[2015-06-11 08:53:37,164][WARN ][common.jna ] Unable to lock JVM memory (ENOMEM). This can result in part of the JVM being swapped out. Increase RLIMIT_MEMLOCK (ulimit). [2015-06-11 08:53:37,350][INFO ][node ] [xxx.com_client] version[1.5.2], pid[21270], build[62ff986/2015-04-27T09:21:06Z] [2015-06-11 08:53:37,351][INFO ][node ] [xxx.com_client] initializing ... [2015-06-11 08:53:37,751][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Class enhancements for DLS/FLS successful [2015-06-11 08:53:37,756][INFO ][plugins ] [xxx.com_client] loaded [marvel, searchguard], sites [marvel, head, paramedic] [2015-06-11 08:53:41,890][DEBUG][com.floragunn.searchguard.service.SearchGuardService] Loaded key from /opt/elasticsearch/searchguard_node_key.key [2015-06-11 08:53:42,208][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS protocols: [TLSv1, TLSv1.1, TLSv1.2] [2015-06-11 08:53:42,209][DEBUG][com.floragunn.searchguard.util.SecurityUtil] Usable SSL/TLS cipher suites: [TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA] [2015-06-11 08:53:42,219][WARN ][com.floragunn.searchguard.service.SearchGuardService] script.disable_dynamic has the default value sandbox, consider setting it to false if not needed [2015-06-11 08:53:42,456][INFO ][node ] [xxx.com_client] initialized [2015-06-11 08:53:42,457][INFO ][node ] [xxx.com_client] starting ... [2015-06-11 08:53:42,521][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] using profile[default], worker_count[4], port[9300-9400], bind_host[null], publish_host[null], compress[false], connect_timeout[30s], connections_per_node[2/3/6/1/1], receive_predictor[512kb->512kb] [2015-06-11 08:53:42,576][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] Bound profile [default] to address [/xxx_IP:9300] [2015-06-11 08:53:42,576][INFO ][transport ] [xxx.com_client] bound_address {inet[/xxx_IP:9300]}, publish_address {inet[xxx.com/xxx_IP:9300]} [2015-06-11 08:53:42,594][INFO ][discovery ] [xxx.com_client] elasticsearch-test1/lNe01GpXTB-SMJ4uyTPFNw [2015-06-11 08:53:42,646][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] connected to node [[#zen_unicast_2#][xxx.com][inet[yyy.com/yyy_IP:9300]]] [2015-06-11 08:53:42,647][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] connected to node [[#zen_unicast_1#][xxx.com][inet[zzz.com/zzz_IP:9300]]] [2015-06-11 08:53:42,651][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/unicast_gte_1_4 from xxx.com_client to [2015-06-11 08:53:42,651][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/unicast_gte_1_4 from xxx.com_client to [2015-06-11 08:53:44,104][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/unicast_gte_1_4 from xxx.com_client to [2015-06-11 08:53:44,112][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/unicast_gte_1_4 from xxx.com_client to [2015-06-11 08:53:45,622][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/unicast_gte_1_4 from xxx.com_client to [2015-06-11 08:53:45,628][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/unicast_gte_1_4 from xxx.com_client to [2015-06-11 08:53:45,636][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] disconnecting from [[#zen_unicast_1#][xxx.com][inet[zzz.com/zzz_IP:9300]]] due to explicit disconnect call [2015-06-11 08:53:45,645][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] disconnecting from [[#zen_unicast_2#][xxx.com][inet[yyy.com/yyy_IP:9300]]] due to explicit disconnect call [2015-06-11 08:53:45,664][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] connected to node [[zzz.com_data][88xaK4DsTFSKHlmmdrgnNQ][zzz.com][inet[/zzz_IP:9300]]{master=true}] [2015-06-11 08:53:45,667][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/join from xxx.com_client to zzz.com_data [2015-06-11 08:53:45,768][INFO ][cluster.service ] [xxx.com_client] detected_master [zzz.com_data][88xaK4DsTFSKHlmmdrgnNQ][zzz.com][inet[/zzz_IP:9300]]{master=true}, added {[zzz.com_data][88xaK4DsTFSKHlmmdrgnNQ][zzz.com][inet[/zzz_IP:9300]]{master=true},[fff.com_client][VnG6XaHgT7Kvc20u17tVUQ][fff.com][inet[/fff_IP:9300]]{data=false, master=false},[yyy.com_data][2qNiTn7IRMmZ2lt40NXUpQ][yyy.com][inet[/yyy_IP:9300]]{master=true},}, reason: zen-disco-receive(from master [[zzz.com_data][88xaK4DsTFSKHlmmdrgnNQ][zzz.com][inet[/zzz_IP:9300]]{master=true}]) [2015-06-11 08:53:45,783][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] connected to node [[fff.com_client][VnG6XaHgT7Kvc20u17tVUQ][fff.com][inet[/fff_IP:9300]]{data=false, master=false}] [2015-06-11 08:53:45,791][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] connected to node [[yyy.com_data][2qNiTn7IRMmZ2lt40NXUpQ][yyy.com][inet[/yyy_IP:9300]]{master=true}] [2015-06-11 08:53:45,857][INFO ][http ] [xxx.com_client] bound_address {inet[/xxx_IP:9200]}, publish_address {inet[xxx.com/xxx_IP:9200]} [2015-06-11 08:53:45,858][INFO ][node ] [xxx.com_client] started [2015-06-11 08:53:46,769][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:53:47,468][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:47,469][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:53:47,469][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:53:47,469][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:47,469][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:47,469][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:53:47,469][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:53:47,470][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:47,470][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:47,470][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:53:47,470][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:53:47,470][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:47,479][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to zzz.com_data [2015-06-11 08:53:47,486][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:53:47,772][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:53:48,484][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:48,485][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:53:48,485][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:53:48,485][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:48,485][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:48,485][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:53:48,485][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:53:48,486][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:48,486][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:48,486][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:53:48,486][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:53:48,486][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:48,486][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to yyy.com_data [2015-06-11 08:53:48,491][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:53:48,775][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:53:49,489][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:49,489][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:53:49,490][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:53:49,490][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:49,490][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:49,490][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:53:49,490][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:53:49,490][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:49,490][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:49,490][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:53:49,490][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:53:49,490][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:49,491][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to zzz.com_data [2015-06-11 08:53:49,494][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:53:49,782][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:53:50,493][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:50,493][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:53:50,494][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:53:50,494][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:50,494][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:50,494][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:53:50,494][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:53:50,494][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:50,494][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:50,495][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:53:50,495][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:53:50,495][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:50,495][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to yyy.com_data [2015-06-11 08:53:50,501][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:53:50,785][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:53:51,498][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:51,498][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:53:51,498][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:53:51,498][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:51,498][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:51,498][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:53:51,498][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:53:51,498][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:51,499][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:51,499][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:53:51,499][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:53:51,499][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:51,499][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to zzz.com_data [2015-06-11 08:53:51,502][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:53:51,788][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:53:52,501][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:52,501][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:53:52,501][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:53:52,501][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:52,501][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:52,502][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:53:52,502][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:53:52,502][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:52,502][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:52,502][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:53:52,502][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:53:52,502][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:52,502][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to yyy.com_data [2015-06-11 08:53:52,505][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:53:52,558][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] --> Rest request null/null GET /_template/marvel (loopback?: false) [2015-06-11 08:53:52,558][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] execute filter DEFAULT [2015-06-11 08:53:52,559][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] This is a connection from xxx_IP [2015-06-11 08:53:52,572][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] --> Rest request null/null PUT /_template/marvel (loopback?: false) [2015-06-11 08:53:52,572][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] execute filter DEFAULT [2015-06-11 08:53:52,574][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] This is a connection from xxx_IP [2015-06-11 08:53:52,577][ERROR][marvel.agent.exporter ] [xxx.com_client] error adding the marvel template to [xxx_IP:9200] response code [401 Unauthorized]. content: [] [2015-06-11 08:53:52,579][ERROR][marvel.agent.exporter ] [xxx.com_client] failed to verify/upload the marvel template to [xxx_IP:9200]: Server returned HTTP response code: 401 for URL: http://xxx_IP:9200/_template/marvel [2015-06-11 08:53:52,580][ERROR][marvel.agent.exporter ] [xxx.com_client] could not connect to any configured elasticsearch instances: [xxx_IP:9200] [2015-06-11 08:53:52,592][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] connected to node [[xxx.com_client][lNe01GpXTB-SMJ4uyTPFNw][xxx.com][inet[xxx.com/xxx_IP:9300]]{data=false, master=false}] [2015-06-11 08:53:52,793][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:53:53,504][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:53,504][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:53:53,504][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:53:53,504][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:53,504][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:53,504][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:53:53,505][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:53:53,505][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:53,505][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:53,505][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:53:53,505][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:53:53,505][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:53,505][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to zzz.com_data [2015-06-11 08:53:53,507][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:53:53,797][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:53:54,507][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:54,507][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:53:54,507][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:53:54,507][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:54,507][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:54,507][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:53:54,507][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:53:54,507][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:54,507][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:54,507][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:53:54,508][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:53:54,508][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:54,508][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to