Elasticsearch Audit Logging

Enable and configure security audit logging for Elasticsearch via the cluster settings API. Audit logs record security events such as authentication attempts, access grants and denials, role changes, and API key operations — essential for compliance and incident investigation.

For Kibana audit logging (saved object access, login/logout, space operations), see kibana-audit. For authentication and API key management, see elasticsearch-authn. For roles and user management, see elasticsearch-authz. For diagnosing security errors, see elasticsearch-security-troubleshooting.

For detailed API endpoints and event types, see references/api-reference.md.

Deployment note: Audit logging configuration differs across deployment types. See Deployment Compatibility for details.

Jobs to Be Done

Related skills

More from elastic/cursor-plugins

Installs

Repository

elastic/cursor-plugins

GitHub Stars

First Seen

Apr 29, 2026

Security Audits

Gen Agent Trust HubPass

SocketPass

SnykPass

elasticsearch-audit

Elasticsearch Audit Logging

Jobs to Be Done

More from elastic/cursor-plugins

kibana-vega

security-generate-security-sample-data

kibana-audit

cloud-setup

kibana-alerting-rules

cloud-manage-project