Hello,
I have just installed Search Guard, version 5.6.9-19.1, in elasticsearch 5.6.9 to make a PoC. I am using admin default roles and permissions to make requests. Files of sg_roles and sg_roles_mapping are below.
elasticsearch.yml
searchguard.ssl.transport.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.transport.keystore_password:
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password:
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.http.keystore_password:
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password:
searchguard.authcz.admin_dn:
sg_roles.yml
sg_all_access:
cluster:
- UNLIMITED
indices:
‘':
'’:
- UNLIMITED
tenants:
adm_tenant: RW
test_tenant_ro: RO
sg_roles_mapping
sg_all_access:
users:
- sgadmin
I’m getting 2 types of warning messages in elastic log:
[2018-07-27T17:37:34,596][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
[2018-07-27T17:38:06,053][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here
What does that mean? Is there any config missing? How can I avoid these messages?
Thanks,
Marta
Hi,
what kind of request did you make that triggered the warning messages?
···
On Tuesday, July 31, 2018 at 11:23:52 AM UTC+2, marta.devlp@gmail.com wrote:
Hello,
I have just installed Search Guard, version 5.6.9-19.1, in elasticsearch 5.6.9 to make a PoC. I am using admin default roles and permissions to make requests. Files of sg_roles and sg_roles_mapping are below.
elasticsearch.yml
searchguard.ssl.transport.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.transport.keystore_password:
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password:
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.http.keystore_password:
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password:
searchguard.authcz.admin_dn:
sg_roles.yml
sg_all_access:
cluster:
- UNLIMITED
indices:
‘':
'’:
- UNLIMITED
tenants:
adm_tenant: RW
test_tenant_ro: RO
sg_roles_mapping
sg_all_access:
users:
- sgadmin
I’m getting 2 types of warning messages in elastic log:
[2018-07-27T17:37:34,596][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
[2018-07-27T17:38:06,053][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here
What does that mean? Is there any config missing? How can I avoid these messages?
Thanks,
Marta
Hello,
The requests that I made were in kibana console:
GET /_msearch/template
{“index”:“rt”, “_type” : “rt-type”}
{“id”: “getState”,“params”: {“Key”: “Issuer:9972”}}
{“index”:“history”, “_type” : “history-type”}
{“id”: “getDaily”,“params”: {“Key”: “Issuer:9971”,“from”: “2018-07-30T00:00:00”}}
The log message elasticsearch.yml:
[2018-07-31T12:11:00,125][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
GET rt/rt-type/_search/template
{“id”: “searchKey”,“params”: {“Key”: “Issuer:9971”}}
The log message elasticsearch.yml:
[2018-07-31T12:16:05,303][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here
getState, getDaily and searchKey are templates.
terça-feira, 31 de Julho de 2018 às 10:37:15 UTC+1, Jochen Kressin escreveu:
···
Hi,
what kind of request did you make that triggered the warning messages?
On Tuesday, July 31, 2018 at 11:23:52 AM UTC+2, marta...@gmail.com wrote:
Hello,
I have just installed Search Guard, version 5.6.9-19.1, in elasticsearch 5.6.9 to make a PoC. I am using admin default roles and permissions to make requests. Files of sg_roles and sg_roles_mapping are below.
elasticsearch.yml
searchguard.ssl.transport.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.transport.keystore_password:
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password:
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.http.keystore_password:
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password:
searchguard.authcz.admin_dn:
sg_roles.yml
sg_all_access:
cluster:
- UNLIMITED
indices:
‘':
'’:
- UNLIMITED
tenants:
adm_tenant: RW
test_tenant_ro: RO
sg_roles_mapping
sg_all_access:
users:
- sgadmin
I’m getting 2 types of warning messages in elastic log:
[2018-07-27T17:37:34,596][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
[2018-07-27T17:38:06,053][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here
What does that mean? Is there any config missing? How can I avoid these messages?
Thanks,
Marta
Hi,
Does anyone have any idea?
