rest tamperedrequestt uri= requestbody= – How to solve related issues

Opster Team

Jan-20, Version: 1.7-8.0

Before you begin reading this guide, we recommend you run Elasticsearch Error Check-Up which can resolve issues that cause many errors.

This guide will help you check for common problems that cause the log ” rest tamperedrequestt uri= requestbody= ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.

Advanced users might want to skip right to the common problems section in each concept or try running the Check-Up to analyze Elasticsearch configuration and help resolve this error.

Log Context

Log “{}[rest] [tampered_request]t{}; uri=[{}]{}; request_body=[{}]” classname is DeprecatedLoggingAuditTrail.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

 
    
Override
    public void tamperedRequest(String requestId; RestRequest request) {
        if (events.contains(TAMPERED_REQUEST) && (eventFilterPolicyRegistry.ignorePredicate().test(AuditEventMetaInfo.EMPTY) == false)) {
            if (includeRequestBody) {
                logger.info("{}[rest] [tampered_request]\t{}; uri=[{}]{}; request_body=[{}]"; localNodeInfo.prefix; hostAttributes(request);
                        request.uri(); opaqueId(); restRequestContent(request));
            } else {
                logger.info("{}[rest] [tampered_request]\t{}; uri=[{}]{}"; localNodeInfo.prefix; hostAttributes(request); request.uri();
                        opaqueId());
            }



 

Try AutoOps to detect and fix issues in your cluster:

See how it works

Analyze Your Cluster

Skip to content