yyy.com_data [2015-06-11 08:53:54,510][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:53:54,800][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:53:55,509][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:55,509][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:53:55,510][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:53:55,510][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:55,510][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:55,510][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:53:55,510][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:53:55,510][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:55,510][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:55,510][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:53:55,510][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:53:55,510][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:55,511][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to zzz.com_data [2015-06-11 08:53:55,513][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:53:55,802][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:53:56,512][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:56,512][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:53:56,512][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:53:56,512][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:56,512][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:56,513][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:53:56,513][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:53:56,513][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:56,513][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:56,513][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:53:56,513][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:53:56,513][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:56,513][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to yyy.com_data [2015-06-11 08:53:56,516][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:53:56,804][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:53:57,515][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:57,515][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:53:57,515][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:53:57,515][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:57,515][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:57,515][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:53:57,515][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:53:57,516][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:57,516][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:57,516][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:53:57,516][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:53:57,516][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:57,516][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to zzz.com_data [2015-06-11 08:53:57,521][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:53:57,807][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:53:58,518][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:58,518][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:53:58,523][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:53:58,523][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:58,523][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:58,523][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:53:58,523][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:53:58,523][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:58,524][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:58,524][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:53:58,524][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:53:58,524][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:58,524][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to yyy.com_data [2015-06-11 08:53:58,529][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:53:58,810][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:53:59,527][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:59,527][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:53:59,527][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:53:59,527][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:59,527][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:59,527][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:53:59,527][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:53:59,527][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:59,527][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:53:59,528][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:53:59,528][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:53:59,528][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:53:59,528][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to zzz.com_data [2015-06-11 08:53:59,530][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:53:59,812][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:54:00,530][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:00,530][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:54:00,530][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:00,530][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:00,530][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:00,530][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:54:00,530][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:00,530][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:00,530][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:00,530][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:54:00,531][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:00,531][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:00,531][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to yyy.com_data [2015-06-11 08:54:00,533][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:54:00,815][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:54:01,533][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:01,533][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:54:01,533][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:01,533][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:01,533][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:01,533][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:54:01,533][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:01,533][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:01,534][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:01,534][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:54:01,534][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:01,534][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:01,534][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to zzz.com_data [2015-06-11 08:54:01,536][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:54:01,817][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:54:02,536][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:02,537][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:54:02,537][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:02,537][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:02,537][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:02,537][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:54:02,537][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:02,537][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:02,538][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:02,538][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:54:02,538][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:02,538][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:02,538][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to yyy.com_data [2015-06-11 08:54:02,542][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:54:02,586][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] --> Rest request null/null GET /_template/marvel (loopback?: false) [2015-06-11 08:54:02,587][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] execute filter DEFAULT [2015-06-11 08:54:02,587][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] This is a connection from xxx_IP [2015-06-11 08:54:02,590][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] --> Rest request null/null PUT /_template/marvel (loopback?: false) [2015-06-11 08:54:02,591][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] execute filter DEFAULT [2015-06-11 08:54:02,591][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] This is a connection from xxx_IP [2015-06-11 08:54:02,593][ERROR][marvel.agent.exporter ] [xxx.com_client] error adding the marvel template to [xxx_IP:9200] response code [401 Unauthorized]. content: [] [2015-06-11 08:54:02,593][ERROR][marvel.agent.exporter ] [xxx.com_client] failed to verify/upload the marvel template to [xxx_IP:9200]: Server returned HTTP response code: 401 for URL: http://xxx_IP:9200/_template/marvel [2015-06-11 08:54:02,594][ERROR][marvel.agent.exporter ] [xxx.com_client] could not connect to any configured elasticsearch instances: [xxx_IP:9200] [2015-06-11 08:54:02,820][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:54:03,541][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:03,541][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:54:03,542][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:03,542][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:03,542][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:03,550][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:54:03,550][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:03,550][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:03,550][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:03,551][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:54:03,551][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:03,551][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:03,551][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to zzz.com_data [2015-06-11 08:54:03,556][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:54:03,823][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:54:04,554][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:04,554][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:54:04,555][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:04,555][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:04,555][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:04,555][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:54:04,555][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:04,555][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:04,555][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:04,555][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:54:04,555][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:04,555][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:04,555][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to yyy.com_data [2015-06-11 08:54:04,558][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:54:04,826][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:54:05,557][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:05,557][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:54:05,557][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:05,557][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:05,557][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:05,558][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:54:05,558][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:05,558][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:05,558][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:05,558][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:54:05,558][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:05,558][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:05,559][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to zzz.com_data [2015-06-11 08:54:05,562][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:54:05,828][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:54:06,561][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:06,561][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:54:06,561][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:06,561][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:06,561][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:06,562][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:54:06,562][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:06,562][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:06,562][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:06,562][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:54:06,562][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:06,562][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:06,563][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to yyy.com_data [2015-06-11 08:54:06,566][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:54:06,830][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:54:07,565][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:07,565][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:54:07,565][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:07,565][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:07,565][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:07,566][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:54:07,566][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:07,566][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:07,566][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:07,566][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:54:07,566][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:07,566][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:07,567][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to