Skip to content

[Website]: Audit logs "request_body" output field #3010

New issue
New issue
Open
Open
[Website]: Audit logs "request_body" output field#3010
Labels
Team:AdminIssues owned by the Admin Docs Teamsource:webIssues originating from the elastic.co docs
@gmfmi

Description

@gmfmi
gmfmi
opened on Sep 18, 2025

Type of issue

Inaccurate

What documentation page is affected

https://www.elastic.co/docs/deploy-manage/security/logging-configuration/auditing-search-queries

What happened?

The documentation refers to a request.body attribute. As a end user, I would expect the final document to have the field. Instead the body is added to the field http.request.body.content (in Elasticsearch) which can be confusing.

Tested on ECH v9.1.2. I don't have access to the original log to know if logs is generated this way or transformed in later on.

Additional info

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    Team:AdminIssues owned by the Admin Docs Teamsource:webIssues originating from the elastic.co docs

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions