I got the following from logfile:
"event.type":"transport", "event.action":"access_granted", "user.name":"_xpack_security", "user.realm":"__attach", "user.roles":["superuser"], "origin.type":"local_node", "origin.address":"10.161.65.23:9300", "action":"cluster:admin/xpack/security/realm/cache/clear[n]", "request.name":"Node"}
Can anybody summarize the main purpose of this event? It is a cache clear action initiated by xpack_security to the cluster?
Hi Li,
Correct, this is indication of the realm cache being cleared. There are a number of cases that could trigger this including, but not limited to:
If this was triggered by a call to the clear cache API, you'd get an "origin.type": "rest"and "user.name" would reflect the user that called the API
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.