URL

https://docs.openshift.com/container-platform/4.15/logging/cluster-logging.html

Section

About Logging

Description

It's read the note:

Because the internal OpenShift Container Platform Elasticsearch log store does not provide secure storage for audit logs, audit logs are not stored in the internal Elasticsearch instance by default. If you want to send the audit logs to the default internal Elasticsearch log store, for example to view the audit logs in Kibana, you must use the Log Forwarding API as described in Forward audit logs to the log store.

This is making explicit reference to Elasticsearch, but it applies also to Loki. In Configuring log forwarding documentation section is observed a better description where it's agnostic about Log storage solution:

Audit logs are not forwarded to the internal log store by default because this does not provide secure storage. You are responsible for ensuring that the system to which you forward audit logs is compliant with your organizational and governmental regulations, and is properly secured.

NOTE: It's not reviewed the entire documentation for observing if more times appear making reference to only Elasticsearch