Failed to index audit event: accessgranted – How to solve related issues

Opster Team

Jan-20, Version: 1.7-8.0

Before you begin reading this guide, we recommend you run Elasticsearch Error Check-Up which can resolve issues that cause many errors.

This guide will help you check for common problems that cause the log ” Failed to index audit event: accessgranted ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: index and plugin.

Advanced users might want to skip right to the common problems section in each concept or try running the Check-Up to analyze Elasticsearch configuration and help resolve this error.

Log Context

Log “Failed to index audit event: [access_granted]” classname is IndexAuditTrail.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

                 final String lookRealmName = authentication.getLookedUpBy() == null ? null : authentication.getLookedUpBy().getName();
                final String[] roleNames = (String[]) authorizationInfo.asMap().get(LoggingAuditTrail.PRINCIPAL_ROLES_FIELD_NAME);
                enqueue(message("access_granted"; action; user; roleNames; new Tuple(authRealmName; lookRealmName); indices(msg);
                        msg); "access_granted");
            } catch (final Exception e) {
                logger.warn("failed to index audit event: [access_granted]"; e);
            }
        }
    }

    
Override



 

Try AutoOps to detect and fix issues in your cluster:

See how it works

Analyze Your Cluster

Skip to content