Skip to content

Document plugins.security.audit.config.log4j.maximum_index_characters_per_message setting #12185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
parislarkins wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Document plugins.security.audit.config.log4j.maximum_index_characters_per_message setting #12185

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions _security/audit-logs/storage-types.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,3 +129,5 @@
```

By default, the Security plugin uses the logger name `audit` and logs the events on `INFO` level. Audit events are stored in JSON format.

For clusters with many indices, you can use the `plugins.security.audit.config.log4j.maximum_index_characters_per_message` setting to split log messages and prevent the `audit_trace_indices` and `audit_trace_resolved_indices` fields from exceeding the desired maximum index name characters per message. This can help keep maximum log message size down to better fit in your logging pipeline. Split messages will include a new `audit_split_message_id` UUID field to link split messages together. The setting defaults to `2,147,483,647` so no splitting will be performed.

Check failure on line 133 in _security/audit-logs/storage-types.md

View workflow job for this annotation

GitHub Actions / style-job 

[vale] reported by reviewdog 🐶
[OpenSearch.SubstitutionsError] Use 'indexes' instead of 'indices'.

Raw Output:
{"message": "[OpenSearch.SubstitutionsError] Use 'indexes' instead of 'indices'.", "location": {"path": "_security/audit-logs/storage-types.md", "range": {"start": {"line": 133, "column": 24}}}, "severity": "ERROR"}
Loading