You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi there.. I'm trying to search for user logins using the searches / dashboards set up for showing user logins, but I notice that the action field is not making it into elasticsearch. I'm not sure where that field should be getting introduced, but I think possibly it is as part of the normalize rules for the audit log. I don't fully understand how that turns into fields that end up being turned into the $!all-json variable used by the omelasticsearch module. In either case -- the search and dashboard aren't working, I believe because they required the action field to be identified and they never are. I definitely see messages if I search for type=USER_LOGIN. Any help would be appreciated.
The text was updated successfully, but these errors were encountered:
Hi there.. I'm trying to search for user logins using the searches / dashboards set up for showing user logins, but I notice that the action field is not making it into elasticsearch. I'm not sure where that field should be getting introduced, but I think possibly it is as part of the normalize rules for the audit log. I don't fully understand how that turns into fields that end up being turned into the $!all-json variable used by the omelasticsearch module. In either case -- the search and dashboard aren't working, I believe because they required the action field to be identified and they never are. I definitely see messages if I search for type=USER_LOGIN. Any help would be appreciated.
The text was updated successfully, but these errors were encountered: