Md Mehrab Alam created RANGER-2905:
--------------------------------------
Summary: Failed to log Audit event in Elasticsearch
Key: RANGER-2905
URL: https://issues.apache.org/jira/browse/RANGER-2905
Project: Ranger
Issue Type: Bug
Components: audit
Affects Versions: 2.1.0
Reporter: Md Mehrab Alam
Elasticsearch audit IndexRequest validation is failing due to empty (i.e empty
string) type.
https://github.com/apache/ranger/blob/cd2165f4b81eff0f29edf30fe73c31d24d9f1d78/agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java#L119
Elasticsearch validation code:
https://github.com/elastic/elasticsearch/blob/7.x/server/src/main/java/org/elasticsearch/action/index/IndexRequest.java#L215
{code:java}
2020-07-08 22:55:24,740 ERROR
org.apache.ranger.audit.provider.BaseAuditHandler: Error sending message to
ElasticSearch
org.elasticsearch.action.ActionRequestValidationException: Validation Failed:
1: type is missing;
at
org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
at
org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
at
org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
at
org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
at
org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
at
org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
at
org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
at java.lang.Thread.run(Thread.java:748)
2020-07-08 22:55:24,740 WARN org.apache.ranger.audit.provider.BaseAuditHandler:
failed to log audit event:
{code}
Elasticsearch version:
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
