Specifically, right now we are trying to audit queries run from the management UI or fleetctl. I see logging for the queries themselves, but these logs don't contain the user who initiated the query. Is that possible to add?
05/29/2020, 8:45 PM
Usernames are logged for live queries in Fleet 2.5.0+Example: