So I recently had to reset my ELK stack, because I was having crazy issues I couldn't fix. Without realizing it, and after looking at the logs, I saw that also killed all of my api keys.
[2021-05-14T20:39:26,217][WARN ][o.e.x.s.a.AuthenticationService] [server.local] Authentication using apikey failed - unable to find apikey with id asdfghjkl
My question is, is there anyway to restore my api keys with the exact same id, name, and apikey? Or is there anyway of figuring out what machines are trying to authenticate with a specific apikey?
You won't be able to have the same ID/name/apikey sadly. So the best solution will be to just go through the setup of all API keys again from scratch, to make sure you don't miss anything. It will save you a lot of hunting when you have one that's missing or something else.
I ensured logging was enabled on both elasticsearch and kibana (it was). and I'm seeing [2021-05-17T16:52:32,685][WARN ][o.e.x.s.a.AuthenticationService] [graylog.scspa.local] Authentication using apikey failed - unable to find apikey with id DEyW3HUBgMTKE8dJsmBi (this is one of many)
but no indication what machine attempted the connection
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.