zzz.com_data [2015-06-11 08:54:07,570][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:54:07,832][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:54:08,569][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:08,569][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:54:08,569][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:08,570][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:08,570][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:08,570][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:54:08,570][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:08,570][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:08,570][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:08,570][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:54:08,570][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:08,570][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:08,574][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to yyy.com_data [2015-06-11 08:54:08,577][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:54:08,834][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:54:09,575][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:09,575][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:54:09,576][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:09,576][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:09,576][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:09,576][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:54:09,576][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:09,576][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:09,576][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:09,576][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:54:09,576][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:09,576][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:09,577][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to zzz.com_data [2015-06-11 08:54:09,578][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:54:09,692][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] --> Rest request null/null GET / (loopback?: false) [2015-06-11 08:54:09,692][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] execute filter DEFAULT [2015-06-11 08:54:09,692][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] This is a connection from xxx_IP [2015-06-11 08:54:09,697][DEBUG][com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator] User 'User [name=mahesh, roles=[enduser]]' is authenticated [2015-06-11 08:54:09,697][INFO ][com.floragunn.searchguard.rest.DefaultRestFilter] Authenticated user is User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:09,837][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:54:09,965][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] --> Rest request null/null GET /_nodes (loopback?: false) [2015-06-11 08:54:09,965][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] execute filter DEFAULT [2015-06-11 08:54:09,965][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] This is a connection from xxx_IP [2015-06-11 08:54:09,966][DEBUG][com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator] User 'User [name=mahesh, roles=[enduser]]' is authenticated [2015-06-11 08:54:09,966][INFO ][com.floragunn.searchguard.rest.DefaultRestFilter] Authenticated user is User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:09,969][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: cluster:monitor/nodes/info (class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest) from INTRANODE [2015-06-11 08:54:09,969][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard_resolved_rest_address=>/xxx_IP] [2015-06-11 08:54:09,969][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:09,969][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: cluster:monitor/nodes/info (class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest) from INTRANODE [2015-06-11 08:54:09,969][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard_resolved_rest_address=>/xxx_IP] [2015-06-11 08:54:09,969][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:09,970][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: cluster:monitor/nodes/info (class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest) from INTRANODE [2015-06-11 08:54:09,970][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard_resolved_rest_address=>/xxx_IP] [2015-06-11 08:54:09,970][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:09,973][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send cluster:monitor/nodes/info[n] from xxx.com_client to zzz.com_data [2015-06-11 08:54:09,974][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send cluster:monitor/nodes/info[n] from xxx.com_client to fff.com_client [2015-06-11 08:54:09,977][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send cluster:monitor/nodes/info[n] from xxx.com_client to yyy.com_data [2015-06-11 08:54:10,454][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] --> Rest request null/null HEAD /.kibana (loopback?: false) [2015-06-11 08:54:10,455][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] execute filter DEFAULT [2015-06-11 08:54:10,455][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] This is a connection from xxx_IP [2015-06-11 08:54:10,455][DEBUG][com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator] User 'User [name=mahesh, roles=[enduser]]' is authenticated [2015-06-11 08:54:10,455][INFO ][com.floragunn.searchguard.rest.DefaultRestFilter] Authenticated user is User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:10,457][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:admin/exists (class org.elasticsearch.action.admin.indices.exists.indices.IndicesExistsRequest) from INTRANODE [2015-06-11 08:54:10,457][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard_resolved_rest_address=>/xxx_IP] [2015-06-11 08:54:10,457][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:10,457][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:10,458][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:admin/exists (class org.elasticsearch.action.admin.indices.exists.indices.IndicesExistsRequest) from INTRANODE [2015-06-11 08:54:10,458][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*]] [2015-06-11 08:54:10,458][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:10,458][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:10,458][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:admin/exists (class org.elasticsearch.action.admin.indices.exists.indices.IndicesExistsRequest) from INTRANODE [2015-06-11 08:54:10,458][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*]] [2015-06-11 08:54:10,458][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:10,458][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:10,578][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:10,579][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:54:10,579][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:10,579][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:10,579][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:10,579][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:54:10,579][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:10,579][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:10,579][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:10,579][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:54:10,579][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:10,579][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:10,580][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to yyy.com_data [2015-06-11 08:54:10,582][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:54:10,734][WARN ][com.floragunn.searchguard.filter.SearchGuardActionFilter] Cannot determine types for indices:admin/exists (class org.elasticsearch.action.admin.indices.exists.indices.IndicesExistsRequest) due to type[s]() method not found [2015-06-11 08:54:10,743][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] user User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:10,743][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedHostAddress: xxx_IP OR xxx.com [2015-06-11 08:54:10,743][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedAliases: [*] [2015-06-11 08:54:10,743][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedIndices: [.kibana] [2015-06-11 08:54:10,743][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedTypes: [*] [2015-06-11 08:54:10,836][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Checking 3 rules [2015-06-11 08:54:10,836][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filtersExecute [] [2015-06-11 08:54:10,836][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filterBypass [] [2015-06-11 08:54:10,836][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 1.: ACRule [hosts=null, users=null, roles=[admin], indices=null, aliases=null, filters_execute=[], filters_bypass=[*], isDefault()=false, __Comment__="For role admin all filters are bypassed (so none will be executed). This means unrestricted access."] [2015-06-11 08:54:10,836][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User wildcard match [2015-06-11 08:54:10,837][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User does not have role admin [2015-06-11 08:54:10,837][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] No role does not match [2015-06-11 08:54:10,837][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:10,837][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:10,837][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 2.: ACRule [hosts=null, users=[spock], roles=null, indices=[abc, .kibana], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:10,837][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User mahesh does not match [2015-06-11 08:54:10,837][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:10,837][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:10,838][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:10,838][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 3.: ACRule [hosts=null, users=[mahesh], roles=null, indices=[.kibana, ea], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:10,838][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User mahesh match [2015-06-11 08:54:10,838][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:10,838][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:10,838][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Identity would match, see if aliases and indices are also ok? [2015-06-11 08:54:10,838][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Alias wildcard match [2015-06-11 08:54:10,838][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] typeAndMatch(): request .kibana, granted .kibana, requestedTypes [*] [2015-06-11 08:54:10,838][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:54:10,838][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard indices/aliases: .kibana -> .kibana [2015-06-11 08:54:10,839][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard without types: .kibana -> .kibana [2015-06-11 08:54:10,839][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] -->Index .kibana match .kibana [2015-06-11 08:54:10,839][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Index .kibana has a matching pattern [2015-06-11 08:54:10,839][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] ----> APPLY RULE <---- which means the following executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:10,839][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Final executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:10,846][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:admin/exists from xxx.com_client to zzz.com_data [2015-06-11 08:54:11,091][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] --> Rest request null/null POST /_mget (loopback?: false) [2015-06-11 08:54:11,091][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] execute filter DEFAULT [2015-06-11 08:54:11,092][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] This is a connection from xxx_IP [2015-06-11 08:54:11,092][DEBUG][com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator] User 'User [name=mahesh, roles=[enduser]]' is authenticated [2015-06-11 08:54:11,092][INFO ][com.floragunn.searchguard.rest.DefaultRestFilter] Authenticated user is User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:11,103][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/mget (class org.elasticsearch.action.get.MultiGetRequest) from INTRANODE [2015-06-11 08:54:11,103][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard_resolved_rest_address=>/xxx_IP] [2015-06-11 08:54:11,103][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:11,103][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:11,103][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/mget (class org.elasticsearch.action.get.MultiGetRequest) from INTRANODE [2015-06-11 08:54:11,104][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*]] [2015-06-11 08:54:11,104][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:11,104][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:11,104][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/mget (class org.elasticsearch.action.get.MultiGetRequest) from INTRANODE [2015-06-11 