Thank you.
terça-feira, 31 de Julho de 2018 às 12:12:13 UTC+1, marta...@gmail.com escreveu:
···
Hello,
The requests that I made were in kibana console:
GET /_msearch/template
{“index”:“rt”, “_type” : “rt-type”}
{“id”: “getState”,“params”: {“Key”: “Issuer:9972”}}
{“index”:“history”, “_type” : “history-type”}
{“id”: “getDaily”,“params”: {“Key”: “Issuer:9971”,“from”: “2018-07-30T00:00:00”}}
The log message elasticsearch.yml:
[2018-07-31T12:11:00,125][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
GET rt/rt-type/_search/template
{“id”: “searchKey”,“params”: {“Key”: “Issuer:9971”}}
The log message elasticsearch.yml:
[2018-07-31T12:16:05,303][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here
getState, getDaily and searchKey are templates.
terça-feira, 31 de Julho de 2018 às 10:37:15 UTC+1, Jochen Kressin escreveu:
Hi,
what kind of request did you make that triggered the warning messages?
On Tuesday, July 31, 2018 at 11:23:52 AM UTC+2, marta...@gmail.com wrote:
Hello,
I have just installed Search Guard, version 5.6.9-19.1, in elasticsearch 5.6.9 to make a PoC. I am using admin default roles and permissions to make requests. Files of sg_roles and sg_roles_mapping are below.
elasticsearch.yml
searchguard.ssl.transport.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.transport.keystore_password:
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password:
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.http.keystore_password:
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password:
searchguard.authcz.admin_dn:
sg_roles.yml
sg_all_access:
cluster:
- UNLIMITED
indices:
‘':
'’:
- UNLIMITED
tenants:
adm_tenant: RW
test_tenant_ro: RO
sg_roles_mapping
sg_all_access:
users:
- sgadmin
I’m getting 2 types of warning messages in elastic log:
[2018-07-27T17:37:34,596][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
[2018-07-27T17:38:06,053][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here
What does that mean? Is there any config missing? How can I avoid these messages?
Thanks,
Marta
So just to make sure - do you only see the warning messages or do they have any effect?
···
On Thursday, August 2, 2018 at 11:21:24 AM UTC+2, marta.devlp@gmail.com wrote:
Hi,
Does anyone have any idea?
Thank you.
terça-feira, 31 de Julho de 2018 às 12:12:13 UTC+1, marta...@gmail.com escreveu:
Hello,
The requests that I made were in kibana console:
GET /_msearch/template
{“index”:“rt”, “_type” : “rt-type”}
{“id”: “getState”,“params”: {“Key”: “Issuer:9972”}}
{“index”:“history”, “_type” : “history-type”}
{“id”: “getDaily”,“params”: {“Key”: “Issuer:9971”,“from”: “2018-07-30T00:00:00”}}
The log message elasticsearch.yml:
[2018-07-31T12:11:00,125][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
GET rt/rt-type/_search/template
{“id”: “searchKey”,“params”: {“Key”: “Issuer:9971”}}
The log message elasticsearch.yml:
[2018-07-31T12:16:05,303][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here
getState, getDaily and searchKey are templates.
terça-feira, 31 de Julho de 2018 às 10:37:15 UTC+1, Jochen Kressin escreveu:
Hi,
what kind of request did you make that triggered the warning messages?
On Tuesday, July 31, 2018 at 11:23:52 AM UTC+2, marta...@gmail.com wrote:
Hello,
I have just installed Search Guard, version 5.6.9-19.1, in elasticsearch 5.6.9 to make a PoC. I am using admin default roles and permissions to make requests. Files of sg_roles and sg_roles_mapping are below.
elasticsearch.yml
searchguard.ssl.transport.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.transport.keystore_password:
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password:
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.http.keystore_password:
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password:
searchguard.authcz.admin_dn:
sg_roles.yml
sg_all_access:
cluster:
- UNLIMITED
indices:
‘':
'’:
- UNLIMITED
tenants:
adm_tenant: RW
test_tenant_ro: RO
sg_roles_mapping
sg_all_access:
users:
- sgadmin
I’m getting 2 types of warning messages in elastic log:
[2018-07-27T17:37:34,596][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
[2018-07-27T17:38:06,053][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here
What does that mean? Is there any config missing? How can I avoid these messages?
Thanks,
Marta
Hello Jochen,
Apparently they haven’t any effect…
However I have that warning messages. Do you have any idea why?
Thank you.
sexta-feira, 3 de Agosto de 2018 às 13:28:44 UTC+1, Jochen Kressin escreveu:
···
So just to make sure - do you only see the warning messages or do they have any effect?
On Thursday, August 2, 2018 at 11:21:24 AM UTC+2, marta...@gmail.com wrote:
Hi,
Does anyone have any idea?
Thank you.
terça-feira, 31 de Julho de 2018 às 12:12:13 UTC+1, marta...@gmail.com escreveu:
Hello,
The requests that I made were in kibana console:
GET /_msearch/template
{“index”:“rt”, “_type” : “rt-type”}
{“id”: “getState”,“params”: {“Key”: “Issuer:9972”}}
{“index”:“history”, “_type” : “history-type”}
{“id”: “getDaily”,“params”: {“Key”: “Issuer:9971”,“from”: “2018-07-30T00:00:00”}}
The log message elasticsearch.yml:
[2018-07-31T12:11:00,125][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
GET rt/rt-type/_search/template
{“id”: “searchKey”,“params”: {“Key”: “Issuer:9971”}}
The log message elasticsearch.yml:
[2018-07-31T12:16:05,303][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here
getState, getDaily and searchKey are templates.
terça-feira, 31 de Julho de 2018 às 10:37:15 UTC+1, Jochen Kressin escreveu:
Hi,
what kind of request did you make that triggered the warning messages?
On Tuesday, July 31, 2018 at 11:23:52 AM UTC+2, marta...@gmail.com wrote:
Hello,
I have just installed Search Guard, version 5.6.9-19.1, in elasticsearch 5.6.9 to make a PoC. I am using admin default roles and permissions to make requests. Files of sg_roles and sg_roles_mapping are below.
elasticsearch.yml
searchguard.ssl.transport.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.transport.keystore_password:
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password:
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.http.keystore_password:
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password:
searchguard.authcz.admin_dn:
sg_roles.yml
sg_all_access:
cluster:
- UNLIMITED
indices:
‘':
'’:
- UNLIMITED
tenants:
adm_tenant: RW
test_tenant_ro: RO
sg_roles_mapping
sg_all_access:
users:
- sgadmin
I’m getting 2 types of warning messages in elastic log:
[2018-07-27T17:37:34,596][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
[2018-07-27T17:38:06,053][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here
What does that mean? Is there any config missing? How can I avoid these messages?
Thanks,
Marta
I’ve passed it to the dev team and waiting for feedback. It might well be that the warn messages are superfluous and can be removed from the code.
If you do not want to see them at all, at the moment the only way would be to set the log level of the PrivilegesEvaluator to ERROR. This is of course just a workaround.
You can do that by adding the following to log4j2.properties:
logger.sg.name = com.floragunn.searchguard.configuration.PrivilegesEvaluator
logger.sg.level = error
``
···
On Friday, August 3, 2018 at 5:07:22 PM UTC+2, marta.devlp@gmail.com wrote:
Hello Jochen,
Apparently they haven’t any effect…
However I have that warning messages. Do you have any idea why?
Thank you.
sexta-feira, 3 de Agosto de 2018 às 13:28:44 UTC+1, Jochen Kressin escreveu:
So just to make sure - do you only see the warning messages or do they have any effect?
On Thursday, August 2, 2018 at 11:21:24 AM UTC+2, marta...@gmail.com wrote:
Hi,
Does anyone have any idea?
Thank you.
terça-feira, 31 de Julho de 2018 às 12:12:13 UTC+1, marta...@gmail.com escreveu:
Hello,
The requests that I made were in kibana console:
GET /_msearch/template
{“index”:“rt”, “_type” : “rt-type”}
{“id”: “getState”,“params”: {“Key”: “Issuer:9972”}}
{“index”:“history”, “_type” : “history-type”}
{“id”: “getDaily”,“params”: {“Key”: “Issuer:9971”,“from”: “2018-07-30T00:00:00”}}
The log message elasticsearch.yml:
[2018-07-31T12:11:00,125][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
GET rt/rt-type/_search/template
{“id”: “searchKey”,“params”: {“Key”: “Issuer:9971”}}
The log message elasticsearch.yml:
[2018-07-31T12:16:05,303][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here
getState, getDaily and searchKey are templates.
terça-feira, 31 de Julho de 2018 às 10:37:15 UTC+1, Jochen Kressin escreveu:
Hi,
what kind of request did you make that triggered the warning messages?
