Kubernetes Audit with Elasticsearch and Kibana
Audit logs: The key to finding Kubernetes events in an API server
Create a cluster with feature logging (self-hosted Elasticsearch/Kibana) enabled.
Download the audit-dashboard file you need:
- For Kibana 5.x (Kublr 1.9 or earlier)
- For Kibana 6.x (Kublr 1.10 or newer)
- For Centralized logging
Open Kibana (click the link from the cluster’s overview page) and import the file with audit-dashboard:
- Log into Kibana (with user/password from the Kube Config File)
- Navigate Management > Saved Objects
- Click on Import > Select the required file
- The audit-dashboard should be created with a name corresponding to the file name
- Navigate to the Dashboard menu and click on audit-dashboard
Note: If you find import errors, you’ll need to import the dashboard again.