AWS managed OpenSearch Audit logs "audit_request_remote_address": "IP",

nadivraviv · January 21, 2025, 4:12pm

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
OpenSearch 2.17

Describe the issue:
I have AWS managed OpenSearch, I’m trying to figure out which pods in my EKS cluster are getting 400x errors. the pods are behined NLB. I have enabled Audit logs but the logs doesn’t show the the ip address that makes the errors. it’s shown as “audit_request_remote_address”: "IP ".
Can someone help?

Configuration:
Not sure if it’s related but this the cluster security configuration:
Required HTTPS: Yes
Encryption at rest: Yes
AWS KMS key: Yes

Topic		Replies	Views
Support URLs instead of IPs on external_opensearch option for audit logs Security	3	282	September 15, 2023
Security audit log showing login source IP as opensearch instance IP address Security discuss , feature-request	3	666	April 25, 2023
Value of audit_node_host_address is the same as audit_request_remote_address in audit logs Open Source Elasticsearch and Kibana	1	404	April 22, 2023
Opensearch config update kubernetes OpenSearch	4	365	December 21, 2023
Audit log not getting OpenSearch	8	655	November 17, 2023

AWS managed OpenSearch Audit logs "audit_request_remote_address": "__IP__",

Related topics

AWS managed OpenSearch Audit logs "audit_request_remote_address": "IP",