Constant API Key Failures in Logs after enabling security

Heroj04 · October 14, 2021, 3:39am

Just recently set up an Elasticsearch server. after enabling security and SSL I am seeing just constant apikey errors in the logs.
Even if I shut down all other parts of the system (kibana/beats/fleet) they are still coming through.
with several different keys too.
Any idea what this could be or how I can see what host the connection is coming from.

14:01:14.879
elasticsearch.server
[elasticsearch.server][WARN] Authentication using apikey failed - unable to find apikey with id <keyRemoved>
14:01:14.879
elasticsearch.server
[elasticsearch.server][WARN] Authentication using apikey failed - unable to find apikey with id <keyRemoved>
14:01:15.010
elasticsearch.server
[elasticsearch.server][WARN] Authentication using apikey failed - unable to find apikey with id <keyRemoved>
14:01:15.010
elasticsearch.server
[elasticsearch.server][WARN] Authentication using apikey failed - unable to find apikey with id <keyRemoved>

Yang_Wang · October 14, 2021, 4:16am

You can check the source IP in audit logs if the cluster license is Gold+ (or Trial).

system · November 11, 2021, 4:17am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Authentication using apikey failed - unable to find apikey with id Elasticsearch	4	2938	July 27, 2023
Authentication using apikey failed Kibana elastic-stack-security	5	1330	February 22, 2023
Elasticsearch Error "Authentication using apikey failed" Elasticsearch	1	632	April 12, 2022
Authentication using apikey failed Elasticsearch elastic-stack-security	6	1286	June 20, 2023
Unable to find apikey warning Elasticsearch elastic-stack-security	5	627	July 17, 2023

Constant API Key Failures in Logs after enabling security

Related topics