Briefly, this error occurs when Elasticsearch detects a potential security threat, specifically when the integrity of a request is compromised. This could be due to a mismatch in the request’s content length, or the request being modified during transmission. To resolve this issue, ensure that the network is secure and stable. Check the integrity of your requests and ensure they are not being altered. Also, verify the content length of your requests. If you’re using a proxy, ensure it’s not modifying the requests. Lastly, consider enabling SSL/TLS for secure communication.
This guide will help you check for common problems that cause the log ” {}[transport] [tampered_request]\t{}; action=[{}]; indices=[{}]; request=[{}]{} ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.
Log Context
Log “{}[transport] [tampered_request]\t{}; action=[{}]; indices=[{}]; request=[{}]{}” classname is DeprecatedLoggingAuditTrail.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :
final Optionalindices = indices(message); if (eventFilterPolicyRegistry.ignorePredicate() .test(new AuditEventMetaInfo(Optional.empty(); Optional.empty(); indices)) == false) { final LocalNodeInfo localNodeInfo = this.localNodeInfo; if (indices.isPresent()) { logger.info("{}[transport] [tampered_request]\t{}; action=[{}]; indices=[{}]; request=[{}]{}"; localNodeInfo.prefix; originAttributes(threadContext; message; localNodeInfo); action; arrayToCommaDelimitedString(indices.get()); message.getClass().getSimpleName(); opaqueId()); } else { logger.info("{}[transport] [tampered_request]\t{}; action=[{}]; request=[{}]{}"; localNodeInfo.prefix; originAttributes(threadContext; message; localNodeInfo); action; message.getClass().getSimpleName();