From b62b7668d896f0106e4d8c8ed62ca39c46b85167 Mon Sep 17 00:00:00 2001
From: jonashartwig <nemuteph@gmx.de>
Date: Tue, 23 Sep 2025 11:14:56 +0200
Subject: [PATCH] Added audit configuration example for Elastic Search

---
 .../sphinx/security/ranger-access-control.md  | 45 ++++++++++++++++++-
 1 file changed, 44 insertions(+), 1 deletion(-)

diff --git a/docs/src/main/sphinx/security/ranger-access-control.md b/docs/src/main/sphinx/security/ranger-access-control.md
index a1e5e4cdbb43..b39b3cd39e40 100644
--- a/docs/src/main/sphinx/security/ranger-access-control.md
+++ b/docs/src/main/sphinx/security/ranger-access-control.md
@@ -8,7 +8,7 @@ column-masking, row-filtering and audit logging.
 ## Requirements
 
 * Access to a Apache Ranger deployment with the desired authorization policies.
-* Access to an audit store using Solr, HDFS, Log4J, or S3 to save audit logs.
+* Access to an audit store using Solr, HDFS, Log4J, Elastic Search, or S3 to save audit logs.
 * Apache Ranger 2.5.0 and greater include the required Trino service definition.
   Earlier versions of Apache Ranger require an [update to the service definition
   available on
@@ -134,6 +134,49 @@ The following table lists the configuration properties for the Ranger access con
     <value></value>
     <description>URL to Solr deployment where the plugin should send access audits to</description>
   </property>
+
+  <property>
+    <name>xasecure.audit.destination.elasticsearch</name>
+    <value>disabled</value>
+    <description>Is es audit enabled? Allowed values to enable: enable, enabled, true</description>
+  </property>
+
+  <property>
+    <name>xasecure.audit.destination.elasticsearch.urls</name>
+    <value>host1,host2</value>
+    <description>Comma (,) separated list of es hosts.</description>
+  </property>
+  
+  <property>
+    <name>xasecure.audit.destination.elasticsearch.index</name>
+    <value>ranger_audits_write</value>
+    <description>The index to write audits to. Default: ranger_audits</description>
+  </property>
+
+  <property>
+    <name>xasecure.audit.destination.elasticsearch.port</name>
+    <value>9200</value>
+    <description>The port for es. Default: 9200</description>
+  </property>
+
+  <property>
+    <name>xasecure.audit.destination.elasticsearch.protocol</name>
+    <value>http</value>
+    <description>The http protocol to use during communication. Default: http</description>
+  </property>
+
+  <property>
+    <name>xasecure.audit.destination.elasticsearch.user</name>
+    <value>write_user</value>
+    <description>The username to authenticate towards es.</description>
+  </property>
+
+  <property>
+    <name>xasecure.audit.destination.elasticsearch.password</name>
+    <value>changeme</value>
+    <description>The password to authenticate towards es.</description>
+  </property>
+
 </configuration>
 ```