Log Failed to index audit event: accessgranted – How To Solve Related Issues

Log Failed to index audit event: accessgranted – How To Solve Related Issues

Updated: Jan-20

Elasticsearch Version: 1.7-8.0

Background

To resolve issues causing many log errors you can try our Elasticsearch Check-Up it analyses ES configuration to provide actionable recommendations (no installation required) 


To troubleshoot log “Failed to index audit event: accessgranted” it’s important to understand a few problems related to Elasticsearch concepts index, plugin. See bellow important tips and explanations on these concepts

Log Context

Log”Failed to index audit event: [access_granted]” classname is IndexAuditTrail.java
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

                 final String lookRealmName = authentication.getLookedUpBy() == null ? null : authentication.getLookedUpBy().getName();
                final String[] roleNames = (String[]) authorizationInfo.asMap().get(LoggingAuditTrail.PRINCIPAL_ROLES_FIELD_NAME);
                enqueue(message("access_granted"; action; user; roleNames; new Tuple(authRealmName; lookRealmName); indices(msg);
                        msg); "access_granted");
            } catch (final Exception e) {
                logger.warn("failed to index audit event: [access_granted]"; e);
            }
        }
    }

    
Override



Related issues to this log

We have gathered selected Q&A from the community and issues from Github, that can help fix related issues please review the following for further information :

1 Index Audit Output  

Log Users And Query In Audit Log  

 

About Opster

Opster detects, resolves, optimizes, automates and prevents incidents in Elasticsearch. Opster’s line of products delivers a fundamentally more effective Elasticsearch operation and backs it up with superb production support and consulting.

Find Configuration Errors

Analyze Now