New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Audit logs for AutoPutMapping don't include index name #73809
Comments
Pinging @elastic/es-security (Team:Security) |
For context, An This happens out of the box with Elasticsearch because we ship with dynamic mapping enabled. That means you can install a brand new ES node with a config like this:
And then write to a new index like this:
and the index will be automatically created, including a default mapping. That will generate an audit log roughly like this:
Walking through those entries we get these actions:
And while the auto_create index audit log from step 3 has |
Thank you. Your detailed explanation helped, especially the examples. I have one quick follow up question. Should step 2 |
It would probably be helpful if |
I haven't tracked this down, but I noticed it in
7.11.2
I issued a bulk request that triggered auto index creation, and the
indices:admin/mapping/auto_put
audit entries don't include the index name.The text was updated successfully, but these errors were encountered: