Hi,
I am trying to enable audit for ranger-2.1 via client and my audit
destinaton is elasticsearch but I am getting below error:
> *2021-07-20T11:22:59.330+0530 INFO Ranger async Audit cleanup
> org.apache.ranger.audit.provider.AuditProviderFactory
> RangerAsyncAuditCleanup: Waiting to audit cleanup start signal*
> *2021-07-20T11:23:02.481+0530 INFO
> org.apache.ranger.audit.queue.AuditBatchQueue0 xaaudit
> {"repoType":3,"repo":"hivedev","reqUser":"test","evtTime":"2021-07-20
> 11:22:53.930","resource":"information_schema/schemata/schema_name","resType":"column","action":"select","result":1,"policy":8,"enforcer":"ranger-acl","agentHost":"MacBook-Pro-2.local","logType":"RangerAudit","id":"73d6e19d-a785-4df7-a8e7-3f953ccd259e-0","seq_num":1,"event_count":1,"event_dur_ms":0,"tags":[],"cluster_name":"","policy_version":1}*
> *2021-07-20T11:23:02.496+0530 WARN
> org.apache.ranger.audit.queue.AuditBatchQueue1
> org.apache.ranger.audit.provider.BaseAuditHandler failed to log audit
> event:
> {"repoType":3,"repo":"hivedev","reqUser":"test","evtTime":"2021-07-20
> 11:22:53.930","resource":"information_schema/schemata/schema_name","resType":"column","action":"select","result":1,"policy":8,"enforcer":"ranger-acl","agentHost":"MacBook-Pro-2.local","logType":"RangerAudit","id":"73d6e19d-a785-4df7-a8e7-3f953ccd259e-0","seq_num":1,"event_count":1,"event_dur_ms":0,"tags":[],"cluster_name":"","policy_version":1}*
> *java.lang.IllegalArgumentException: cannot write time value xcontent for
> unknown value of type class java.util.Date*
> * at
> org.elasticsearch.common.xcontent.XContentBuilder.timeValue(XContentBuilder.java:751)*
> * at
> org.elasticsearch.common.xcontent.XContentBuilder.unknownValue(XContentBuilder.java:815)*
> * at
> org.elasticsearch.common.xcontent.XContentBuilder.map(XContentBuilder.java:895)*
> * at
> org.elasticsearch.common.xcontent.XContentBuilder.map(XContentBuilder.java:870)*
> * at
> org.elasticsearch.action.index.IndexRequest.source(IndexRequest.java:428)*
> * at
> org.elasticsearch.action.index.IndexRequest.source(IndexRequest.java:417)*
> * at
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:132)*
> * at
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)*
> * at
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)**
> at java.lang.Thread.run(Thread.java:748)*
>
>
> *2021-07-20T11:23:02.502+0530 ERROR
> org.apache.ranger.audit.queue.AuditBatchQueue1
> org.apache.ranger.audit.provider.BaseAuditHandler Error sending message to
> ElasticSearch*
> *org.elasticsearch.action.ActionRequestValidationException: Validation
> Failed: 1: no requests added;*
> * at
> org.elasticsearch.action.ValidateActions.addValidationError(ValidateActions.java:26)*
> * at
> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:382)*
> * at
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)*
> * at
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)*
> * at
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)*
> * at
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:138)*
> * at
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)*
> * at
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)**
> at java.lang.Thread.run(Thread.java:748)*
>
> *2021-07-20T11:23:02.503+0530 WARN
> org.apache.ranger.audit.queue.AuditBatchQueue1
> org.apache.ranger.audit.provider.BaseAuditHandler failed to log audit
> event:
> {"repoType":3,"repo":"hivedev","reqUser":"test","evtTime":"2021-07-20
> 11:22:53.930","resource":"information_schema/schemata/schema_name","resType":"column","action":"select","result":1,"policy":8,"enforcer":"ranger-acl","agentHost":"MacBook-Pro-2.local","logType":"RangerAudit","id":"73d6e19d-a785-4df7-a8e7-3f953ccd259e-0","seq_num":1,"event_count":1,"event_dur_ms":0,"tags":[],"cluster_name":"","policy_version":1},
> errorMessage=*
Can someone help me with this?
--
Thanks,
Reetika Agrawal
