Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature request: ability to change 'audit_utc_timestamp' field name in audit logging #609

packetrevolt opened this issue Dec 12, 2018 · 1 comment


None yet
2 participants
Copy link

commented Dec 12, 2018

When enabling Search Guard audit logging using Elasticsearch as the data type, is there a way to change the name of the 'audit_utc_timestamp' field name to '@timestamp' or perhaps even copy the field so both are populated? The reason I ask due to Kibana, we create index patterns in Kibana of aliases that then contain many other indexes. If the created Search Guard audit index is added to an alias with other security audit related logs then in Kibana only a single field is supported as the timefield.


This comment has been minimized.

Copy link

commented Dec 14, 2018

We will include this in the next release (v24) expected next week. Thx for this feature request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.