Failed to start index audit trail – How to solve this Elasticsearch error

Opster Team

Aug-23, Version: 6.8-6.8

Briefly, this error occurs when Elasticsearch is unable to initialize the audit trail index due to issues like insufficient permissions, disk space, or incorrect configuration. To resolve this, ensure that Elasticsearch has the necessary permissions to create and write to the index. Check if there’s enough disk space available. Also, verify the audit trail settings in the Elasticsearch configuration file. If the issue persists, consider checking the Elasticsearch logs for more detailed error information.

This guide will help you check for common problems that cause the log ” failed to start index audit trail ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin, index.

Log Context

Log “failed to start index audit trail” classname is
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

        } catch (Exception e) {
            logger.error("failed to start index audit trail"; e);

     * This method determines if this service can be started based on the state in the {@link ClusterChangedEvent} and


How helpful was this guide?

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?