Authentication using apikey failed

Suddenly this error appeared.
I can't find in the logs what is the cause of this error.
Can anyone tell me how to fix this?
Please help.. :cry:

I am using version of elasticsearch 7.17.8 and kibana 7.17.8

Authentication using apikey failed - unable to find apikey with id m-232swds23_wee12

Hi @Cruz

You going to need to provide more information...

What are you using to make the call? What Client or Beat etc...

Did the API Key get Invalidated?

If you log into Kibana is the API Key still there and valid?

Did you put a time/expiration date on the API Key?

Can you curl GET with the same API Key?

Hello @stephenb thanks for your reply.
Actually, the error suddenly appeared without me changing anything.
I have a test server that I installed with winlogbeat
I configured it correctly because it started sending logs to my logstash

I tried to query GET /_security/api_key but the api key whose id is m-232swds23_wee12 is not there.

How should I know if my API Key get Invalidated?
I'm sorry I only know a little I just started learning this.

I also found out that I have another error @stephenb .

[WARN ][o.e.x.s.a.ApiKeyAuthenticator] [node-1] Authentication using apikey failed - apikey authentication for id m-232swds23_wee12 encountered a failure
org.elasticsearch.action.NoShardAvailableActionException: No shard available for [get [.security][_doc][m-232swds23_wee12]: routing [null]]
        at$AsyncSingleAction.perform( [elasticsearch-7.17.8.jar:7.17.8]
        at$AsyncSingleAction.start( [elasticsearch-7.17.8.jar:7.17.8]
        at [elasticsearch-7.17.8.jar:7.17.8]
        at [elasticsearch-7.17.8.jar:7.17.8]
        at$RequestFilterChain.proceed( [elasticsearch-7.17.8.jar:7.17.8]
        at$Simple.apply( [elasticsearch-7.17.8.jar:7.17.8]
        at$RequestFilterChain.proceed( [elasticsearch-7.17.8.jar:7.17.8]
        at$applyInternal$3( [x-pack-security-7.17.8.jar:7.17.8]
        at org.elasticsearch.action.ActionListener$DelegatingFailureActionListener.onResponse( [elasticsearch-7.17.8.jar:7.17.8]
        at$1.onResponse( [x-pack-security-7.17.8.jar:7.17.8]
        at$1.onResponse( [x-pack-security-7.17.8.jar:7.17.8]
        at [x-pack-security-7.17.8.jar:7.17.8]
        at$1.onResponse( [x-pack-security-7.17.8.jar:7.17.8]
        at$1.onResponse( [x-pack-security-7.17.8.jar:7.17.8]
        at [x-pack-security-7.17.8.jar:7.17.8]

Can you help me how to solve this?

You need to contact whoever is running your cluster because it looks like it is not healthy...

Looks like the security index where the API keys are at is missing or corrupt.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.