer.java
import tech.beshu.ror.commons.ResponseContext;
import tech.beshu.ror.requestcontext.AuditLogSerializer;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
public class MyCustomSerializer implements AuditLogSerializer {
@Override
public Map<String, ?> createLoggableEntry(ResponseContext context) {
System.out.println("In MyCustomSerializer.createLoggableEntry() :: " + new Date().toString());
Map<String, Object> theMap = new HashMap<>();
//theMap.put("indices", "TEST:getIndices():{" + context.getRequestContext().getIndices() + "}");
theMap.put("query", "MYTEST:getContent():{" + context.getRequestContext().getContent() + "}");
theMap.put("query", "TEST:getHeaders():" + context.getRequestContext().getHeaders());
theMap.put("query", "TEST:getAction():" + context.getRequestContext().getAction());
theMap.put("query", "TEST:getUri():" + context.getRequestContext().getUri());
theMap.put("query", "TEST:getHistoryString():" + context.getRequestContext().getHistoryString());
return theMap;
}
}
Very weird, can you print the actual request context object toString()? To see if we have any information inside of it.
I have just tried to create a custom serializer and I can print the request context content.
package tech.beshu.ror.requestcontext;
import tech.beshu.ror.commons.ResponseContext;
import java.util.HashMap;
import java.util.Map;
public class LudacaTestCustomSerializer implements AuditLogSerializer {
@Override
public Object createLoggableEntry(ResponseContext context) {
Map<String, Object> m = new HashMap<>(2);
m.put("indices_buzz", context.getRequestContext().getIndices());
m.put("query_fizz", context.getRequestContext().getContent());
return m;
}
}
{
"_index": "readonlyrest_audit-2018-07-24",
"_type": "ror_audit_evt",
"_id": "398656045--1587085937#2932",
"_score": 1,
"_source": {
"indices_buzz": [
"r*"
],
"query_fizz": "{\"query\":{ \"match\" : { \"name\" : \"ben\" } }}"
}
}
$ jar -ft plugins/readonlyrest/CUSTOMSER.jar
META-INF/
META-INF/MANIFEST.MF
tech/
tech/beshu/
tech/beshu/ror/
tech/beshu/ror/requestcontext/
tech/beshu/ror/requestcontext/LudacaTestCustomSerializer.class
You can find the jar containing the serializer here.
$ head config/readonlyrest.yml
readonlyrest:
audit_collector: true
audit_serializer: tech.beshu.ror.requestcontext.LudacaTestCustomSerializer
I’m so happy 
It’s work with your example
Thank you so much!
1 Like
Wow that’s great! What was the problem??
Hello,
Sorry for delay, it’s vacation period 
This line was removed from my java file: m.put(“indices_buzz”, context.getRequestContext().getIndices())
because it sent a huge number of exceptions in ES log.
In addition, could I catch username performed the query?
Thanks again
Hi @ludaca, I believe the getIndices threw exceptions because there was no check if the request involves indices. If you see how the DefaultAuditLogSerializer does that:
You can log the logged user name taking inspiration from the same file as above: