Audit logging enabled but not able to see index level entries

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Opensearch 2.13.0

Describe the issue:
I have enabled audit logging on OpenSearch and I can see my audit index created with name “audit-logs”
I have performed some CRUD operations on one of my cluster index. I don’t see entries for that operations in the audit index.
As far as I know elasticsearch have that capabilities to see each entry related to CRUD operations that we do on any Index in the audit log index.
Could you please help me track index operation entries in the audit index.

settings that I’ve added in opensearch.yml: internal_opensearch true NONE NONE true true “audit-logs” “kibanaserver, logstash” true true

Relevant Logs or Screenshots:

Hi @mangesh.mathe.9

What user did you use? Could you send an example of your CRUD operation?

Could you please also send a screenshot of your audit log configurations in the OpenSearch Dashboards? To do this, click on Security → Audit logs and scroll to General settings .

I have used admin user and performing crud operations like inserting , updating and delete the index document.

CRUD operations that I performed,
POST opensearch_dashboards_sample_data_flights/_doc/
“FlightNum”: “AB123”,
“Dest”: “SFO”,
“Origin”: “JFK”,
“AvgTicketPrice”: 500,
“timestamp”: “2024-05-13T12:00:00Z”
POST opensearch_dashboards_sample_data_flights/_update/gEe2hY8BigLP3L3Hf14W
“doc”: {
“AvgTicketPrice”: 550
GET opensearch_dashboards_sample_data_flights/_search

DELETE opensearch_dashboards_sample_data_flights/_doc/gEe2hY8BigLP3L3Hf14W

Hi @mangesh.mathe.9 ,

Disabled REST categories are different in the config file and in the UI. Did you restart your cluster after making changes to the opensearch.yml file?

Please also check if the audit configuration in the opensearch.yml file is the same on every node in the cluster.

yes I have restarted the opensearch.service and opensearch-dashboard .service

we have implemented opensearch with only one node cluster. We are exploring the capabilities of opensearch.

anything that you want to add here to resolve my audit log issue?

How did you install OpenSearch?

To fix it, please try removing GRANTED_PRIVILEGES in the UI Settings:

Thank you so much. I have removed this settings from UI and did restarted the OpenSearch which solved this issue. I can see my CRUD operations now in the audit log index.