[jira] [Commented] (RANGER-2905) Failed to log Audit event in Elasticsearch

Thu, 09 Jul 2020 01:42:17 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-2905?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17154338#comment-17154338
 ] 

Md Mehrab Alam commented on RANGER-2905:
----------------------------------------

[~pradeepagrawal8184]

> Failed to log Audit event in Elasticsearch 
> -------------------------------------------
>
>                 Key: RANGER-2905
>                 URL: https://issues.apache.org/jira/browse/RANGER-2905
>             Project: Ranger
>          Issue Type: Bug
>          Components: audit
>    Affects Versions: 2.1.0
>            Reporter: Md Mehrab Alam
>            Priority: Major
>
>  
> Elasticsearch audit IndexRequest validation is failing due to empty (i.e 
> empty string) type. 
> https://github.com/apache/ranger/blob/cd2165f4b81eff0f29edf30fe73c31d24d9f1d78/agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java#L119
>  
> Elasticsearch validation code:
> https://github.com/elastic/elasticsearch/blob/7.x/server/src/main/java/org/elasticsearch/action/index/IndexRequest.java#L215
>  
> {code:java}
> 2020-07-08 22:55:24,740 ERROR 
> org.apache.ranger.audit.provider.BaseAuditHandler: Error sending message to 
> ElasticSearch
> org.elasticsearch.action.ActionRequestValidationException: Validation Failed: 
> 1: type is missing;
>         at 
> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
>         at 
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
>         at 
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
>         at 
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
>         at 
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
>         at 
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
>         at 
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
>         at java.lang.Thread.run(Thread.java:748)
> 2020-07-08 22:55:24,740 WARN 
> org.apache.ranger.audit.provider.BaseAuditHandler: failed to log audit event:
> {code}
> Elasticsearch version: 
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to