Getting Error in Elasticsearch 8.12 version

I am getting error while starting the Elasticsearch please provide the solution for this.

Error
java.lang.IllegalArgumentException: unknown setting [xpack.security.audit.logfile.events.ignore_filters.users] please check that any required plugins are installed, or check the breaking changes documentation for removed settings

Configuration for elasticsearch.yml file

---------------------------------- Cluster -----------------------------------

Use a descriptive name for your cluster:

cluster.name: my-application

------------------------------------ Node ------------------------------------

Use a descriptive name for the node:

node.name: node1

Add custom attributes to the node:

#node.attr.rack: r1

----------------------------------- Paths ------------------------------------

Path to directory where to store the data (separate multiple locations by comma):

path.data: /var/lib/elasticsearch

Path to log files:

path.logs: /var/log/elasticsearch

----------------------------------- Memory -----------------------------------

Lock the memory on startup:

#bootstrap.memory_lock: true

Make sure that the heap size is set to about half the memory available

on the system and that the owner of the process is allowed to use this

limit.

Elasticsearch performs poorly when the system is swapping the memory.

---------------------------------- Network -----------------------------------

By default Elasticsearch is only accessible on localhost. Set a different

address here to expose this node on the network:

network.host: lit4elastic81.fyre.ibm.com

By default Elasticsearch listens for HTTP traffic on the first free port it

finds starting at 9200. Set a specific HTTP port here:

http.port: 9200

For more information, consult the network module documentation.

--------------------------------- Discovery ----------------------------------

Pass an initial list of hosts to perform discovery when this node is started:

The default list of hosts is ["127.0.0.1", "[::1]"]

#discovery.seed_hosts: ["host1", "host2"]

Bootstrap the cluster using an initial set of master-eligible nodes:

#cluster.initial_master_nodes: ["node-1", "node-2"]

For more information, consult the discovery and cluster formation module documentation.

---------------------------------- Various -----------------------------------

Allow wildcard deletion of indices:

#action.destructive_requires_name: false

#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------

The following settings, TLS certificates, and keys have been automatically

generated to configure Elasticsearch security features on 17-01-2024 16:24:36

--------------------------------------------------------------------------------

Enable security features

xpack.security.enabled: true

xpack.security.enrollment.enabled: true
xpack.security.audit.enabled : true
xpack.security.audit.logfile.events.include: ["authentication_success","authentication_failed"]
xpack.security.audit.logfile.events.emit_request_body : true
xpack.security.audit.logfile.emit_node_name : true
xpack.security.audit.logfile.emit_node_host_address : true
xpack.security.audit.logfile.emit_node_host_name: true
xpack.security.audit.logfile.emit_node_id: true
xpack.license.self_generated.type: trial

xpack.security.audit.logfile.events.ignore_filters:
users: ["kibana_system", "_system"]
indices: ["app-logs*"]

Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents

xpack.security.http.ssl:
enabled: false

keystore.path: elastic-certificates.p12

verification_mode: certificate

Enable encryption and mutual authentication between cluster nodes

xpack.security.transport.ssl:
enabled: false

verification_mode: certificate

keystore.path: elastic-certificates.p12

truststore.path: elastic-certificates.p12

client_authentication: required

Create a new cluster with the current node only

Additional nodes can still join the cluster later

cluster.initial_master_nodes: ["lit4elastic81.fyre.ibm.com"]

discovery.type: single-node

Allow HTTP API connections from anywhere

Connections are encrypted and require user authentication

http.host: 0.0.0.0

Allow other nodes to join the cluster from anywhere

Connections are encrypted and mutually authenticated

#transport.host: 0.0.0.0

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
#logger.org.elasticsearch.discovery: DEBUG

Hi @ashishshukla,

The issue looks to be your configuration for the setting xpack.security.audit.logfile.events.ignore_filters.users that you have included in your documentation.

You need to include a namespace as shown in the examples in the documentation.

Can you try that and see if that resolves your error?

Hope that helps!

.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.