elastic · BigPandaToo · Mar 1, 2021 · Jan 13, 2021 · Jan 19, 2021 · Jan 19, 2021
diff --git a/docs/reference/settings/audit-settings.asciidoc b/docs/reference/settings/audit-settings.asciidoc
@@ -149,6 +149,15 @@ A list of authentication realm names or wildcards. The specified policy will
 not print audit events for users in these realms.
 // end::xpack-sa-lf-events-ignore-realms-tag[]
 
+[[xpack-sa-lf-events-ignore-actions]]
+// tag::xpack-sa-lf-events-ignore-actions-tag[]
+`xpack.security.audit.logfile.events.ignore_filters.<policy_name>.actions`::
+(<<dynamic-cluster-setting,Dynamic>>)
+A list of action names or wildcards. Action name can be found in the `action`
+field of the audit event. The specified policy will not print audit events
+for actions matching these values.
+// end::xpack-sa-lf-events-ignore-actions-tag[]
+
 [[xpack-sa-lf-events-ignore-roles]]
 // tag::xpack-sa-lf-events-ignore-roles-tag[]
 `xpack.security.audit.logfile.events.ignore_filters.<policy_name>.roles`::

diff --git a/...st/java/org/elasticsearch/xpack/security/audit/logfile/AuditTrailSettingsUpdateTests.java b/...st/java/org/elasticsearch/xpack/security/audit/logfile/AuditTrailSettingsUpdateTests.java
@@ -96,7 +96,8 @@ public void testInvalidFilterSettings() throws Exception {
         final String[] allSettingsKeys = new String[] { "xpack.security.audit.logfile.events.ignore_filters.invalid.users",
                 "xpack.security.audit.logfile.events.ignore_filters.invalid.realms",
                 "xpack.security.audit.logfile.events.ignore_filters.invalid.roles",
-                "xpack.security.audit.logfile.events.ignore_filters.invalid.indices" };
+                "xpack.security.audit.logfile.events.ignore_filters.invalid.indices",
+                "xpack.security.audit.logfile.events.ignore_filters.invalid.actions"};
         settingsBuilder.put(randomFrom(allSettingsKeys), invalidLuceneRegex);
         final IllegalArgumentException e = expectThrows(IllegalArgumentException.class,
                 () -> client().admin().cluster().prepareUpdateSettings().setTransientSettings(settingsBuilder.build()).get());
@@ -223,6 +224,12 @@ private static Settings randomFilterPolicySettings(String policyName) {
                 final List<String> filteredIndices = randomNonEmptyListOfFilteredNames();
                 settingsBuilder.putList("xpack.security.audit.logfile.events.ignore_filters." + policyName + ".indices", filteredIndices);
             }
+            if (randomBoolean()) {
+                // filter by actions
+                final List<String> filteredActions = randomNonEmptyListOfFilteredNames();
+                settingsBuilder.putList("xpack.security.audit.logfile.events.ignore_filters." + policyName + ".actions",
+                    filteredActions);
+            }
         } while (settingsBuilder.build().isEmpty());
 
         assertFalse(settingsBuilder.build().isEmpty());