Unable to find apikey warning

for the info my cluster is on version 7.17.4 and it's based on 3 nodes that are all master eligible and data nodes.

I keep getting this warning on my master node logs non-stop,
[2023-06-13T15:44:07,212][WARN ][o.e.x.s.a.ApiKeyAuthenticator] [node2] Authentication using apikey failed - unable to find apikey with id <id>

To troubleshoot i used GET /_security/api_key?id=<id> API and effectively there were no key with the specified id.

What could happened to make this id disapear and what is the proper fix to this warnings ?

Most likely someone or some process invalidate the API key and Elasticsearch subsequent removed it (the system automatically removes invalidated and expired keys after some retention time).

To fix, you'll need find out what process is using the API key and issue a new API key to it so that it can stop using the non-existing key.

1 Like

Thank you @Yang_Wang, I tried to take this approach but I wasn't able to find out the service using this apikey. is there any way to find out ?
The only infromation I'm getting is this warning and it's happening very repeatedly (every 5 seconds or so).

I would like to know at least all process that use apikey by default, maybe it would help find an anomaly with one of them or maybe when listing apikeys I find someone missing.

Please refer to this reply and see if it helps


Thank you. I will try this config asap

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.