Shield blocking Watcher to query in Elasticsearch


(Rajeshkumar) #1

I am using Elasticsearch with Shield. When I am trying to execute Watcher I am getting the below error.

ElasticsearchSecurityException[missing authentication token for REST request [/_cluster/health]]
at org.elasticsearch.shield.authc.DefaultAuthenticationFailureHandler.missingToken(
at org.elasticsearch.shield.authc.InternalAuthenticationService.authenticate(
at org.elasticsearch.http.HttpServer.internalDispatchRequest(

I am trying to create the Watcher with username and password which I was included in roles.yml.

I am using the below code to create Watcher

curl --user XXX:XXX -XPUT 'http://localhost:9200/_watcher/watch/cluster_health' -d '{
"trigger" : {
"schedule" : { "interval" : "10s" }
"input" : {
"http" : {
"request" : {
"host" : "localhost",
"port" : 9200,
"path" : "/_cluster/health"
"condition" : {
"compare" : {
"ctx.payload.status" : { "eq" : "Yellow" }

Do I need to include any properties in shield or elasticsearch.yml or in wtacher.

Thanks in advance!!!

(Alexander Reelsen) #2


you need to supply authentication information, when executing the http request pointing to /_cluster/health.

See the auth setting for the HTTP input. See the http input documentation


Missing authentication token for REST error
(Rajeshkumar) #3

Thank you so much. It resolved the issue.

(system) #4