Log into elasticsearch

[Archie1978]

Hello,
I installed KubeArmor and forwarded the data to Elasticsearch. I notice that KubeArmor is very verbose. For example, when GitLab is installed on the cluster, I get around 170,000 messages in 30 minutes 🙂
What strategies should I use to reduce the amount of logs?
Is adding an ‘allow’ rule for all applications that read from /etc, /usr, and /opt a good strategy, and does it short-circuit the default posture rule?”

Kind regards, Archie