** On behalf of a user of Slack **
“We are testing audit logs. I found some requests are logged and some are not. Is this expected behavior?”
Hi Eric,
If you want to log events in all categories set below in your audit.yml:
plugins.security.audit.config.disabled_rest_categories: NONE
plugins.security.audit.config.disabled_transport_categories: NONE
For a more granular configuration refer to the: Audit logs - OpenSearch Documentation and Audit log field reference - OpenSearch Documentation
Let me know if you have any questions.
Best,
mj