Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13423

Audit logging service ElasticSearch handler with Kibana

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 5.5.1
    • Fix Version/s: None
    • Component/s: audit logging
    • Labels:
    • Support Ticket IDs:

      Description

      In the implementation of the Audit logging service ElasticSearch handler with AM, the json format uses a nested array to report "entries" for each transaction. The client's IP address is included in these entries. Due to this implementation, it is not possible to create visualisations that include this field in Kibana which does not support parsing of nested arrays.

       

      An ability to manipulate the json structure or implement it in a way that allows Kibana to parse the field would address this issue.

       

      This possible enhancement was identified as a requirement to trace failing authentications by IP address is not currently possible with AM, Elasticsearch and Kibana integration.  

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              tim.chandler Tim Chandler
            • Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated: