Monitoring the requests of the user of the Kibana

[anomaliyao]

Is it possible to view the active requests that users made with their logins, the time of the request and other stuff?

[tsullivan]

The feature for monitoring security user activity is in Elasticsearch: https://www.elastic.co/guide/en/x-pack/current/auditing.html

It's auditing security events is off by default, but can be enabled in Elasticsearch config.

Let me know if this is what you were looking for! 😃

[anomaliyao]

[2018-05-14T14:42:37,721] [transport] [access_granted] origin_type=[rest], origin_address=[127.0.0.1], principal=[user], action=[indices:data/read/search], indices=[test-2017.11,test-2017.12], request=[SearchRequest]
In the logs you can see that the user can see that the search query is visible to which indexes he applied. But what filters applied, the response time and the status of query execution are missing
There is also the ability to log slow requests, there the information is interesting, but again the user can not see who sent the request.

[tsullivan]

There currently isn't a built-in way of getting that level of detail. You could create your own proxy to run in between Kibana and Elasticsearch and log each requests how you see fit, though.

[kobelb]

Closing in favor of #17939