Describe the issue:
I want to centralise the audit logging of all our clusters into one, using the
external_opensearch option of audit logs, targeting an external OpenSearch cluster.
As explained in the official documentation, I need to specify a comma-separated list of hosts/IP addresses and the REST port, like the following:
As expected, things like
[localhost:9200,localhost:9201] also work.
What doesn’t work is setting an actual URL there, like
https://my-opensearch-cluster.company.com:443/opensearch. This will persist even if the hosts behind the cluster change.
At the moment, if a cluster changes hosts, I need to adapt and restart all clusters, to pick up the new IPs.
Am I missing something, or the possibility of using an actual URL that corresponds to an OpenSearch cluster on
plugins.security.audit.config.http_endpoints (or similar setting) is not yet there?
Note: In case this is indeed not possible, I’ve created a github issue