On Tuesday, July 31, 2018 at 11:23:52 AM UTC+2, marta...@gmail.com wrote:
Hello,
I have just installed Search Guard, version 5.6.9-19.1, in elasticsearch 5.6.9 to make a PoC. I am using admin default roles and permissions to make requests. Files of sg_roles and sg_roles_mapping are below.
elasticsearch.yml
searchguard.ssl.transport.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.transport.keystore_password:
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password:
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.http.keystore_password:
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password:
searchguard.authcz.admin_dn:
sg_roles.yml
sg_all_access:
cluster:
- UNLIMITED
indices:
‘':
'’:
- UNLIMITED
tenants:
adm_tenant: RW
test_tenant_ro: RO
sg_roles_mapping
sg_all_access:
users:
- sgadmin
I’m getting 2 types of warning messages in elastic log:
[2018-07-27T17:37:34,596][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
[2018-07-27T17:38:06,053][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here
What does that mean? Is there any config missing? How can I avoid these messages?
Thanks,
Marta
Hello Jochen,
Thank you for your reply. Please let me know when you have news from the dev team.
Thanks.
sexta-feira, 3 de Agosto de 2018 às 16:39:15 UTC+1, Jochen Kressin escreveu:
···
I’ve passed it to the dev team and waiting for feedback. It might well be that the warn messages are superfluous and can be removed from the code.
If you do not want to see them at all, at the moment the only way would be to set the log level of the PrivilegesEvaluator to ERROR. This is of course just a workaround.
You can do that by adding the following to log4j2.properties:
logger.sg.name = com.floragunn.searchguard.configuration.PrivilegesEvaluator
logger.sg.level = error
``
On Friday, August 3, 2018 at 5:07:22 PM UTC+2, marta...@gmail.com wrote:
Hello Jochen,
Apparently they haven’t any effect…
However I have that warning messages. Do you have any idea why?
Thank you.
sexta-feira, 3 de Agosto de 2018 às 13:28:44 UTC+1, Jochen Kressin escreveu:
So just to make sure - do you only see the warning messages or do they have any effect?
On Thursday, August 2, 2018 at 11:21:24 AM UTC+2, marta...@gmail.com wrote:
Hi,
Does anyone have any idea?
Thank you.
terça-feira, 31 de Julho de 2018 às 12:12:13 UTC+1, marta...@gmail.com escreveu:
Hello,
The requests that I made were in kibana console:
GET /_msearch/template
{“index”:“rt”, “_type” : “rt-type”}
{“id”: “getState”,“params”: {“Key”: “Issuer:9972”}}
{“index”:“history”, “_type” : “history-type”}
{“id”: “getDaily”,“params”: {“Key”: “Issuer:9971”,“from”: “2018-07-30T00:00:00”}}
The log message elasticsearch.yml:
[2018-07-31T12:11:00,125][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
GET rt/rt-type/_search/template
{“id”: “searchKey”,“params”: {“Key”: “Issuer:9971”}}
The log message elasticsearch.yml:
[2018-07-31T12:16:05,303][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here
getState, getDaily and searchKey are templates.
terça-feira, 31 de Julho de 2018 às 10:37:15 UTC+1, Jochen Kressin escreveu:
Hi,
what kind of request did you make that triggered the warning messages?
