Hi Reetika,
Can you please check your elastic version and ES audit related jar version.
Thanks,
Bhavik Patel
+91-7208744109
On Tue, Jul 20, 2021, 12:57 PM Reetika Agrawal <agrawal.reetika...@gmail.com>
wrote:
> Hi,
>
> I am trying to enable audit for ranger-2.1 via client and my audit
> destinaton is elasticsearch but I am getting below error:
>
>
>> *2021-07-20T11:22:59.330+0530 INFO Ranger async Audit cleanup
>> org.apache.ranger.audit.provider.AuditProviderFactory
>> RangerAsyncAuditCleanup: Waiting to audit cleanup start signal*
>> *2021-07-20T11:23:02.481+0530 INFO
>> org.apache.ranger.audit.queue.AuditBatchQueue0 xaaudit
>> {"repoType":3,"repo":"hivedev","reqUser":"test","evtTime":"2021-07-20
>> 11:22:53.930","resource":"information_schema/schemata/schema_name","resType":"column","action":"select","result":1,"policy":8,"enforcer":"ranger-acl","agentHost":"MacBook-Pro-2.local","logType":"RangerAudit","id":"73d6e19d-a785-4df7-a8e7-3f953ccd259e-0","seq_num":1,"event_count":1,"event_dur_ms":0,"tags":[],"cluster_name":"","policy_version":1}*
>> *2021-07-20T11:23:02.496+0530 WARN
>> org.apache.ranger.audit.queue.AuditBatchQueue1
>> org.apache.ranger.audit.provider.BaseAuditHandler failed to log audit
>> event:
>> {"repoType":3,"repo":"hivedev","reqUser":"test","evtTime":"2021-07-20
>> 11:22:53.930","resource":"information_schema/schemata/schema_name","resType":"column","action":"select","result":1,"policy":8,"enforcer":"ranger-acl","agentHost":"MacBook-Pro-2.local","logType":"RangerAudit","id":"73d6e19d-a785-4df7-a8e7-3f953ccd259e-0","seq_num":1,"event_count":1,"event_dur_ms":0,"tags":[],"cluster_name":"","policy_version":1}*
>> *java.lang.IllegalArgumentException: cannot write time value xcontent for
>> unknown value of type class java.util.Date*
>> * at
>> org.elasticsearch.common.xcontent.XContentBuilder.timeValue(XContentBuilder.java:751)*
>> * at
>> org.elasticsearch.common.xcontent.XContentBuilder.unknownValue(XContentBuilder.java:815)*
>> * at
>> org.elasticsearch.common.xcontent.XContentBuilder.map(XContentBuilder.java:895)*
>> * at
>> org.elasticsearch.common.xcontent.XContentBuilder.map(XContentBuilder.java:870)*
>> * at
>> org.elasticsearch.action.index.IndexRequest.source(IndexRequest.java:428)*
>> * at
>> org.elasticsearch.action.index.IndexRequest.source(IndexRequest.java:417)*
>> * at
>> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:132)*
>> * at
>> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)*
>> * at
>> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)**
>> at java.lang.Thread.run(Thread.java:748)*
>>
>>
>> *2021-07-20T11:23:02.502+0530 ERROR
>> org.apache.ranger.audit.queue.AuditBatchQueue1
>> org.apache.ranger.audit.provider.BaseAuditHandler Error sending message to
>> ElasticSearch*
>> *org.elasticsearch.action.ActionRequestValidationException: Validation
>> Failed: 1: no requests added;*
>> * at
>> org.elasticsearch.action.ValidateActions.addValidationError(ValidateActions.java:26)*
>> * at
>> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:382)*
>> * at
>> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)*
>> * at
>> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)*
>> * at
>> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)*
>> * at
>> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:138)*
>> * at
>> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)*
>> * at
>> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)**
>> at java.lang.Thread.run(Thread.java:748)*
>>
>> *2021-07-20T11:23:02.503+0530 WARN
>> org.apache.ranger.audit.queue.AuditBatchQueue1
>> org.apache.ranger.audit.provider.BaseAuditHandler failed to log audit
>> event:
>> {"repoType":3,"repo":"hivedev","reqUser":"test","evtTime":"2021-07-20
>> 11:22:53.930","resource":"information_schema/schemata/schema_name","resType":"column","action":"select","result":1,"policy":8,"enforcer":"ranger-acl","agentHost":"MacBook-Pro-2.local","logType":"RangerAudit","id":"73d6e19d-a785-4df7-a8e7-3f953ccd259e-0","seq_num":1,"event_count":1,"event_dur_ms":0,"tags":[],"cluster_name":"","policy_version":1},
>> errorMessage=*
>
>
> Can someone help me with this?
> --
> Thanks,
> Reetika Agrawal
>
