Find source of request using invalid API Key

Steve_Foster · September 18, 2024, 8:58pm

Hi,

I've seen these in the logs for a while now but I've been able to find a way to show where the request is coming from.

Authentication using apikey failed - unable to find apikey with id <ID>

Any suggestions?

Carlos_D · September 20, 2024, 6:58am

If you have a subscription, you can use audit logs for that.

Other options would include:

Using the REST request tracer. This will add a significant amount of logging, and is not recommended for heavily loaded clusters
Use a reverse proxy in front of your Elasticsearch cluster, that logs the requests and connection origins.

Hope that helps!

Topic		Replies	Views
Authentication using apikey failed Elasticsearch elastic-stack-security	6	1295	June 20, 2023
Authentication using apikey failed - unable to find apikey with id Elasticsearch	4	2949	July 27, 2023
Constant API Key Failures in Logs after enabling security Elasticsearch elastic-stack-security	2	713	November 11, 2021
Ignore API key failure from elastic cluster log Elasticsearch elastic-stack-monitoring	0	68	May 21, 2024
Authentication using apikey failed Kibana	7	4324	July 12, 2021