Authentication using apikey failed

Yang_Wang · May 23, 2023, 2:51am

In that case, you can try HttpTracer which will report the remote address of each request.

PUT _cluster/settings
{
   "persistent" : {
      "logger.org.elasticsearch.http.HttpTracer" : "TRACE"
   }
}

The logs will get quite verbose. You should see something like the follows for the failed API key authentication

received request from [Netty4HttpChannel{localAddress=/[0:0:0:0:0:0:0:1]:9200, remoteAddress=/[0:0:0:0:0:0:0:1]:53497}]org.elasticsearch.http.HttpHeadersValidationException: org.elasticsearch.ElasticsearchSecurityException: unable to authenticate with provided credentials and anonymous access is not allowed for this request

Hopefully the remote address will give you enough information to identify the agent that is using the invalid API key. Once you are done, you can remove HTTP tracer logging with

PUT _cluster/settings
{
   "persistent" : {
      "logger.org.elasticsearch.http.HttpTracer" : null
   }
}

Topic		Replies	Views
Unable to find apikey warning Elasticsearch elastic-stack-security	5	627	July 17, 2023
Elasticsearch Error "Authentication using apikey failed" Elasticsearch	1	632	April 12, 2022
Authentication using apikey failed - unable to find apikey with id Elasticsearch	4	2938	July 27, 2023
Ignore API key failure from elastic cluster log Elasticsearch elastic-stack-monitoring	0	68	May 21, 2024
Constant API Key Failures in Logs after enabling security Elasticsearch elastic-stack-security	2	713	November 11, 2021

Authentication using apikey failed

Related topics