Is there some ability in Opensearch Dashboards for me to log access events to Dashboards objects, such as Saved Objects, and associate that access event with a username? The ultimate goal is to track which users execute Saved Searches or Visualizations, so I can correlate high-load situations with the actual origin query coming from Dashboards.
I have audit logging enabled in the Opensearch nodes themselves, but that is not providing me Dashboards-level access information. (Who accessed which Saved Object and when…).
It appears this was a feature in Kibana 7.10 Audit logs | Kibana Guide [7.10] | Elastic
…but try as I might, I’ve not been able to find any documented equivalent setting for Opensearch Dashboards.
I’ve eventually answered my own question.
The default is to omit GRANTED_PRIVILEGES from the security-auditlog.
The documentation references a deprecated, non-functional way of changing the list of excluded categories.
Note you want to change disabled_rest_categories and/or disabled_transport_categories in audit.yml . If you remove GRANTED_PRIVILEGES from the list of disabled categories, you’ll get something akin to full activity logging in your security-auditlog index.