08:54:11,104][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*]] [2015-06-11 08:54:11,104][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:11,104][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:11,111][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] user User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:11,117][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedHostAddress: xxx_IP OR xxx.com [2015-06-11 08:54:11,117][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedAliases: [*] [2015-06-11 08:54:11,117][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedIndices: [.kibana] [2015-06-11 08:54:11,117][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedTypes: [config] [2015-06-11 08:54:11,119][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Checking 3 rules [2015-06-11 08:54:11,119][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filtersExecute [] [2015-06-11 08:54:11,119][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filterBypass [] [2015-06-11 08:54:11,119][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 1.: ACRule [hosts=null, users=null, roles=[admin], indices=null, aliases=null, filters_execute=[], filters_bypass=[*], isDefault()=false, __Comment__="For role admin all filters are bypassed (so none will be executed). This means unrestricted access."] [2015-06-11 08:54:11,119][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User wildcard match [2015-06-11 08:54:11,119][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User does not have role admin [2015-06-11 08:54:11,119][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] No role does not match [2015-06-11 08:54:11,119][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:11,119][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:11,119][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 2.: ACRule [hosts=null, users=[spock], roles=null, indices=[abc, .kibana], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:11,122][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User mahesh does not match [2015-06-11 08:54:11,122][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:11,122][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:11,122][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:11,122][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 3.: ACRule [hosts=null, users=[mahesh], roles=null, indices=[.kibana, ea], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:11,122][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User mahesh match [2015-06-11 08:54:11,122][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:11,123][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:11,123][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Identity would match, see if aliases and indices are also ok? [2015-06-11 08:54:11,123][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Alias wildcard match [2015-06-11 08:54:11,123][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] typeAndMatch(): request .kibana, granted .kibana, requestedTypes [config] [2015-06-11 08:54:11,123][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard indices/aliases: .kibana -> .kibana [2015-06-11 08:54:11,123][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard without types: .kibana -> .kibana [2015-06-11 08:54:11,123][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] -->Index .kibana match .kibana [2015-06-11 08:54:11,123][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Index .kibana has a matching pattern [2015-06-11 08:54:11,124][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] ----> APPLY RULE <---- which means the following executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:11,124][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Final executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:11,128][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/mget[shard] (class org.elasticsearch.action.get.MultiGetShardRequest) from INTRANODE [2015-06-11 08:54:11,128][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], _searchguard_token_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator@4593c503, searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>xxx.com/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*], searchguard_ac_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator$Evaluator@2644146a] [2015-06-11 08:54:11,129][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [searchguard_authenticated_user, searchguard_resolved_rest_address, searchguard.actionrequestfilter.readonly_kibana.forbidden_actions, searchguard_filter, searchguard_ac_evaluator, searchguard.actionrequestfilter.readonly.allowed_actions, searchguard.actionrequestfilter.readonly_kibana.allowed_actions, searchguard.actionrequestfilter.readonly.forbidden_actions] [2015-06-11 08:54:11,129][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:11,129][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/mget[shard] (class org.elasticsearch.action.get.MultiGetShardRequest) from INTRANODE [2015-06-11 08:54:11,129][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], _searchguard_token_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator@4593c503, searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>xxx.com/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*], searchguard_ac_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator$Evaluator@2644146a] [2015-06-11 08:54:11,129][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [searchguard_authenticated_user, searchguard_resolved_rest_address, searchguard.actionrequestfilter.readonly_kibana.forbidden_actions, searchguard_filter, searchguard_ac_evaluator, searchguard.actionrequestfilter.readonly.allowed_actions, searchguard.actionrequestfilter.readonly_kibana.allowed_actions, searchguard.actionrequestfilter.readonly.forbidden_actions] [2015-06-11 08:54:11,129][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:11,129][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/mget[shard] (class org.elasticsearch.action.get.MultiGetShardRequest) from INTRANODE [2015-06-11 08:54:11,130][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], _searchguard_token_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator@4593c503, searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>xxx.com/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*], searchguard_ac_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator$Evaluator@2644146a] [2015-06-11 08:54:11,130][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [searchguard_authenticated_user, searchguard_resolved_rest_address, searchguard.actionrequestfilter.readonly_kibana.forbidden_actions, searchguard_filter, searchguard_ac_evaluator, searchguard.actionrequestfilter.readonly.allowed_actions, searchguard.actionrequestfilter.readonly_kibana.allowed_actions, searchguard.actionrequestfilter.readonly.forbidden_actions] [2015-06-11 08:54:11,130][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:11,131][WARN ][com.floragunn.searchguard.filter.SearchGuardActionFilter] Cannot determine types for indices:data/read/mget[shard] (class org.elasticsearch.action.get.MultiGetShardRequest) due to type[s]() method not found [2015-06-11 08:54:11,131][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] user User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:11,131][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedHostAddress: xxx_IP OR xxx.com [2015-06-11 08:54:11,132][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedAliases: [*] [2015-06-11 08:54:11,132][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedIndices: [.kibana] [2015-06-11 08:54:11,132][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedTypes: [*] [2015-06-11 08:54:11,132][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Checking 3 rules [2015-06-11 08:54:11,133][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filtersExecute [] [2015-06-11 08:54:11,133][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filterBypass [] [2015-06-11 08:54:11,133][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 1.: ACRule [hosts=null, users=null, roles=[admin], indices=null, aliases=null, filters_execute=[], filters_bypass=[*], isDefault()=false, __Comment__="For role admin all filters are bypassed (so none will be executed). This means unrestricted access."] [2015-06-11 08:54:11,133][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User wildcard match [2015-06-11 08:54:11,133][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User does not have role admin [2015-06-11 08:54:11,133][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] No role does not match [2015-06-11 08:54:11,133][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:11,133][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:11,134][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 2.: ACRule [hosts=null, users=[spock], roles=null, indices=[abc, .kibana], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:11,134][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User mahesh does not match [2015-06-11 08:54:11,134][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:11,134][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:11,134][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:11,134][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 3.: ACRule [hosts=null, users=[mahesh], roles=null, indices=[.kibana, ea], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:11,134][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User mahesh match [2015-06-11 08:54:11,134][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:11,135][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:11,135][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Identity would match, see if aliases and indices are also ok? [2015-06-11 08:54:11,135][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Alias wildcard match [2015-06-11 08:54:11,135][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] typeAndMatch(): request .kibana, granted .kibana, requestedTypes [*] [2015-06-11 08:54:11,135][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard indices/aliases: .kibana -> .kibana [2015-06-11 08:54:11,135][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard without types: .kibana -> .kibana [2015-06-11 08:54:11,135][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] -->Index .kibana match .kibana [2015-06-11 08:54:11,135][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Index .kibana has a matching pattern [2015-06-11 08:54:11,135][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] ----> APPLY RULE <---- which means the following executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:11,136][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Final executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:11,137][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/mget[shard][s] from xxx.com_client to yyy.com_data [2015-06-11 08:54:11,416][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] --> Rest request null/null POST /.kibana/index-pattern/_search (loopback?: false) [2015-06-11 08:54:11,417][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] execute filter DEFAULT [2015-06-11 08:54:11,417][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] This is a connection from xxx_IP [2015-06-11 08:54:11,418][DEBUG][com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator] User 'User [name=mahesh, roles=[enduser]]' is authenticated [2015-06-11 08:54:11,418][INFO ][com.floragunn.searchguard.rest.DefaultRestFilter] Authenticated user is User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:11,432][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/search (class org.elasticsearch.action.search.SearchRequest) from INTRANODE [2015-06-11 08:54:11,432][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard_resolved_rest_address=>/xxx_IP] [2015-06-11 08:54:11,432][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:11,433][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:11,433][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/search (class org.elasticsearch.action.search.SearchRequest) from INTRANODE [2015-06-11 08:54:11,433][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*]] [2015-06-11 08:54:11,433][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:11,433][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:11,433][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/search (class org.elasticsearch.action.search.SearchRequest) from INTRANODE [2015-06-11 08:54:11,433][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*]] [2015-06-11 08:54:11,434][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:11,434][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:11,440][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] user User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:11,440][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedHostAddress: xxx_IP OR xxx.com [2015-06-11 08:54:11,440][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedAliases: [*] [2015-06-11 08:54:11,440][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedIndices: [.kibana] [2015-06-11 08:54:11,440][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedTypes: [index-pattern] [2015-06-11 08:54:11,443][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Checking 3 rules [2015-06-11 08:54:11,443][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filtersExecute [] [2015-06-11 08:54:11,443][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filterBypass [] [2015-06-11 08:54:11,443][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 1.: ACRule [hosts=null, users=null, roles=[admin], indices=null, aliases=null, filters_execute=[], filters_bypass=[*], isDefault()=false, __Comment__="For role admin