Hi everyone, we were trying to find out where does the plugin logs the document deletion from indices. Could you help me with this?
If you need more information, please let me know.
We executed the query de Dev tools:
POST INDEX/_delete_by_query
{
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "some string to search"
}
}
]
}
}
}
But we couldn’t find anything within the indices readonlyrest_audit-*
Configuration
ReadonlyRest Plugin version: Enterprise 1.61.1_es7.17.26
ReadonlyRest Plugin file /etc/elasticsearch/readonlyrest.yaml
:
readonlyrest:
audit_collector: true
audit_index_template: "'readonlyrest_audit'-yyyy-MM"
prompt_for_basic_auth: false
...
Edit: I removed access_control_rules: from the example file. It seemed to me that doesn’t help for this troubleshooting of this issue.