elasticmachine
commented
5 years ago Pinging @elastic/stack-monitoring
Open RomainGeffraye opened 5 years ago
elasticmachine
commented
5 years ago Pinging @elastic/stack-monitoring
cachedout
commented
5 years ago Hi @RomainGeffraye
Thanks for the feature idea!
I agree that we can do more to help the user quickly see what is happening with the audit log. I am curious, though, how many audit log entries we might expect even on a busy cluster. My assumption is that these events are relatively rare (on the order of a few an hour) and a line graph might appear mostly flat, which might cause a user to find it less than helpful much of the time.
This might be a case where we need to think about a few visualizations other than line graphs which might be best for this sort of infrequent data. Any ideas on this front are most welcome.
cc: @elastic/stack-monitoring
Describe the feature:
Once a user enables audit logging on his cluster, he can see a new tab where he can find different graphs derived from the audit logs.
For example, the number of successful/failed authentications.
Describe a specific use case for the feature:
Audit logging is enabled on the cluster which generates a lot of logs. Having pre-configured visualization help the user to quickly spot some issue (for example a spike of failed authentication).