Failed to index audit event connection granted – How to solve this Elasticsearch error

Opster Team

Aug-23, Version: 6.8-6.8

Briefly, this error occurs when Elasticsearch fails to index an audit event, specifically a “connection granted” event. This could be due to insufficient permissions, a full disk, or a network issue. To resolve this, you can check the Elasticsearch logs for more details about the error. Ensure that the user has the necessary permissions to index data. Also, check the disk space and free up space if necessary. Lastly, verify the network connectivity between the Elasticsearch cluster and the source of the audit event.

This guide will help you check for common problems that cause the log ” failed to index audit event: [connection_granted] ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin, index.

Log Context

Log “failed to index audit event: [connection_granted]” classname is IndexAuditTrail.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

    public void connectionGranted(InetAddress inetAddress; String profile; SecurityIpFilterRule rule) {
        if (events.contains(CONNECTION_GRANTED)) {
            try {
                enqueue(message("ip_filter"; "connection_granted"; inetAddress; profile; rule); "connection_granted");
            } catch (Exception e) {
                logger.warn("failed to index audit event: [connection_granted]"; e);
            }
        }
    }

    @Override

 

 [ratemypost]