Good afternoon,
We decided to move ROR logs from all clusters to a separate cluster for easier searching.
However, we encountered a problem—the logs do not contain a field indicating the host or cluster name where the request was made.
Could you add field “hostname” and “cluster_name” to the ReadOnlyRest logs?
example config:
readonlyrest:
audit_collector: true
audit_serializer: tech.beshu.ror.requestcontext.QueryAuditLogSerializer
audit_index_template: "'.readonlyrest-audit'-yyyy-MM-dd"
prompt_for_basic_auth: false
response_if_req_forbidden: Wrong password
audit:
enabled: true
outputs:
- type: index
cluster: ["http://1.1.1.1:9200" , "http://2.2.2.2:9200", "http://3.3.3.3:9201" ]
index_template: "'readonlyrest'-yyyy-MM-dd"
{“customer_id”: “6c4a385b-2ae8-4f02-a9cd-ef24addfb5b3”, “subscription_id”: “32d4073f-dc2f-4056-a868-842727c637cd”}