On Tuesday, July 31, 2018 at 11:23:52 AM UTC+2, marta...@gmail.com wrote:
Hello,
I have just installed Search Guard, version 5.6.9-19.1, in elasticsearch 5.6.9 to make a PoC. I am using admin default roles and permissions to make requests. Files of sg_roles and sg_roles_mapping are below.
elasticsearch.yml
searchguard.ssl.transport.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.transport.keystore_password:
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password:
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.http.keystore_password:
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password:
searchguard.authcz.admin_dn:
sg_roles.yml
sg_all_access:
cluster:
- UNLIMITED
indices:
‘':
'’:
- UNLIMITED
tenants:
adm_tenant: RW
test_tenant_ro: RO
sg_roles_mapping
sg_all_access:
users:
- sgadmin
I’m getting 2 types of warning messages in elastic log:
[2018-07-27T17:37:34,596][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
[2018-07-27T17:38:06,053][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here
What does that mean? Is there any config missing? How can I avoid these messages?
Thanks,
Marta
The warning messages are indeed superfluous and can be ignored. We’ll fix it in one of the next releases.
···
On Monday, August 6, 2018 at 11:56:46 AM UTC+2, marta.devlp@gmail.com wrote:
Hello Jochen,
Thank you for your reply. Please let me know when you have news from the dev team.
Thanks.
sexta-feira, 3 de Agosto de 2018 às 16:39:15 UTC+1, Jochen Kressin escreveu:
I’ve passed it to the dev team and waiting for feedback. It might well be that the warn messages are superfluous and can be removed from the code.
If you do not want to see them at all, at the moment the only way would be to set the log level of the PrivilegesEvaluator to ERROR. This is of course just a workaround.
You can do that by adding the following to log4j2.properties:
logger.sg.name = com.floragunn.searchguard.configuration.PrivilegesEvaluator
logger.sg.level = error
``
On Friday, August 3, 2018 at 5:07:22 PM UTC+2, marta...@gmail.com wrote:
Hello Jochen,
Apparently they haven’t any effect…
However I have that warning messages. Do you have any idea why?
Thank you.
sexta-feira, 3 de Agosto de 2018 às 13:28:44 UTC+1, Jochen Kressin escreveu:
So just to make sure - do you only see the warning messages or do they have any effect?
On Thursday, August 2, 2018 at 11:21:24 AM UTC+2, marta...@gmail.com wrote:
Hi,
Does anyone have any idea?
Thank you.
terça-feira, 31 de Julho de 2018 às 12:12:13 UTC+1, marta...@gmail.com escreveu:
Hello,
The requests that I made were in kibana console:
GET /_msearch/template
{“index”:“rt”, “_type” : “rt-type”}
{“id”: “getState”,“params”: {“Key”: “Issuer:9972”}}
{“index”:“history”, “_type” : “history-type”}
{“id”: “getDaily”,“params”: {“Key”: “Issuer:9971”,“from”: “2018-07-30T00:00:00”}}
The log message elasticsearch.yml:
[2018-07-31T12:11:00,125][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
GET rt/rt-type/_search/template
{“id”: “searchKey”,“params”: {“Key”: “Issuer:9971”}}
The log message elasticsearch.yml:
[2018-07-31T12:16:05,303][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here
getState, getDaily and searchKey are templates.
terça-feira, 31 de Julho de 2018 às 10:37:15 UTC+1, Jochen Kressin escreveu:
Hi,
what kind of request did you make that triggered the warning messages?
On Tuesday, July 31, 2018 at 11:23:52 AM UTC+2, marta...@gmail.com wrote:
Hello,
I have just installed Search Guard, version 5.6.9-19.1, in elasticsearch 5.6.9 to make a PoC. I am using admin default roles and permissions to make requests. Files of sg_roles and sg_roles_mapping are below.
elasticsearch.yml
searchguard.ssl.transport.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.transport.keystore_password:
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password:
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.http.keystore_password:
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password:
searchguard.authcz.admin_dn:
sg_roles.yml
sg_all_access:
cluster:
- UNLIMITED
indices:
‘':
'’:
- UNLIMITED
tenants:
adm_tenant: RW
test_tenant_ro: RO
sg_roles_mapping
sg_all_access:
users:
- sgadmin
I’m getting 2 types of warning messages in elastic log:
[2018-07-27T17:37:34,596][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
[2018-07-27T17:38:06,053][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here
What does that mean? Is there any config missing? How can I avoid these messages?
Thanks,
Marta