Elasticsearch Audit Logging
Enable and configure security audit logging for Elasticsearch via the cluster settings API. Audit logs record security
events such as authentication attempts, access grants and denials, role changes, and API key operations — essential for
compliance and incident investigation.
For Kibana audit logging (saved object access, login/logout, space operations), see kibana-audit. For authentication
and API key management, see elasticsearch-authn. For roles and user management, see elasticsearch-authz. For
diagnosing security errors, see elasticsearch-security-troubleshooting.
For detailed API endpoints and event types, see references/api-reference.md.
Deployment note: Audit logging configuration differs across deployment types. See
Deployment Compatibility for details.
Jobs to Be Done
related skills
semantically similar in the cross-vendor index
don't have the plugin yet? install it then click "run inline in claude" again.
+identifies the right problem domain (compliance, incident investigation, security events)
+cross-references related skills appropriately (kibana-audit, elasticsearch-authn, elasticsearch-authz)
weaknesses
~no procedure: missing steps to enable audit logging, configure event types, or verify logs are being captured
~no trigger phrases or intent: reads as an abstract description, not an actionable skill
~no inputs, decision points, or output contract defined; 'see references/api-reference.md' is a cop-out, not a procedure