Kibana Audit Logging

Enable and configure audit logging for Kibana via kibana.yml. Kibana audit logs cover application-layer security events that Elasticsearch does not see: saved object CRUD (dashboards, visualizations, index patterns, rules, cases), login/logout, session expiry, space operations, and Kibana-level RBAC enforcement.

For Elasticsearch audit logging (authentication failures, access grants/denials, security config changes), see elasticsearch-audit. For authentication and API key management, see elasticsearch-authn. For roles and user management, see elasticsearch-authz.

For detailed event types, schema, and correlation queries, see references/api-reference.md.

Deployment note: Kibana audit configuration differs across deployment types. See Deployment Compatibility for details.

Jobs to Be Done

Related skills

More from elastic/agent-skills

Installs

533

Repository

elastic/agent-skills

GitHub Stars

471

First Seen

Mar 13, 2026

Security Audits

Gen Agent Trust HubPass

SocketPass

SnykWarn

kibana-audit

Kibana Audit Logging

Jobs to Be Done

More from elastic/agent-skills

elasticsearch-esql

kibana-dashboards

elasticsearch-authn

elasticsearch-file-ingest

observability-logs-search

elasticsearch-authz