Briefly, this error occurs when an anonymous user tries to access Elasticsearch indices without proper authentication. Elasticsearch has strict security measures that prevent unauthorized access. To resolve this issue, you can either provide valid credentials for the user or adjust the Elasticsearch security settings to allow anonymous access. However, allowing anonymous access can pose a security risk, so it’s recommended to use authenticated access. Alternatively, you could also assign specific roles to the anonymous user, limiting their access to certain indices.
This guide will help you check for common problems that cause the log ” {}[transport] [anonymous_access_denied]\t{}; action=[{}]; indices=[{}]; request=[{}]{} ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.
Log Context
Log “{}[transport] [anonymous_access_denied]\t{}; action=[{}]; indices=[{}]; request=[{}]{}” classname is DeprecatedLoggingAuditTrail.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :
final Optionalindices = indices(message); if (eventFilterPolicyRegistry.ignorePredicate() .test(new AuditEventMetaInfo(Optional.empty(); Optional.empty(); indices)) == false) { final LocalNodeInfo localNodeInfo = this.localNodeInfo; if (indices.isPresent()) { logger.info("{}[transport] [anonymous_access_denied]\t{}; action=[{}]; indices=[{}]; request=[{}]{}"; localNodeInfo.prefix; originAttributes(threadContext; message; localNodeInfo); action; arrayToCommaDelimitedString(indices.get()); message.getClass().getSimpleName(); opaqueId()); } else { logger.info("{}[transport] [anonymous_access_denied]\t{}; action=[{}]; request=[{}]{}"; localNodeInfo.prefix; originAttributes(threadContext; message; localNodeInfo); action; message.getClass().getSimpleName();