In auditlog,I saw the log below, what dose "realm_authentication_failed" really mean, this query was normal,why "realm_authentication_failed"?
{
"type":"audit",
"timestamp":"2022-08-18T02:35:15,041+0000",
"node.id":"xxxxxxxx",
"event.type":"rest",
"event.action":"realm_authentication_failed",
"user.name":"xxxxxxx",
"origin.type":"rest",
"origin.address":"xxxxxxx",
"realm":"reserved",
"url.path":"/indexAAA/_search",
"url.query":"typed_keys=true&ignore_unavailable=false&expand_wildcards=open&allow_no_indices=true&ignore_throttled=true&search_type=query_then_fetch&batched_reduce_size=512&ccs_minimize_roundtrips=true",
"request.method":"POST",
"request.body":"{\"from\":10,\"size\":10,\"query\":{\"bool\":{\"must\":[{\"term\":{\"logname\":{\"value\":\"xxxxxx\",\"boost\":1.0}}},{\"range\":{\"logtime-UTC\":{\"from\":\"2022-08-11 00:00:00\",\"to\":\"2022-08-18 10:34:56\",\"include_lower\":true,\"include_upper\":true,\"time_zone\":\"Asia/Shanghai\",\"format\":\"yyyy-MM-dd HH:mm:ss\",\"boost\":1.0}}},{\"bool\":{\"should\":[{\"term\":{\"serverid\":{\"value\":\"xxxx\",\"boost\":1.0}}}],\"adjust_pure_negative\":true,\"boost\":1.0}},{\"match\":{\"userid\":{\"query\":\"xxxxxxx\",\"operator\":\"OR\",\"prefix_length\":0,\"max_expansions\":50,\"fuzzy_transpositions\":true,\"lenient\":false,\"zero_terms_query\":\"NONE\",\"auto_generate_synonyms_phrase_query\":true,\"boost\":1.0}}},{\"match\":{\"roleid\":{\"query\":\"xxxxxx\",\"operator\":\"OR\",\"prefix_length\":0,\"max_expansions\":50,\"fuzzy_transpositions\":true,\"lenient\":false,\"zero_terms_query\":\"NONE\",\"auto_generate_synonyms_phrase_query\":true,\"boost\":1.0}}}],\"adjust_pure_negative\":true,\"boost\":1.0}},\"sort\":[{\"logtime\":{\"order\":\"asc\"}}],\"track_total_hits\":2147483647}",
"request.id":"xxxxxxx"
}