all filters are bypassed (so none will be executed). This means unrestricted access."] [2015-06-11 08:54:11,443][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User wildcard match [2015-06-11 08:54:11,443][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User does not have role admin [2015-06-11 08:54:11,443][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] No role does not match [2015-06-11 08:54:11,443][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:11,444][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:11,444][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 2.: ACRule [hosts=null, users=[spock], roles=null, indices=[abc, .kibana], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:11,444][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User mahesh does not match [2015-06-11 08:54:11,444][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:11,444][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:11,444][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:11,444][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 3.: ACRule [hosts=null, users=[mahesh], roles=null, indices=[.kibana, ea], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:11,444][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User mahesh match [2015-06-11 08:54:11,444][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:11,445][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:11,445][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Identity would match, see if aliases and indices are also ok? [2015-06-11 08:54:11,445][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Alias wildcard match [2015-06-11 08:54:11,445][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] typeAndMatch(): request .kibana, granted .kibana, requestedTypes [index-pattern] [2015-06-11 08:54:11,445][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard indices/aliases: .kibana -> .kibana [2015-06-11 08:54:11,445][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard without types: .kibana -> .kibana [2015-06-11 08:54:11,445][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] -->Index .kibana match .kibana [2015-06-11 08:54:11,445][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Index .kibana has a matching pattern [2015-06-11 08:54:11,445][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] ----> APPLY RULE <---- which means the following executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:11,445][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Final executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:11,447][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/search (class org.elasticsearch.action.search.SearchRequest) from INTRANODE [2015-06-11 08:54:11,447][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], _searchguard_token_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator@7b7ca312, searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>xxx.com/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*], searchguard_ac_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator$Evaluator@4aa38887] [2015-06-11 08:54:11,447][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [searchguard_authenticated_user, searchguard_resolved_rest_address, searchguard_filter, searchguard.actionrequestfilter.readonly_kibana.forbidden_actions, searchguard_ac_evaluator, searchguard.actionrequestfilter.readonly.allowed_actions, searchguard.actionrequestfilter.readonly_kibana.allowed_actions, searchguard.actionrequestfilter.readonly.forbidden_actions] [2015-06-11 08:54:11,448][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:11,448][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/search (class org.elasticsearch.action.search.SearchRequest) from INTRANODE [2015-06-11 08:54:11,448][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], _searchguard_token_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator@7b7ca312, searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>xxx.com/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*], searchguard_ac_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator$Evaluator@4aa38887] [2015-06-11 08:54:11,448][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [searchguard_authenticated_user, searchguard_resolved_rest_address, searchguard_filter, searchguard.actionrequestfilter.readonly_kibana.forbidden_actions, searchguard_ac_evaluator, searchguard.actionrequestfilter.readonly.allowed_actions, searchguard.actionrequestfilter.readonly_kibana.allowed_actions, searchguard.actionrequestfilter.readonly.forbidden_actions] [2015-06-11 08:54:11,448][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:11,448][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/search (class org.elasticsearch.action.search.SearchRequest) from INTRANODE [2015-06-11 08:54:11,449][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], _searchguard_token_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator@7b7ca312, searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>xxx.com/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*], searchguard_ac_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator$Evaluator@4aa38887] [2015-06-11 08:54:11,449][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [searchguard_authenticated_user, searchguard_resolved_rest_address, searchguard_filter, searchguard.actionrequestfilter.readonly_kibana.forbidden_actions, searchguard_ac_evaluator, searchguard.actionrequestfilter.readonly.allowed_actions, searchguard.actionrequestfilter.readonly_kibana.allowed_actions, searchguard.actionrequestfilter.readonly.forbidden_actions] [2015-06-11 08:54:11,449][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:11,449][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] user User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:11,449][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedHostAddress: xxx_IP OR xxx.com [2015-06-11 08:54:11,450][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedAliases: [*] [2015-06-11 08:54:11,450][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedIndices: [.kibana] [2015-06-11 08:54:11,450][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedTypes: [index-pattern] [2015-06-11 08:54:11,450][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Checking 3 rules [2015-06-11 08:54:11,451][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filtersExecute [] [2015-06-11 08:54:11,451][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filterBypass [] [2015-06-11 08:54:11,451][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 1.: ACRule [hosts=null, users=null, roles=[admin], indices=null, aliases=null, filters_execute=[], filters_bypass=[*], isDefault()=false, __Comment__="For role admin all filters are bypassed (so none will be executed). This means unrestricted access."] [2015-06-11 08:54:11,451][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User wildcard match [2015-06-11 08:54:11,451][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User does not have role admin [2015-06-11 08:54:11,451][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] No role does not match [2015-06-11 08:54:11,451][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:11,451][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:11,451][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 2.: ACRule [hosts=null, users=[spock], roles=null, indices=[abc, .kibana], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:11,451][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User mahesh does not match [2015-06-11 08:54:11,452][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:11,452][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:11,452][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:11,452][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 3.: ACRule [hosts=null, users=[mahesh], roles=null, indices=[.kibana, ea], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:11,452][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User mahesh match [2015-06-11 08:54:11,452][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:11,452][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:11,452][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Identity would match, see if aliases and indices are also ok? [2015-06-11 08:54:11,452][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Alias wildcard match [2015-06-11 08:54:11,452][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] typeAndMatch(): request .kibana, granted .kibana, requestedTypes [index-pattern] [2015-06-11 08:54:11,453][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard indices/aliases: .kibana -> .kibana [2015-06-11 08:54:11,453][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard without types: .kibana -> .kibana [2015-06-11 08:54:11,453][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] -->Index .kibana match .kibana [2015-06-11 08:54:11,453][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Index .kibana has a matching pattern [2015-06-11 08:54:11,453][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] ----> APPLY RULE <---- which means the following executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:11,453][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Final executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:11,461][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/search[phase/query+fetch] from xxx.com_client to zzz.com_data [2015-06-11 08:54:11,581][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:11,582][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:54:11,582][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:11,582][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:11,582][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:11,582][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:54:11,582][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:11,582][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:11,582][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:11,582][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:54:11,582][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:11,582][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:11,583][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to zzz.com_data [2015-06-11 08:54:11,586][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:54:11,715][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] --> Rest request null/null GET /.kibana/_mapping/*/field/_source (loopback?: false) [2015-06-11 08:54:11,715][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] execute filter DEFAULT [2015-06-11 08:54:11,715][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] This is a connection from xxx_IP [2015-06-11 08:54:11,715][DEBUG][com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator] User 'User [name=mahesh, roles=[enduser]]' is authenticated [2015-06-11 08:54:11,715][INFO ][com.floragunn.searchguard.rest.DefaultRestFilter] Authenticated user is User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:11,717][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:admin/mappings/fields/get (class org.elasticsearch.action.admin.indices.mapping.get.GetFieldMappingsRequest) from INTRANODE [2015-06-11 08:54:11,718][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard_resolved_rest_address=>/xxx_IP] [2015-06-11 08:54:11,718][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:11,718][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:11,718][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:admin/mappings/fields/get (class org.elasticsearch.action.admin.indices.mapping.get.GetFieldMappingsRequest) from INTRANODE [2015-06-11 08:54:11,719][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*]] [2015-06-11 08:54:11,719][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:11,719][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:11,719][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:admin/mappings/fields/get (class org.elasticsearch.action.admin.indices.mapping.get.GetFieldMappingsRequest) from INTRANODE [2015-06-11 08:54:11,719][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*]] [2015-06-11 08:54:11,719][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:11,720][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:11,728][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] user User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:11,728][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedHostAddress: xxx_IP OR xxx.com [2015-06-11 08:54:11,729][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedAliases: [*] [2015-06-11 08:54:11,729][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedIndices: [.kibana] [2015-06-11 08:54:11,729][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedTypes: [*] [2015-06-11 08:54:11,730][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Checking 3 rules [2015-06-11 08:54:11,730][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filtersExecute [] [2015-06-11 08:54:11,730][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filterBypass [] [2015-06-11 08:54:11,730][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 1.: ACRule [hosts=null, users=null, roles=[admin], indices=null, aliases=null, filters_execute=[], filters_bypass=[*], isDefault()=false, __Comment__="For role admin all filters are bypassed (so none will be executed). This means unrestricted access."] [2015-06-11 08:54:11,730][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User wildcard match [2015-06-11 08:54:11,730][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User does not have role admin [2015-06-11 08:54:11,730][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] No role does not match [2015-06-11 08:54:11,731][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:11,731][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:11,731][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 2.: ACRule [hosts=null, users=[spock], roles=null, indices=[abc, .kibana], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:11,731][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User mahesh does not match [2015-06-11 08:54:11,731][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:11,731][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:11,731][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:11,732][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 3.: ACRule [hosts=null, users=[mahesh], roles=null, indices=[.kibana, ea], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:11,732][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User mahesh match [2015-06-11 08:54:11,732][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:11,732][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:11,732][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Identity would match, see if aliases and indices are also ok? [2015-06-11 08:54:11,732][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Alias wildcard match [2015-06-11 08:54:11,732][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] typeAndMatch(): request .kibana, granted .kibana, requestedTypes [*] [2015-06-11 08:54:11,733][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard indices/aliases: .kibana -> .kibana [2015-06-11 08:54:11,733][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard without types: .kibana -> .kibana [2015-06-11 08:54:11,733][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] -->Index .kibana match .kibana [2015-06-11 08:54:11,733][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Index .kibana has a matching pattern [2015-06-11 08:54:11,733][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] ----> APPLY RULE <---- which means the following executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:11,733][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Final executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:11,737][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:admin/mappings/fields/get[index] (class org.elasticsearch.action.admin.indices.mapping.get.GetFieldMappingsIndexRequest) from INTRANODE [2015-06-11 08:54:11,737][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], _searchguard_token_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator@e47831d, searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>xxx.com/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*], searchguard_ac_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator$Evaluator@d5692b8] [2015-06-11 08:54:11,737][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [searchguard_authenticated_user, searchguard_resolved_rest_address, searchguard.actionrequestfilter.readonly_kibana.forbidden_actions, searchguard_filter, searchguard_ac_evaluator, searchguard.actionrequestfilter.readonly.allowed_actions, searchguard.actionrequestfilter.readonly_kibana.allowed_actions, searchguard.actionrequestfilter.readonly.forbidden_actions] [2015-06-11 08:54:11,737][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:11,737][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:admin/mappings/fields/get[index] (class org.elasticsearch.action.admin.indices.mapping.get.GetFieldMappingsIndexRequest) from INTRANODE [2015-06-11 08:54:11,738][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], _searchguard_token_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator@e47831d, searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>xxx.com/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*], searchguard_ac_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator$Evaluator@d5692b8] [2015-06-11 08:54:11,738][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [searchguard_authenticated_user, searchguard_resolved_rest_address, searchguard.actionrequestfilter.readonly_kibana.forbidden_actions, searchguard_filter, searchguard_ac_evaluator, searchguard.actionrequestfilter.readonly.allowed_actions, searchguard.actionrequestfilter.readonly_kibana.allowed_actions, searchguard.actionrequestfilter.readonly.forbidden_actions] [2015-06-11 08:54:11,738][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:11,738][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:admin/mappings/fields/get[index] (class org.elasticsearch.action.admin.indices.mapping.get.GetFieldMappingsIndexRequest) from INTRANODE [2015-06-11 08:54:11,738][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], _searchguard_token_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator@e47831d, searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>xxx.com/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*], searchguard_ac_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator$Evaluator@d5692b8] [2015-06-11 08:54:11,738][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [searchguard_authenticated_user, searchguard_resolved_rest_address, searchguard.actionrequestfilter.readonly_kibana.forbidden_actions, searchguard_filter, searchguard_ac_evaluator, searchguard.actionrequestfilter.readonly.allowed_actions, searchguard.actionrequestfilter.readonly_kibana.allowed_actions, searchguard.actionrequestfilter.readonly.forbidden_actions] [2015-06-11 08:54:11,739][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:11,740][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] user User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:11,740][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedHostAddress: xxx_IP OR xxx.com [2015-06-11 08:54:11,740][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedAliases: [*] [2015-06-11 08:54:11,740][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedIndices: [.kibana] [2015-06-11 08:54:11,740][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedTypes: [*] [2015-06-11 08:54:11,741][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Checking 3 rules [2015-06-11 08:54:11,741][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filtersExecute [] [2015-06-11 08:54:11,741][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filterBypass [] [2015-06-11 08:54:11,742][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 1.: ACRule [hosts=null, users=null, roles=[admin], indices=null, aliases=null, filters_execute=[], filters_bypass=[*], isDefault()=false, __Comment__="For role admin all filters are bypassed (so none will be executed). This means unrestricted access."] [2015-06-11 08:54:11,742][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User wildcard match [2015-06-11 08:54:11,742][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User does not have role admin [2015-06-11 08:54:11,742][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] No role does not match [2015-06-11 08:54:11,742][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:11,742][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:11,742][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 2.: ACRule [hosts=null, users=[spock], roles=null, indices=[abc, .kibana], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:11,743][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User mahesh does not match [2015-06-11 08:54:11,743][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:11,743][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:11,743][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:11,743][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 3.: ACRule [hosts=null, users=[mahesh], roles=null, indices=[.kibana, ea], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:11,743][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User mahesh match [2015-06-11 08:54:11,743][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:11,744][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:11,744][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Identity would match, see if aliases and indices are also ok? [2015-06-11 08:54:11,744][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Alias wildcard match [2015-06-11 08:54:11,744][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] typeAndMatch(): request .kibana, granted .kibana, requestedTypes [*] [2015-06-11 08:54:11,744][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard indices/aliases: .kibana -> .kibana [2015-06-11 08:54:11,744][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard without types: .kibana -> .kibana [2015-06-11 08:54:11,744][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] -->Index .kibana match .kibana [2015-06-11 08:54:11,744][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Index .kibana has a matching pattern [2015-06-11 08:54:11,745][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] ----> APPLY RULE <---- which means the following executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:11,745][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Final executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:11,748][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:admin/mappings/fields/get[index][s] from xxx.com_client to zzz.com_data [2015-06-11 08:54:11,840][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:54:11,987][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] --> Rest request null/null POST /_mget (loopback?: false) [2015-06-11 08:54:11,987][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] execute filter DEFAULT [2015-06-11 08:54:11,987][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] This is a connection from xxx_IP [2015-06-11 08:54:11,988][DEBUG][com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator] User 'User [name=mahesh, roles=[enduser]]' is authenticated [2015-06-11 08:54:11,988][INFO ][com.floragunn.searchguard.rest.DefaultRestFilter] Authenticated user is User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:11,988][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/mget (class org.elasticsearch.action.get.MultiGetRequest) from INTRANODE [2015-06-11 08:54:11,988][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard_resolved_rest_address=>/xxx_IP] [2015-06-11 08:54:11,989][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:11,989][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:11,989][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/mget (class org.elasticsearch.action.get.MultiGetRequest) from INTRANODE [2015-06-11 08:54:11,989][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*]] [2015-06-11 08:54:11,989][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:11,989][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:11,989][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/mget (class org.elasticsearch.action.get.MultiGetRequest) from INTRANODE [2015-06-11 08:54:11,989][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*]] [2015-06-11 08:54:11,989][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:11,990][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:11,996][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] user User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:11,996][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedHostAddress: xxx_IP OR xxx.com [2015-06-11 08:54:11,996][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedAliases: [*] [2015-06-11 08:54:11,996][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedIndices: [.kibana] [2015-06-11 08:54:11,996][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedTypes: [index-pattern] [2015-06-11 08:54:11,998][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Checking 3 rules [2015-06-11 08:54:11,998][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filtersExecute [] [2015-06-11 08:54:11,998][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filterBypass [] [2015-06-11 08:54:11,998][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 1.: ACRule [hosts=null, users=null, roles=[admin], indices=null, aliases=null, filters_execute=[], filters_bypass=[*], isDefault()=false, __Comment__="For role admin all filters are bypassed (so none will be executed). This means unrestricted access."] [2015-06-11 08:54:11,998][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User wildcard match [2015-06-11 08:54:11,998][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User does not have role admin [2015-06-11 08:54:11,998][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] No role does not match [2015-06-11 08:54:11,998][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:11,999][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:11,999][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 2.: ACRule [hosts=null, users=[spock], roles=null, indices=[abc, .kibana], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:11,999][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User mahesh does not match [2015-06-11 08:54:11,999][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:11,999][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:11,999][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:11,999][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 3.: ACRule [hosts=null, users=[mahesh], roles=null, indices=[.kibana, ea], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:11,999][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User mahesh match [2015-06-11 08:54:11,999][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:11,999][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:12,000][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Identity would match, see if aliases and indices are also ok? [2015-06-11 08:54:12,000][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Alias wildcard match [2015-06-11 08:54:12,000][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] typeAndMatch(): request .kibana, granted .kibana, requestedTypes [index-pattern] [2015-06-11 08:54:12,000][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard indices/aliases: .kibana -> .kibana [2015-06-11 08:54:12,000][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard without types: .kibana -> .kibana [2015-06-11 08:54:12,000][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] -->Index .kibana match .kibana [2015-06-11 08:54:12,001][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Index .kibana has a matching pattern [2015-06-11 08:54:12,001][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] ----> APPLY RULE <---- which means the following executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:12,001][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Final executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:12,002][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/mget[shard] (class org.elasticsearch.action.get.MultiGetShardRequest) from INTRANODE [2015-06-11 08:54:12,003][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], _searchguard_token_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator@367acabf, searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>xxx.com/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*], searchguard_ac_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator$Evaluator@5f96f26e] [2015-06-11 08:54:12,003][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [searchguard_authenticated_user, searchguard_resolved_rest_address, searchguard.actionrequestfilter.readonly_kibana.forbidden_actions, searchguard_filter, searchguard_ac_evaluator, searchguard.actionrequestfilter.readonly.allowed_actions, searchguard.actionrequestfilter.readonly_kibana.allowed_actions, searchguard.actionrequestfilter.readonly.forbidden_actions] [2015-06-11 08:54:12,003][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:12,003][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/mget[shard] (class org.elasticsearch.action.get.MultiGetShardRequest) from INTRANODE [2015-06-11 08:54:12,003][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], _searchguard_token_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator@367acabf, searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>xxx.com/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*], searchguard_ac_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator$Evaluator@5f96f26e] [2015-06-11 08:54:12,003][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [searchguard_authenticated_user, searchguard_resolved_rest_address, searchguard.actionrequestfilter.readonly_kibana.forbidden_actions, searchguard_filter, searchguard_ac_evaluator, searchguard.actionrequestfilter.readonly.allowed_actions, searchguard.actionrequestfilter.readonly_kibana.allowed_actions, searchguard.actionrequestfilter.readonly.forbidden_actions] [2015-06-11 08:54:12,003][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:12,003][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/mget[shard] (class org.elasticsearch.action.get.MultiGetShardRequest) from INTRANODE [2015-06-11 08:54:12,004][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], _searchguard_token_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator@367acabf, searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>xxx.com/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*], searchguard_ac_evaluator=>com.floragunn.searchguard.tokeneval.TokenEvaluator$Evaluator@5f96f26e] [2015-06-11 08:54:12,004][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [searchguard_authenticated_user, searchguard_resolved_rest_address, searchguard.actionrequestfilter.readonly_kibana.forbidden_actions, searchguard_filter, searchguard_ac_evaluator, searchguard.actionrequestfilter.readonly.allowed_actions, searchguard.actionrequestfilter.readonly_kibana.allowed_actions, searchguard.actionrequestfilter.readonly.forbidden_actions] [2015-06-11 08:54:12,004][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:12,005][WARN ][com.floragunn.searchguard.filter.SearchGuardActionFilter] Cannot determine types for indices:data/read/mget[shard] (class org.elasticsearch.action.get.MultiGetShardRequest) due to type[s]() method not found [2015-06-11 08:54:12,005][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] user User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:12,005][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedHostAddress: xxx_IP OR xxx.com [2015-06-11 08:54:12,005][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedAliases: [*] [2015-06-11 08:54:12,005][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedIndices: [.kibana] [2015-06-11 08:54:12,005][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedTypes: [*] [2015-06-11 08:54:12,006][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Checking 3 rules [2015-06-11 08:54:12,006][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filtersExecute [] [2015-06-11 08:54:12,006][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filterBypass [] [2015-06-11 08:54:12,006][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 1.: ACRule [hosts=null, users=null, roles=[admin], indices=null, aliases=null, filters_execute=[], filters_bypass=[*], isDefault()=false, __Comment__="For role admin all filters are bypassed (so none will be executed). This means unrestricted access."] [2015-06-11 08:54:12,006][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User wildcard match [2015-06-11 08:54:12,006][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User does not have role admin [2015-06-11 08:54:12,006][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] No role does not match [2015-06-11 08:54:12,006][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:12,007][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:12,007][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 2.: ACRule [hosts=null, users=[spock], roles=null, indices=[abc, .kibana], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:12,007][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User mahesh does not match [2015-06-11 08:54:12,007][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:12,007][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:12,007][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:12,007][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 3.: ACRule [hosts=null, users=[mahesh], roles=null, indices=[.kibana, ea], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:12,007][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User mahesh match [2015-06-11 08:54:12,007][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:12,007][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:12,008][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Identity would match, see if aliases and indices are also ok? [2015-06-11 08:54:12,008][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Alias wildcard match [2015-06-11 08:54:12,008][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] typeAndMatch(): request .kibana, granted .kibana, requestedTypes [*] [2015-06-11 08:54:12,008][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard indices/aliases: .kibana -> .kibana [2015-06-11 08:54:12,008][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard without types: .kibana -> .kibana [2015-06-11 08:54:12,008][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] -->Index .kibana match .kibana [2015-06-11 08:54:12,008][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Index .kibana has a matching pattern [2015-06-11 08:54:12,008][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] ----> APPLY RULE <---- which means the following executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:12,008][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Final executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:12,015][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/mget[shard][s] from xxx.com_client to yyy.com_data [2015-06-11 08:54:12,584][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:12,585][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:54:12,585][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:12,585][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:12,585][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:12,585][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:54:12,586][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:12,586][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:12,586][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:12,586][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:54:12,586][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:12,586][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:12,586][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to yyy.com_data [2015-06-11 08:54:12,589][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:54:12,599][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] --> Rest request null/null GET /_template/marvel (loopback?: false) [2015-06-11 08:54:12,599][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] execute filter DEFAULT [2015-06-11 08:54:12,599][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] This is a connection from xxx_IP [2015-06-11 08:54:12,602][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] --> Rest request null/null PUT /_template/marvel (loopback?: false) [2015-06-11 08:54:12,602][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] execute filter DEFAULT [2015-06-11 08:54:12,602][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] This is a connection from xxx_IP [2015-06-11 08:54:12,603][ERROR][marvel.agent.exporter ] [xxx.com_client] error adding the marvel template to [xxx_IP:9200] response code [401 Unauthorized]. content: [] [2015-06-11 08:54:12,604][ERROR][marvel.agent.exporter ] [xxx.com_client] failed to verify/upload the marvel template to [xxx_IP:9200]: Server returned HTTP response code: 401 for URL: http://xxx_IP:9200/_template/marvel [2015-06-11 08:54:12,605][ERROR][marvel.agent.exporter ] [xxx.com_client] could not connect to any configured elasticsearch instances: [xxx_IP:9200] [2015-06-11 08:54:12,843][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:54:12,915][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] --> Rest request null/null POST /.kibana/__kibanaQueryValidator/_validate/query (loopback?: false) [2015-06-11 08:54:12,915][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] execute filter DEFAULT [2015-06-11 08:54:12,916][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] This is a connection from xxx_IP [2015-06-11 08:54:12,916][DEBUG][com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator] User 'User [name=mahesh, roles=[enduser]]' is authenticated [2015-06-11 08:54:12,916][INFO ][com.floragunn.searchguard.rest.DefaultRestFilter] Authenticated user is User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:12,918][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:admin/validate/query (class org.elasticsearch.action.admin.indices.validate.query.ValidateQueryRequest) from INTRANODE [2015-06-11 08:54:12,918][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard_resolved_rest_address=>/xxx_IP] [2015-06-11 08:54:12,918][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:12,918][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:12,918][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:admin/validate/query (class org.elasticsearch.action.admin.indices.validate.query.ValidateQueryRequest) from INTRANODE [2015-06-11 08:54:12,918][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*]] [2015-06-11 08:54:12,919][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:12,919][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:12,919][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:admin/validate/query (class org.elasticsearch.action.admin.indices.validate.query.ValidateQueryRequest) from INTRANODE [2015-06-11 08:54:12,919][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*]] [2015-06-11 08:54:12,919][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:12,919][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:12,925][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] user User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:12,925][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedHostAddress: xxx_IP OR xxx.com [2015-06-11 08:54:12,926][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedAliases: [*] [2015-06-11 08:54:12,926][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedIndices: [.kibana] [2015-06-11 08:54:12,926][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedTypes: [__kibanaQueryValidator] [2015-06-11 08:54:12,926][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Checking 3 rules [2015-06-11 08:54:12,926][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filtersExecute [] [2015-06-11 08:54:12,927][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filterBypass [] [2015-06-11 08:54:12,927][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 1.: ACRule [hosts=null, users=null, roles=[admin], indices=null, aliases=null, filters_execute=[], filters_bypass=[*], isDefault()=false, __Comment__="For role admin all filters are bypassed (so none will be executed). This means unrestricted access."] [2015-06-11 08:54:12,927][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User wildcard match [2015-06-11 08:54:12,927][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User does not have role admin [2015-06-11 08:54:12,927][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] No role does not match [2015-06-11 08:54:12,927][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:12,928][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:12,928][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 