Authentication failed for null

Hello everyone!
I'm setting up a new elastic cluster and I have an issue with with alerts in Kibana.
I have the following error for each alert in jarvis-cluster.log

[2022-09-14T10:43:56,623][WARN ][c.f.s.a.b.RequestAuthenticationProcessor] [hot-01-node-01] Authentication failed for null from [request=/.kibana_7.17.5/_doc/space:default, directIpAddress=10.240.16.236, originatingIpAddress=x.x.x.x, clientCertSubject=null]

related to this error in kibana.log

{"type":"log","@timestamp":"2022-09-14T10:40:47+02:00","tags":["error","plugins","alerting"],"pid":2037229,"message":"Executing Alert default:monitoring_alert_cpu_usage:9fbe4fc1-3360-11ed-8c66-ab2baf834e7e has resulted in Error: Unauthorized"}

image866×390 19.7 KB

In the cluster I already setup searchguard, logstash and openID. For monitoring I use metricbeat.
Self monitoring seems to be working fine, but not the alerts.

Any idea what should I do ?
Please let me know if you need more information.
Best regards,
Karim

could you share rule definition for this rule please?

What version of the stack is this?

Lastly - has this always happened, or did it start suddenly? everything should work out of the box with the elastic user and superuser role, so would be worth it to see if we can get some additional details from the Kibana logs here.
Additionally, can you speak more to your deployment configuration -- are you running multiple kibana instances? Is this all within the default space? Does this happen with all Rule Types within Stack Management or only Security Rules? Would be interested to see if you could create non-security rules without error.

cc @pmuellr for additional insights

Thanks
Rashmi

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.