Authentication using apikey failed

Yang_Wang · May 23, 2023, 2:51am

In that case, you can try HttpTracer which will report the remote address of each request.

PUT _cluster/settings
{
   "persistent" : {
      "logger.org.elasticsearch.http.HttpTracer" : "TRACE"
   }
}

The logs will get quite verbose. You should see something like the follows for the failed API key authentication

received request from [Netty4HttpChannel{localAddress=/[0:0:0:0:0:0:0:1]:9200, remoteAddress=/[0:0:0:0:0:0:0:1]:53497}]org.elasticsearch.http.HttpHeadersValidationException: org.elasticsearch.ElasticsearchSecurityException: unable to authenticate with provided credentials and anonymous access is not allowed for this request

Hopefully the remote address will give you enough information to identify the agent that is using the invalid API key. Once you are done, you can remove HTTP tracer logging with

PUT _cluster/settings
{
   "persistent" : {
      "logger.org.elasticsearch.http.HttpTracer" : null
   }
}

Topic		Replies	Views
Unable to find apikey warning Elasticsearch elastic-stack-security	5	616	July 17, 2023
Authentication using apikey failed - unable to find apikey with id Elasticsearch	4	2844	July 27, 2023
Ignore API key failure from elastic cluster log Elasticsearch elastic-stack-monitoring	0	68	May 21, 2024
Debugging API Key authentications Elasticsearch	1	87	April 19, 2024
"Server Authentication using apikey failed - unable to find apikey with id id" Kibana	1	103	June 25, 2024

Authentication using apikey failed

Related Topics