It seems that there are several issues in github something like this.
But I could not understand why this message was occured.
In my case, I have pipe the logs using logstash with the following output config:
output {
elasticsearch {
protocol => “http”
user => “lcs”
password => “XXXXX”
host => “aaa.bbb.ccc.ddd”
cluster => “myCluster”
}
}
then the following errors are added almost every second in /var/log/elasticsearh/myCluster.log
[2015-07-13 23:49:18,235][INFO ][com.floragunn.searchguard.rest.DefaultRestFilter] Authenticated user is User [name=lcs, roles=[logstash]]
[2015-07-13 23:49:18,247][WARN ][com.floragunn.searchguard.filter.SearchGuardActionFilter] Cannot determine types for indices:data/write/bulk[s] (class org.elasticsearch.action.bulk.BulkShardRequest) due to types method not found
[2015-07-13 23:49:18,248][WARN ][com.floragunn.searchguard.filter.SearchGuardActionFilter] Cannot determine types for indices:data/write/bulk[s] (class org.elasticsearch.action.bulk.BulkShardRequest) due to types method not found
[2015-07-13 23:49:18,262][WARN ][com.floragunn.searchguard.filter.SearchGuardActionFilter] Cannot determine types for indices:data/write/bulk[s] (class org.elasticsearch.action.bulk.BulkShardRequest) due to types method not found
[2015-07-13 23:49:18,262][WARN ][com.floragunn.searchguard.filter.SearchGuardActionFilter] Cannot determine types for indices:data/write/bulk[s] (class org.elasticsearch.action.bulk.BulkShardRequest) due to types method not found
[2015-07-13 23:49:18,262][WARN ][com.floragunn.searchguard.filter.SearchGuardActionFilter] Cannot determine types for indices:data/write/bulk[s] (class org.elasticsearch.action.bulk.BulkShardRequest) due to types method not found
I have checked filters which is the default setting:
searchguard.actionrequestfilter.names: [“readonly”]
searchguard.actionrequestfilter.readonly.allowed_actions: [“indices:data/read/*”, “monitor”]
searchguard.actionrequestfilter.readonly.forbidden_actions: [“cluster:admin*”, “indices:admin*”, “indices:data/write*”]
the ACLs are seems to be good since logstash role bypasses all the filters:
{
“acl”: [
{
“Comment”: “By default no filters are executed and no filters a by-passed. In such a case a exception is throws an access will be denied.”,
“filters_bypass”: ,
“filters_execute”:
},
{
“Comment”: “For admin role all filters are bypassed (so none will be executed) for all indices. This means unrestricted access at all for this role.”,
“roles”: [
“admin”
],
“filters_bypass”: [“*”],
“filters_execute”:
},
{
“Comment”: “For logstash role all filters are bypassed (so none will be executed) for index ‘logstash-*’. This means unrestricted access to this index for this role.”,
“roles”: [“logstash”],
“indices”: [
“logstash-*”
],
“filters_bypass”: [“*”],
“filters_execute”:
},
{
“Comment”: “For kibana role the filters ‘actionrequestfilter.readonly’ are executed (but no other filters) for index ‘logstash-*’”,
“roles”: [
“kibana”
],
“indices”: [
“logstash-*”
],
“filters_bypass”: ,
“filters_execute”: [“actionrequestfilter.readonly”]
},
{
“Comment”: “For role ‘kibana’ all filters are bypassed (so none will be executed) for index ‘.kibana’. This means unrestricted access to this index for this role.”,
“roles”: [
“kibana”
],
“indices”: [
“.kibana”
],
“filters_bypass”: [“*”],
“filters_execute”:
}
]
}
What makes com.floragunn.searchguard.filter.SearchGuardActionFilter could not determine the types?
Thank you for your patience to read until this point.