Find source of request using invalid API Key

Hi,

I've seen these in the logs for a while now but I've been able to find a way to show where the request is coming from.

Authentication using apikey failed - unable to find apikey with id <ID>

Any suggestions?

Hey @Steve_Foster !

If you have a subscription, you can use audit logs for that.

Other options would include:

  • Using the REST request tracer. This will add a significant amount of logging, and is not recommended for heavily loaded clusters
  • Use a reverse proxy in front of your Elasticsearch cluster, that logs the requests and connection origins.

Hope that helps!