In my Elastic Search server, i get this Search guard index error

Search Guard
1

If you think it is a bug report or you have a technical issue, please answer the following questions.

**Elasticsearch version:**7.17.3

Kibana version (if relevant): 7.17.3

Browser version (if relevant):

Describe the issue: ELK Server service is not starting

Steps to reproduce:
1.
2.
3.

Expected behavior:

Provide configuration:
elasticsearch/config/elasticsearch.yml
elasticsearch/plugins/search-guard-7/sgconfig/sg_config.yml
kibana/config/kibana.yml (if relevant)

Provide logs:
Elasticsearch
Kibana (if relevant)

Screenshots (if relevant):

Errors in browser console (if relevant):[2024-07-31T08:39:32,010][ERROR][c.f.s.f.SearchGuardFd exception [_searchguard] InvalidIndexNameException[Invalid index name [searchguard], must not start with '‘.]
org.elasticsearch.indices.InvalidIndexNameException: Invalid index name [searchguard], must not start with '’.
at org.elasticsearch.cluster.metadata.IndexNameExpressionResolver$WildcardExpressionResolver.validateAliasOrIndex(IndexNameExpressionResolver.java:1227) ~[elasticsearch-7.17.3.jar:7.17.3]
at

2

More logs :

[2024-07-31T08:39:32,010][ERROR][c.f.s.f.SearchGuardFilter] [node-1] Unexpected exception [_searchguard] InvalidIndexNameException[Invalid index name [_searchguard], must not start with '_'.]
org.elasticsearch.indices.InvalidIndexNameException: Invalid index name [_searchguard], must not start with '_'.
	at org.elasticsearch.cluster.metadata.IndexNameExpressionResolver$WildcardExpressionResolver.validateAliasOrIndex(IndexNameExpressionResolver.java:1227) ~[elasticsearch-7.17.3.jar:7.17.3]
	at org.elasticsearch.cluster.metadata.IndexNameExpressionResolver$WildcardExpressionResolver.innerResolve(IndexNameExpressionResolver.java:1165) ~[elasticsearch-7.17.3.jar:7.17.3]
	at org.elasticsearch.cluster.metadata.IndexNameExpressionResolver$WildcardExpressionResolver.resolve(IndexNameExpressionResolver.java:1144) ~[elasticsearch-7.17.3.jar:7.17.3]
	at org.elasticsearch.cluster.metadata.IndexNameExpressionResolver.concreteIndices(IndexNameExpressionResolver.java:292) ~[elasticsearch-7.17.3.jar:7.17.3]
	at org.elasticsearch.cluster.metadata.IndexNameExpressionResolver.concreteIndexNames(IndexNameExpressionResolver.java:270) ~[elasticsearch-7.17.3.jar:7.17.3]
	at org.elasticsearch.cluster.metadata.IndexNameExpressionResolver.concreteIndexNames(IndexNameExpressionResolver.java:151) ~[elasticsearch-7.17.3.jar:7.17.3]
	at com.floragunn.searchguard.resolver.IndexResolverReplacer.resolveIndexPatterns(IndexResolverReplacer.java:238) ~[search-guard-suite-security-7.17.3-53.1.0.jar:7.17.3-53.1.0]
	at com.floragunn.searchguard.resolver.IndexResolverReplacer$2.provide(IndexResolverReplacer.java:322) ~[search-guard-suite-security-7.17.3-53.1.0.jar:7.17.3-53.1.0]
	at com.floragunn.searchguard.resolver.IndexResolverReplacer.getOrReplaceAllIndices(IndexResolverReplacer.java:780) ~[search-guard-suite-security-7.17.3-53.1.0.jar:7.17.3-53.1.0]
	at com.floragunn.searchguard.resolver.IndexResolverReplacer.resolveRequest(IndexResolverReplacer.java:309) ~[search-guard-suite-security-7.17.3-53.1.0.jar:7.17.3-53.1.0]
	at com.floragunn.searchguard.privileges.PrivilegesEvaluator.evaluate(PrivilegesEvaluator.java:234) ~[search-guard-suite-security-7.17.3-53.1.0.jar:7.17.3-53.1.0]
	at com.floragunn.searchguard.filter.SearchGuardFilter.apply0(SearchGuardFilter.java:299) [search-guard-suite-security-7.17.3-53.1.0.jar:7.17.3-53.1.0]
	at com.floragunn.searchguard.filter.SearchGuardFilter.lambda$apply$0(SearchGuardFilter.java:129) [search-guard-suite-security-7.17.3-53.1.0.jar:7.17.3-53.1.0]
	at com.floragunn.searchguard.privileges.SpecialPrivilegesEvaluationContextProviderRegistry.provide(SpecialPrivilegesEvaluationContextProviderRegistry.java:50) [search-guard-suite-security-7.17.3-53.1.0.jar:7.17.3-53.1.0]
	at com.floragunn.searchguard.privileges.SpecialPrivilegesEvaluationContextProviderRegistry.lambda$provide$0(SpecialPrivilegesEvaluationContextProviderRegistry.java:42) [search-guard-suite-security-7.17.3-53.1.0.jar:7.17.3-53.1.0]
	at com.floragunn.searchguard.internalauthtoken.InternalAuthTokenProvider.userAuthFromToken(InternalAuthTokenProvider.java:97) [search-guard-suite-security-7.17.3-53.1.0.jar:7.17.3-53.1.0]
	at com.floragunn.searchguard.privileges.SpecialPrivilegesEvaluationContextProviderRegistry.provide(SpecialPrivilegesEvaluationContextProviderRegistry.java:38) [search-guard-suite-security-7.17.3-53.1.0.jar:7.17.3-53.1.0]
	at com.floragunn.searchguard.privileges.SpecialPrivilegesEvaluationContextProviderRegistry.provide(SpecialPrivilegesEvaluationContextProviderRegistry.java:28) [search-guard-suite-security-7.17.3-53.1.0.jar:7.17.3-53.1.0]
	at com.floragunn.searchguard.filter.SearchGuardFilter.apply(SearchGuardFilter.java:126) [search-guard-suite-security-7.17.3-53.1.0.jar:7.17.3-53.1.0]
	at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:177) [elasticsearch-7.17.3.jar:7.17.3]
	at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:154) [elasticsearch-7.17.3.jar:7.17.3]
	at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:82) [elasticsearch-7.17.3.jar:7.17.3]
	at org.elasticsearch.client.node.NodeClient.executeLocally(NodeClient.java:95) [elasticsearch-7.17.3.jar:7.17.3]
	at org.elasticsearch.client.node.NodeClient.doExecute(NodeClient.java:73) [elasticsearch-7.17.3.jar:7.17.3]
	at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:407) [elasticsearch-7.17.3.jar:7.17.3]
	at org.elasticsearch.client.support.AbstractClient.get(AbstractClient.java:512) [elasticsearch-7.17.3.jar:7.17.3]
	at org.elasticsearch.rest.action.document.RestGetAction.lambda$prepareRequest$0(RestGetAction.java:91) [elasticsearch-7.17.3.jar:7.17.3]
	at org.elasticsearch.rest.BaseRestHandler.handleRequest(BaseRestHandler.java:109) [elasticsearch-7.17.3.jar:7.17.3]
	at com.floragunn.searchguard.filter.SearchGuardRestFilter$1.lambda$handleRequest$0(SearchGuardRestFilter.java:97) [search-guard-suite-security-7.17.3-53.1.0.jar:7.17.3-53.1.0]
	at com.floragunn.searchguard.auth.RestAuthenticationProcessor.lambda$checkCurrentAuthenticationDomain$1(RestAuthenticationProcessor.java:275) [search-guard-suite-security-7.17.3-53.1.0.jar:7.17.3-53.1.0]
	at com.floragunn.searchguard.auth.RestAuthenticationProcessor.callAuthczBackends(RestAuthenticationProcessor.java:329) [search-guard-suite-security-7.17.3-53.1.0.jar:7.17.3-53.1.0]
	at com.floragunn.searchguard.auth.RestAuthenticationProcessor.checkCurrentAuthenticationDomain(RestAuthenticationProcessor.java:241) [search-guard-suite-security-7.17.3-53.1.0.jar:7.17.3-53.1.0]
	at com.floragunn.searchguard.auth.RestAuthenticationProcessor.checkNextAuthenticationDomains(RestAuthenticationProcessor.java:117) [search-guard-suite-security-7.17.3-53.1.0.jar:7.17.3-53.1.0]
	at com.floragunn.searchguard.auth.RestAuthenticationProcessor.authenticate(RestAuthenticationProcessor.java:109) [search-guard-suite-security-7.17.3-53.1.0.jar:7.17.3-53.1.0]
	at com.floragunn.searchguard.auth.BackendRegistry.authenticate(BackendRegistry.java:405) [search-guard-suite-security-7.17.3-53.1.0.jar:7.17.3-53.1.0]
	at com.floragunn.searchguard.filter.SearchGuardRestFilter$1.handleRequest(SearchGuardRestFilter.java:90) [search-guard-suite-security-7.17.3-53.1.0.jar:7.17.3-53.1.0]
	at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:327) [elasticsearch-7.17.3.jar:7.17.3]
	at org.elasticsearch.rest.RestController.tryAllHandlers(RestController.java:393) [elasticsearch-7.17.3.jar:7.17.3]
	at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:245) [elasticsearch-7.17.3.jar:7.17.3]
	at org.elasticsearch.http.AbstractHttpServerTransport.dispatchRequest(AbstractHttpServerTransport.java:382) [elasticsearch-7.17.3.jar:7.17.3]
	at org.elasticsearch.http.AbstractHttpServerTransport.handleIncomingRequest(AbstractHttpServerTransport.java:461) [elasticsearch-7.17.3.jar:7.17.3]
	at org.elasticsearch.http.AbstractHttpServerTransport.incomingRequest(AbstractHttpServerTransport.java:357) [elasticsearch-7.17.3.jar:7.17.3]
	at org.elasticsearch.http.netty4.Netty4HttpRequestHandler.channelRead0(Netty4HttpRequestHandler.java:35) [transport-netty4-client-7.17.3.jar:7.17.3]
	at org.elasticsearch.http.netty4.Netty4HttpRequestHandler.channelRead0(Netty4HttpRequestHandler.java:19) [transport-netty4-client-7.17.3.jar:7.17.3]
	at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
	at org.elasticsearch.http.netty4.Netty4HttpPipeliningHandler.channelRead(Netty4HttpPipeliningHandler.java:48) [transport-netty4-client-7.17.3.jar:7.17.3]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) [netty-codec-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) [netty-codec-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.handler.codec.MessageToMessageCodec.channelRead(MessageToMessageCodec.java:111) [netty-codec-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) [netty-codec-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) [netty-codec-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:324) [netty-codec-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:296) [netty-codec-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [netty-transport-4.1.66.Final.jar:4.1.66.Final]
3

@amalk12 What is the exact version of the SG plugin?
Do you execute any API calls when this error appears?

4

Hi Pablo,

I have not executed the API Calls. The SG Version is 53.1.0 It is a community version

5

@amalk12 Is this a new installation? How did you deploy your cluster?
Did you always have this error or did it appear recently?

How often do you see this error? Have you noticed any pattern?

6

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.