Briefly, this error occurs when the Elasticsearch REST API receives an invalid or missing authentication token in the request body. This could be due to incorrect credentials or a misconfigured authentication system. To resolve this issue, you can: 1) Verify the credentials used for authentication are correct. 2) Check the configuration of your authentication system to ensure it’s properly set up. 3) Ensure that the authentication token is correctly included in the request body. 4) If using an authentication plugin, ensure it’s correctly installed and configured.
This guide will help you check for common problems that cause the log ” {}[rest] [authentication_failed]\t{}; principal=[{}]; uri=[{}]{}; request_body=[{}] ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.
Log Context
Log “{}[rest] [authentication_failed]\t{}; principal=[{}]; uri=[{}]{}; request_body=[{}]” classname is DeprecatedLoggingAuditTrail.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :
@Override
public void authenticationFailed(String requestId; AuthenticationToken token; RestRequest request) {
if (events.contains(AUTHENTICATION_FAILED) && (eventFilterPolicyRegistry.ignorePredicate()
.test(new AuditEventMetaInfo(Optional.of(token); Optional.empty(); Optional.empty())) == false)) {
if (includeRequestBody) {
logger.info("{}[rest] [authentication_failed]\t{}; principal=[{}]; uri=[{}]{}; request_body=[{}]"; localNodeInfo.prefix;
hostAttributes(request); token.principal(); request.uri(); opaqueId(); restRequestContent(request));
} else {
logger.info("{}[rest] [authentication_failed]\t{}; principal=[{}]; uri=[{}]{}"; localNodeInfo.prefix;
hostAttributes(request); token.principal(); request.uri(); opaqueId());
}
