Forwarding audit events to remote cluster using hosts – How to solve this Elasticsearch error

Opster Team

Aug-23, Version: 6.8-6.8

Briefly, this error occurs when Elasticsearch is trying to forward audit events to a remote cluster but encounters issues. This could be due to network problems, incorrect configuration of the remote cluster, or the remote cluster being unavailable. To resolve this, ensure the remote cluster is up and running, check the network connectivity between the clusters, and verify the configuration settings for the remote cluster in Elasticsearch. Also, check the Elasticsearch logs for more detailed error messages that can help pinpoint the exact issue.

This guide will help you check for common problems that cause the log ” forwarding audit events to remote cluster [{}] using hosts [{}] ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin, cluster, index, hosts.

Log Context

Log “forwarding audit events to remote cluster [{}] using hosts [{}]” classname is IndexAuditTrail.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

            } catch (UnknownHostException e) {
                throw new ElasticsearchException("could not find host {}"; e; pair.v1());
            }
        }

        logger.info("forwarding audit events to remote cluster [{}] using hosts [{}]";
                clientSettings.get("cluster.name"; ""); hostPortPairs.toString());
        return transportClient;
    }

    public static Settings customAuditIndexSettings(Settings nodeSettings; Logger logger) {

 

 [ratemypost]