[
https://issues.apache.org/jira/browse/RANGER-3938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Suman B N updated RANGER-3938:
------------------------------
Description:
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if
there are 2 or more indices for an alias then audit API doesn't work. Because
while fetching the records, ranger uses multi get request on an alias.
It results in below error:
{noformat}
Alias [alias-name] has more than one indices associated with it [[index-000002,
index-000001]], can't execute a single index op
{noformat}
[Code
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
{code:java}
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null,
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
{code}
So there can be 2 possible approaches to resolve this:
- Approach 1(Quick and fast):
Use {noformat}hit.getIndex(){noformat} instead of index(in this case its has
alias) for a MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.
- Approach 2(Change the MultiGet to search):
POST /_search
{code:json}
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
{code}
This would be a recommended approach.
Correct me if I am wrong. If not, Can I pick this up and fix it? I have already
fixed it in my local with approach 1 as a quick fix.
was:
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if
there are 2 or more indices for an alias then audit API doesn't work. Because
while fetching the records, ranger uses multi get request on an alias.
It results in below error:
{noformat}
Alias [alias-name] has more than one indices associated with it [[index-000002,
index-000001]], can't execute a single index op
{noformat}
[Code
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
{code:java}
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null,
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
{code}
So there can be 2 possible approaches to resolve this:
- Approach 1(Quick and fast):
Use
{noformat}
hit.getIndex()
{noformat}
instead of index(in this case its has alias) for a MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.
- Approach 2(Change the MultiGet to search):
POST /_search
{code:json}
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
{code}
This would be a recommended approach.
Correct me if I am wrong. If not, Can I pick this up and fix it? I have already
fixed it in my local with approach 1 as a quick fix.
> Unable to access audit logs from an elasticsearch alias
> -------------------------------------------------------
>
> Key: RANGER-3938
> URL: https://issues.apache.org/jira/browse/RANGER-3938
> Project: Ranger
> Issue Type: Bug
> Components: audit
> Reporter: Suman B N
> Priority: Minor
>
> Lets say for audit, we configure an elasticsearch alias(rollover alias). And
> if there are 2 or more indices for an alias then audit API doesn't work.
> Because while fetching the records, ranger uses multi get request on an
> alias.
> It results in below error:
> {noformat}
> Alias [alias-name] has more than one indices associated with it
> [[index-000002, index-000001]], can't execute a single index op
> {noformat}
> [Code
> snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
> {code:java}
> MultiGetRequest multiGetRequest = new MultiGetRequest();
> for (SearchHit hit : hits) {
> MultiGetRequest.Item item = new MultiGetRequest.Item(index, null,
> hit.getId());
> item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
> multiGetRequest.add(item);
> }
> {code}
> So there can be 2 possible approaches to resolve this:
> - Approach 1(Quick and fast):
> Use {noformat}hit.getIndex(){noformat} instead of index(in this case its has
> alias) for a MultiGetRequest.Item object.
> So that all the documents can be get by id with its index only instead of
> alias.
> - Approach 2(Change the MultiGet to search):
> POST /_search
> {code:json}
> {
> "query": {
> "ids" : {
> "values" : ["id1", "id2"]
> }
> }
> }
> {code}
> This would be a recommended approach.
> Correct me if I am wrong. If not, Can I pick this up and fix it? I have
> already fixed it in my local with approach 1 as a quick fix.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
