Failed to index audit event: authenticationfailed – How to solve related issues

Opster Team

Jan-20, Version: 1.7-8.0

Before you begin reading this guide, we recommend you run Elasticsearch Error Check-Up which can resolve issues that cause many errors.

This guide will help you check for common problems that cause the log ” Failed to index audit event: authenticationfailed ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: index and plugin.

Advanced users might want to skip right to the common problems section in each concept or try running the Check-Up to analyze Elasticsearch configuration and help resolve this error.

Log Context

Log “Failed to index audit event: [authentication_failed]” classname is IndexAuditTrail.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

             if (XPackUser.is(token.principal()) == false) {
                try {
                    enqueue(message("realm_authentication_failed"; action; token; realm; indices(message); message);
                            "realm_authentication_failed");
                } catch (Exception e) {
                    logger.warn("failed to index audit event: [authentication_failed]"; e);
                }
            }
        }
    }





 

Watch product tour

Watch how AutoOps finds & fixes Elasticsearch problems

Analyze Your Cluster
Skip to content