Log rest tamperedrequestt uri= – How To Solve Related Issues

Log rest tamperedrequestt uri= – How To Solve Related Issues

Updated: Jan-20

Elasticsearch Version: 1.7-8.0

Background

To resolve issues causing many log errors you can try our Elasticsearch Check-Up it analyses ES configuration to provide actionable recommendations (no installation required) 


To troubleshoot log “rest tamperedrequestt uri=” it’s important to understand a few problems related to Elasticsearch concepts plugin. See bellow important tips and explanations on these concepts

Log Context

Log”{}[rest] [tampered_request]t{}; uri=[{}]{}” classname is DeprecatedLoggingAuditTrail.java
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

         if (events.contains(TAMPERED_REQUEST) && (eventFilterPolicyRegistry.ignorePredicate().test(AuditEventMetaInfo.EMPTY) == false)) {
            if (includeRequestBody) {
                logger.info("{}[rest] [tampered_request]\t{}; uri=[{}]{}; request_body=[{}]"; localNodeInfo.prefix; hostAttributes(request);
                        request.uri(); opaqueId(); restRequestContent(request));
            } else {
                logger.info("{}[rest] [tampered_request]\t{}; uri=[{}]{}"; localNodeInfo.prefix; hostAttributes(request); request.uri();
                        opaqueId());
            }
        }
    }





Related issues to this log

We have gathered selected Q&A from the community and issues from Github, that can help fix related issues please review the following for further information :

1 Es Node Disconnects After Enablign  

Github Issue Number 31046  

 

About Opster

Opster detects, resolves, optimizes, automates and prevents incidents in Elasticsearch. Opster’s line of products delivers a fundamentally more effective Elasticsearch operation and backs it up with superb production support and consulting.

Find Configuration Errors

Analyze Now