Unauthorized alert for ES with Open Distro Security

We are using ES (7.6.1 OSS version) with Open Distro ( LDAP security ). We are using Elasticsearch telegraf plugin to get the metrics Elasticsearch Plugin

We know that there is an audit log which we could parse and use input.exec plugin of telegraf to identify unauthorized requests. However, we do not want to write custom code.
Could you please help us to know if there are any plugins (telegraf) or any other way in which we directly get these unauthorized metrics?