Briefly, this error occurs when the Elasticsearch Auditor template is successfully installed. However, this is not an error but a confirmation message indicating that the installation process has been completed successfully. If you’re seeing this message, it means that the auditor template has been installed correctly. If you’re experiencing issues, they’re likely unrelated to this process. Check other parts of your system or application for potential problems.
This guide will help you check for common problems that cause the log ” Auditor template [{}] successfully installed ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin, template.
If you want to learn more about Elasticsearch templates, check out this guide.
Overview
A template in Elasticsearch falls into one of the two following categories and is indexed inside Elasticsearch using its dedicated endpoint:
- Index templates, which are a way to define a set of rules including index settings, mappings and an index pattern. The template is applied automatically whenever a new index is created with the matching pattern. Templates are also used to dynamically apply custom mapping for the fields which are not predefined inside existing mapping.
- Search templates, which help in defining templates for search queries using mustache scripting language. These templates act as a placeholder for variables defined inside the search queries.
Examples
Create a dynamic index template
PUT /_template/template_1?pretty
{
"index_patterns": [
"logs*",
"api*"
],
"settings": {
"number_of_shards": 2
},
"mappings": {
"dynamic_templates": [
{
"strings": {
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
}
],
"properties": {
"host_name": {
"type": "keyword"
},
"created_at": {
"type": "date"
}
}
}
}Create a search template
POST /_scripts/search_template_1?pretty
{
"script": {
"lang": "mustache",
"source": {
"query": {
"match": {
"description": "{{query_string}}"
}
}
}
}
}Executing a search query using search template
GET /_search/template?pretty
{
"id": "search_template_1",
"params": {
"query_string": "hello world"
}
}The search request will be executed by default on all the indices available in the cluster and can be limited to particular indices using an index parameter.
Notes
- A dynamic index template is always useful when you do not know the field names in advance and want to control their mapping as per the business use case.
Log Context
Log “Auditor template [{}] successfully installed” classname is AbstractAuditor.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :
ActionListenerputTemplateListener = ActionListener.wrap(r -> { synchronized (this) { // synchronized so nothing can be added to backlog while this value changes hasLatestTemplate.set(true); } logger.info("Auditor template [{}] successfully installed"; templateName); putTemplateInProgress.set(false); writeBacklog(); }; e -> { logger.warn(Strings.format("Error putting latest template [%s]"; templateName); e); putTemplateInProgress.set(false);
