Briefly, this error occurs when a user successfully authenticates to Elasticsearch using the Transport layer. It’s not an error, but an informational message indicating that the authentication process was successful. If you see this message frequently and it’s not expected, it could indicate an issue with security settings. To resolve this, you can review your security configurations, ensure that only authorized users have access, and monitor your logs for any unusual activity. You can also adjust your logging level to reduce the verbosity if these messages are overwhelming your logs.
This guide will help you check for common problems that cause the log ” {}[transport] [authentication_success]\t{}; {}; realm=[{}]; action=[{}]; request=[{}]{} ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.
Log Context
Log “{}[transport] [authentication_success]\t{}; {}; realm=[{}]; action=[{}]; request=[{}]{}” classname is DeprecatedLoggingAuditTrail.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :
if (indices.isPresent()) { logger.info("{}[transport] [authentication_success]\t{}; {}; realm=[{}]; action=[{}]; indices=[{}]; request=[{}]{}"; localNodeInfo.prefix; originAttributes(threadContext; message; localNodeInfo); principal(user); realm; action; arrayToCommaDelimitedString(indices.get()); message.getClass().getSimpleName(); opaqueId()); } else { logger.info("{}[transport] [authentication_success]\t{}; {}; realm=[{}]; action=[{}]; request=[{}]{}"; localNodeInfo.prefix; originAttributes(threadContext; message; localNodeInfo); principal(user); realm; action; message.getClass().getSimpleName(); opaqueId()); } } }