I maintain multiple Graylog clusters and hundreds of users use it everyday. We need to know, what all search queries are being executed in different clusters. Is there any way to do it?
You could use the access log for this: http://docs.graylog.org/en/2.3/pages/securing.html#logging-user-activity
I’ve configured my Elasticsearch hosts slowlog threshholds as well, and am pulling those in to Graylog to attempt to get even more info about what the users are executing.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.