Hi Bhavik,
I am not adding any elastic search-related jars on the client-side, only
adding dependency related to *ranger-plugins-common *of ranger-2.1.
As I checked on the ranger-2.1 side it uses ES-7.6
I am making use of RangerDefaultAuditHandler on the client-side for audit.
Thanks,
Reetika
On Tue, Jul 20, 2021 at 2:44 PM Bhavik Patel <bhavikpatel...@gmail.com>
wrote:
> Hi Reetika,
>
>
> Can you please check your elastic version and ES audit related jar version.
>
>
> Thanks,
> Bhavik Patel
> +91-7208744109
>
>
> On Tue, Jul 20, 2021, 12:57 PM Reetika Agrawal <
> agrawal.reetika...@gmail.com> wrote:
>
>> Hi,
>>
>> I am trying to enable audit for ranger-2.1 via client and my audit
>> destinaton is elasticsearch but I am getting below error:
>>
>>
>>> *2021-07-20T11:22:59.330+0530 INFO Ranger async Audit cleanup
>>> org.apache.ranger.audit.provider.AuditProviderFactory
>>> RangerAsyncAuditCleanup: Waiting to audit cleanup start signal*
>>> *2021-07-20T11:23:02.481+0530 INFO
>>> org.apache.ranger.audit.queue.AuditBatchQueue0 xaaudit
>>> {"repoType":3,"repo":"hivedev","reqUser":"test","evtTime":"2021-07-20
>>> 11:22:53.930","resource":"information_schema/schemata/schema_name","resType":"column","action":"select","result":1,"policy":8,"enforcer":"ranger-acl","agentHost":"MacBook-Pro-2.local","logType":"RangerAudit","id":"73d6e19d-a785-4df7-a8e7-3f953ccd259e-0","seq_num":1,"event_count":1,"event_dur_ms":0,"tags":[],"cluster_name":"","policy_version":1}*
>>> *2021-07-20T11:23:02.496+0530 WARN
>>> org.apache.ranger.audit.queue.AuditBatchQueue1
>>> org.apache.ranger.audit.provider.BaseAuditHandler failed to log audit
>>> event:
>>> {"repoType":3,"repo":"hivedev","reqUser":"test","evtTime":"2021-07-20
>>> 11:22:53.930","resource":"information_schema/schemata/schema_name","resType":"column","action":"select","result":1,"policy":8,"enforcer":"ranger-acl","agentHost":"MacBook-Pro-2.local","logType":"RangerAudit","id":"73d6e19d-a785-4df7-a8e7-3f953ccd259e-0","seq_num":1,"event_count":1,"event_dur_ms":0,"tags":[],"cluster_name":"","policy_version":1}*
>>> *java.lang.IllegalArgumentException: cannot write time value xcontent
>>> for unknown value of type class java.util.Date*
>>> * at
>>> org.elasticsearch.common.xcontent.XContentBuilder.timeValue(XContentBuilder.java:751)*
>>> * at
>>> org.elasticsearch.common.xcontent.XContentBuilder.unknownValue(XContentBuilder.java:815)*
>>> * at
>>> org.elasticsearch.common.xcontent.XContentBuilder.map(XContentBuilder.java:895)*
>>> * at
>>> org.elasticsearch.common.xcontent.XContentBuilder.map(XContentBuilder.java:870)*
>>> * at
>>> org.elasticsearch.action.index.IndexRequest.source(IndexRequest.java:428)*
>>> * at
>>> org.elasticsearch.action.index.IndexRequest.source(IndexRequest.java:417)*
>>> * at
>>> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:132)*
>>> * at
>>> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)*
>>> * at
>>> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)**
>>> at java.lang.Thread.run(Thread.java:748)*
>>>
>>>
>>> *2021-07-20T11:23:02.502+0530 ERROR
>>> org.apache.ranger.audit.queue.AuditBatchQueue1
>>> org.apache.ranger.audit.provider.BaseAuditHandler Error sending message to
>>> ElasticSearch*
>>> *org.elasticsearch.action.ActionRequestValidationException: Validation
>>> Failed: 1: no requests added;*
>>> * at
>>> org.elasticsearch.action.ValidateActions.addValidationError(ValidateActions.java:26)*
>>> * at
>>> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:382)*
>>> * at
>>> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)*
>>> * at
>>> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)*
>>> * at
>>> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)*
>>> * at
>>> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:138)*
>>> * at
>>> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)*
>>> * at
>>> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)**
>>> at java.lang.Thread.run(Thread.java:748)*
>>>
>>> *2021-07-20T11:23:02.503+0530 WARN
>>> org.apache.ranger.audit.queue.AuditBatchQueue1
>>> org.apache.ranger.audit.provider.BaseAuditHandler failed to log audit
>>> event:
>>> {"repoType":3,"repo":"hivedev","reqUser":"test","evtTime":"2021-07-20
>>> 11:22:53.930","resource":"information_schema/schemata/schema_name","resType":"column","action":"select","result":1,"policy":8,"enforcer":"ranger-acl","agentHost":"MacBook-Pro-2.local","logType":"RangerAudit","id":"73d6e19d-a785-4df7-a8e7-3f953ccd259e-0","seq_num":1,"event_count":1,"event_dur_ms":0,"tags":[],"cluster_name":"","policy_version":1},
>>> errorMessage=*
>>
>>
>> Can someone help me with this?
>> --
>> Thanks,
>> Reetika Agrawal
>>
>
--
Thanks,
Reetika Agrawal
