Failed to put audit trail template – How to solve this Elasticsearch error

Opster Team

Aug-23, Version: 6.8-6.8

Briefly, this error occurs when Elasticsearch fails to create or update an audit trail template. This could be due to insufficient permissions, incorrect template format, or network connectivity issues. To resolve this, ensure that the user has the necessary permissions to create or update templates. Also, verify the template format for any errors. If the issue persists, check the network connectivity between the Elasticsearch nodes.

In addition we recommend you run the Elasticsearch Template Optimizer to fix problems in your data modeling.

It will analyze your templates to detect issues and improve search performance, reduce indexing bottlenecks and optimize storage utilization. The Template Optimizer is free and requires no installation.

Log Context

Log “failed to put audit trail template” classname is IndexAuditTrail.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

                        } else if (TemplateUtils.checkTemplateExistsAndVersionMatches(INDEX_TEMPLATE_NAME;
                                SECURITY_VERSION_STRING; clusterStateResponse.getState(); logger;
                                Version.CURRENT::onOrBefore) == false) {
                            putTemplate(customAuditIndexSettings(settings; logger);
                                    e -> {
                                        logger.error("failed to put audit trail template"; e);
                                        transitionStartingToInitialized();
                                    });
                        } else {
                            // for some reason we can't start up since the remote cluster is not fully setup. in this case
                            // we try to wait for yellow status (all primaries started up) this will also wait for

 

 [ratemypost]