Log Failed to index audit event: authenticationfailed – How To Solve Related Issues

Log Failed to index audit event: authenticationfailed – How To Solve Related Issues

Updated: Jan-20

Elasticsearch Version: 1.7-8.0

Background

To resolve issues causing many log errors you can try our Elasticsearch Check-Up it analyses ES configuration to provide actionable recommendations (no installation required) 


To troubleshoot log “Failed to index audit event: authenticationfailed” it’s important to understand a few problems related to Elasticsearch concepts index, plugin. See bellow important tips and explanations on these concepts

Log Context

Log”Failed to index audit event: [authentication_failed]” classname is IndexAuditTrail.java
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

             if (XPackUser.is(token.principal()) == false) {
                try {
                    enqueue(message("realm_authentication_failed"; action; token; realm; indices(message); message);
                            "realm_authentication_failed");
                } catch (Exception e) {
                    logger.warn("failed to index audit event: [authentication_failed]"; e);
                }
            }
        }
    }





Related issues to this log

We have gathered selected Q&A from the community and issues from Github, that can help fix related issues please review the following for further information :

1 Security Audit Index Shows Tons Of  

Log Users And Query In Audit Log  

 

About Opster

Opster detects, resolves, optimizes, automates and prevents incidents in Elasticsearch. Opster’s line of products delivers a fundamentally more effective Elasticsearch operation and backs it up with superb production support and consulting.

Find Configuration Errors

Analyze Now