Failed to index audit event: connectiondenied – How to solve related issues

Opster Team

Jan-20, Version: 1.7-8.0

Before you begin reading this guide, we recommend you run Elasticsearch Error Check-Up which analyzes 2 JSON files to detect many errors.

To easily locate the root cause and resolve this issue try AutoOps for Elasticsearch & OpenSearch. It diagnoses problems by analyzing hundreds of metrics collected by a lightweight agent and offers guidance for resolving them.

This guide will help you check for common problems that cause the log ” Failed to index audit event: connectiondenied ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: index and plugin.

Log Context

Log “Failed to index audit event: [connection_denied]” classname is
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

     public void connectionDenied(InetAddress inetAddress; String profile; SecurityIpFilterRule rule) {
        if (events.contains(CONNECTION_DENIED)) {
            try {
                enqueue(message("ip_filter"; "connection_denied"; inetAddress; profile; rule); "connection_denied");
            } catch (Exception e) {
                logger.warn("failed to index audit event: [connection_denied]"; e);



Watch product tour

Try AutoOps to find & fix Elasticsearch problems

Analyze Your Cluster
Skip to content