What's the meaning of "Cannot determine type for indices"? - logstash makes indices:data/write/bulk

It seems that there are several issues in github something like this.
But I could not understand why this message was occured.

In my case, I have pipe the logs using logstash with the following output config:

output {

elasticsearch {

protocol => “http”

user => “lcs”

password => “XXXXX”

host => “aaa.bbb.ccc.ddd”

cluster => “myCluster”

}

}

then the following errors are added almost every second in /var/log/elasticsearh/myCluster.log

[2015-07-13 23:49:18,235][INFO ][com.floragunn.searchguard.rest.DefaultRestFilter] Authenticated user is User [name=lcs, roles=[logstash]]

[2015-07-13 23:49:18,247][WARN ][com.floragunn.searchguard.filter.SearchGuardActionFilter] Cannot determine types for indices:data/write/bulk[s] (class org.elasticsearch.action.bulk.BulkShardRequest) due to types method not found

[2015-07-13 23:49:18,248][WARN ][com.floragunn.searchguard.filter.SearchGuardActionFilter] Cannot determine types for indices:data/write/bulk[s] (class org.elasticsearch.action.bulk.BulkShardRequest) due to types method not found

[2015-07-13 23:49:18,262][WARN ][com.floragunn.searchguard.filter.SearchGuardActionFilter] Cannot determine types for indices:data/write/bulk[s] (class org.elasticsearch.action.bulk.BulkShardRequest) due to types method not found

[2015-07-13 23:49:18,262][WARN ][com.floragunn.searchguard.filter.SearchGuardActionFilter] Cannot determine types for indices:data/write/bulk[s] (class org.elasticsearch.action.bulk.BulkShardRequest) due to types method not found

[2015-07-13 23:49:18,262][WARN ][com.floragunn.searchguard.filter.SearchGuardActionFilter] Cannot determine types for indices:data/write/bulk[s] (class org.elasticsearch.action.bulk.BulkShardRequest) due to types method not found

I have checked filters which is the default setting:

searchguard.actionrequestfilter.names: [“readonly”]

searchguard.actionrequestfilter.readonly.allowed_actions: [“indices:data/read/*”, “monitor”]

searchguard.actionrequestfilter.readonly.forbidden_actions: [“cluster:admin*”, “indices:admin*”, “indices:data/write*”]

the ACLs are seems to be good since logstash role bypasses all the filters:

{

“acl”: [

{

Comment”: “By default no filters are executed and no filters a by-passed. In such a case a exception is throws an access will be denied.”,

“filters_bypass”: ,

“filters_execute”:

},

{

Comment”: “For admin role all filters are bypassed (so none will be executed) for all indices. This means unrestricted access at all for this role.”,

“roles”: [

“admin”

],

“filters_bypass”: ["*"],

“filters_execute”:

},

{

Comment”: “For logstash role all filters are bypassed (so none will be executed) for index ‘logstash-*’. This means unrestricted access to this index for this role.”,

“roles”: [“logstash”],

“indices”: [

“logstash-*”

],

“filters_bypass”: ["*"],

“filters_execute”:

},

{

Comment”: “For kibana role the filters ‘actionrequestfilter.readonly’ are executed (but no other filters) for index ‘logstash-*’”,

“roles”: [

“kibana”

],

“indices”: [

“logstash-*”

],

“filters_bypass”: ,

“filters_execute”: [“actionrequestfilter.readonly”]

},

{

Comment”: “For role ‘kibana’ all filters are bypassed (so none will be executed) for index ‘.kibana’. This means unrestricted access to this index for this role.”,

“roles”: [

“kibana”

],

“indices”: [

“.kibana”

],

“filters_bypass”: ["*"],

“filters_execute”:

}

]

}

What makes com.floragunn.searchguard.filter.SearchGuardActionFilter could not determine the types?

Thank you for your patience to read until this point.

I forgot to say that this is occured in ES 1.6.0 and search-guard es1.6 branch.

Thank you.

-Sanori

in your case the warn message is not relevant, see https://github.com/floragunncom/search-guard/issues/16

···

Am 13.07.2015 um 17:03 schrieb Joo-Won Jung <sanori@gmail.com>:

I forgot to say that this is occured in ES 1.6.0 and search-guard es1.6 branch.

Thank you.

-Sanori

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/17776d2e-82aa-477a-a948-422b0e1c778d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.