2.: ACRule [hosts=null, users=[spock], roles=null, indices=[abc, .kibana], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:12,928][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User mahesh does not match [2015-06-11 08:54:12,928][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:12,928][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:12,928][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:12,928][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 3.: ACRule [hosts=null, users=[mahesh], roles=null, indices=[.kibana, ea], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:12,929][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User mahesh match [2015-06-11 08:54:12,929][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:12,929][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:12,929][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Identity would match, see if aliases and indices are also ok? [2015-06-11 08:54:12,929][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Alias wildcard match [2015-06-11 08:54:12,929][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] typeAndMatch(): request .kibana, granted .kibana, requestedTypes [__kibanaQueryValidator] [2015-06-11 08:54:12,929][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard indices/aliases: .kibana -> .kibana [2015-06-11 08:54:12,930][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard without types: .kibana -> .kibana [2015-06-11 08:54:12,930][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] -->Index .kibana match .kibana [2015-06-11 08:54:12,930][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Index .kibana has a matching pattern [2015-06-11 08:54:12,930][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] ----> APPLY RULE <---- which means the following executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:12,930][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Final executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:12,937][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:admin/validate/query[s] from xxx.com_client to zzz.com_data [2015-06-11 08:54:12,991][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] --> Rest request null/null POST /_msearch (loopback?: false) [2015-06-11 08:54:12,992][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] execute filter DEFAULT [2015-06-11 08:54:12,992][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] This is a connection from xxx_IP [2015-06-11 08:54:12,993][DEBUG][com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator] User 'User [name=mahesh, roles=[enduser]]' is authenticated [2015-06-11 08:54:12,993][INFO ][com.floragunn.searchguard.rest.DefaultRestFilter] Authenticated user is User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:12,993][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] --> Rest request null/null POST /.kibana/__kibanaQueryValidator/_validate/query (loopback?: false) [2015-06-11 08:54:12,993][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] execute filter DEFAULT [2015-06-11 08:54:12,994][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] This is a connection from xxx_IP [2015-06-11 08:54:12,994][DEBUG][com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator] User 'User [name=mahesh, roles=[enduser]]' is authenticated [2015-06-11 08:54:12,994][INFO ][com.floragunn.searchguard.rest.DefaultRestFilter] Authenticated user is User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:12,994][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:admin/validate/query (class org.elasticsearch.action.admin.indices.validate.query.ValidateQueryRequest) from INTRANODE [2015-06-11 08:54:12,995][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard_resolved_rest_address=>/xxx_IP] [2015-06-11 08:54:12,997][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:12,997][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:12,997][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:admin/validate/query (class org.elasticsearch.action.admin.indices.validate.query.ValidateQueryRequest) from INTRANODE [2015-06-11 08:54:12,997][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*]] [2015-06-11 08:54:12,997][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:12,998][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:12,998][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:admin/validate/query (class org.elasticsearch.action.admin.indices.validate.query.ValidateQueryRequest) from INTRANODE [2015-06-11 08:54:12,998][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*]] [2015-06-11 08:54:12,998][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:12,998][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:12,995][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/msearch (class org.elasticsearch.action.search.MultiSearchRequest) from INTRANODE [2015-06-11 08:54:13,000][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard_resolved_rest_address=>/xxx_IP] [2015-06-11 08:54:13,000][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:13,000][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:13,001][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/msearch (class org.elasticsearch.action.search.MultiSearchRequest) from INTRANODE [2015-06-11 08:54:13,001][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*]] [2015-06-11 08:54:13,001][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:13,001][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:13,001][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/msearch (class org.elasticsearch.action.search.MultiSearchRequest) from INTRANODE [2015-06-11 08:54:13,002][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*]] [2015-06-11 08:54:13,002][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:13,002][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:13,012][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] --> Rest request null/null POST /.kibana/__kibanaQueryValidator/_validate/query (loopback?: false) [2015-06-11 08:54:13,015][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] execute filter DEFAULT [2015-06-11 08:54:13,016][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] This is a connection from xxx_IP [2015-06-11 08:54:13,018][DEBUG][com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator] User 'User [name=mahesh, roles=[enduser]]' is authenticated [2015-06-11 08:54:13,018][INFO ][com.floragunn.searchguard.rest.DefaultRestFilter] Authenticated user is User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:13,018][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:admin/validate/query (class org.elasticsearch.action.admin.indices.validate.query.ValidateQueryRequest) from INTRANODE [2015-06-11 08:54:13,019][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard_resolved_rest_address=>/xxx_IP] [2015-06-11 08:54:13,019][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:13,019][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:13,019][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:admin/validate/query (class org.elasticsearch.action.admin.indices.validate.query.ValidateQueryRequest) from INTRANODE [2015-06-11 08:54:13,019][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*]] [2015-06-11 08:54:13,019][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:13,020][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:13,020][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:admin/validate/query (class org.elasticsearch.action.admin.indices.validate.query.ValidateQueryRequest) from INTRANODE [2015-06-11 08:54:13,020][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [searchguard.actionrequestfilter.readonly_kibana.forbidden_actions=>[], searchguard_filter=>[actionrequestfilter:readonly_kibana, actionrequestfilter:readonly], searchguard_authenticated_user=>User [name=mahesh, roles=[enduser]], searchguard.actionrequestfilter.readonly.forbidden_actions=>[cluster:*, indices:admin*], searchguard.actionrequestfilter.readonly_kibana.allowed_actions=>[cluster:monitor/nodes/info, cluster:monitor/health, indices:admin/mappings/fields/get*, indices:admin/validate/query, indices:data/read/*, indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/refresh, indices:admin/validate/query, indices:data/write/delete, indices:data/write/index, indices:data/write/update, indices:admin/create], searchguard_resolved_rest_address=>/xxx_IP, searchguard.actionrequestfilter.readonly.allowed_actions=>[indices:data/read/*, *monitor*]] [2015-06-11 08:54:13,020][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:13,020][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: rest authenticated request, apply filters [2015-06-11 08:54:13,026][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] user User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:13,022][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] user User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:13,040][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedHostAddress: xxx_IP OR xxx.com [2015-06-11 08:54:13,041][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedHostAddress: xxx_IP OR xxx.com [2015-06-11 08:54:13,041][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedAliases: [*] [2015-06-11 08:54:13,041][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedAliases: [*] [2015-06-11 08:54:13,041][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedIndices: [abc] [2015-06-11 08:54:13,041][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedIndices: [.kibana] [2015-06-11 08:54:13,041][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedTypes: [*] [2015-06-11 08:54:13,041][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedTypes: [__kibanaQueryValidator] [2015-06-11 08:54:13,042][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Checking 3 rules [2015-06-11 08:54:13,042][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Checking 3 rules [2015-06-11 08:54:13,042][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filtersExecute [] [2015-06-11 08:54:13,043][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filtersExecute [] [2015-06-11 08:54:13,043][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filterBypass [] [2015-06-11 08:54:13,043][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filterBypass [] [2015-06-11 08:54:13,043][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 1.: ACRule [hosts=null, users=null, roles=[admin], indices=null, aliases=null, filters_execute=[], filters_bypass=[*], isDefault()=false, __Comment__="For role admin all filters are bypassed (so none will be executed). This means unrestricted access."] [2015-06-11 08:54:13,043][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User wildcard match [2015-06-11 08:54:13,043][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 1.: ACRule [hosts=null, users=null, roles=[admin], indices=null, aliases=null, filters_execute=[], filters_bypass=[*], isDefault()=false, __Comment__="For role admin all filters are bypassed (so none will be executed). This means unrestricted access."] [2015-06-11 08:54:13,044][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User does not have role admin [2015-06-11 08:54:13,044][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User wildcard match [2015-06-11 08:54:13,044][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] No role does not match [2015-06-11 08:54:13,044][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:13,044][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:13,044][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 2.: ACRule [hosts=null, users=[spock], roles=null, indices=[abc, .kibana], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:13,045][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User mahesh does not match [2015-06-11 08:54:13,045][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:13,045][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:13,045][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:13,044][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User does not have role admin [2015-06-11 08:54:13,045][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] No role does not match [2015-06-11 08:54:13,046][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:13,046][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:13,046][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 2.: ACRule [hosts=null, users=[spock], roles=null, indices=[abc, .kibana], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:13,046][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User mahesh does not match [2015-06-11 08:54:13,046][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:13,046][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:13,046][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:13,047][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 3.: ACRule [hosts=null, users=[mahesh], roles=null, indices=[.kibana, ea], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:13,047][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User mahesh match [2015-06-11 08:54:13,047][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:13,047][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:13,047][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Identity would match, see if aliases and indices are also ok? [2015-06-11 08:54:13,048][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Alias wildcard match [2015-06-11 08:54:13,048][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] typeAndMatch(): request .kibana, granted .kibana, requestedTypes [__kibanaQueryValidator] [2015-06-11 08:54:13,048][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard indices/aliases: .kibana -> .kibana [2015-06-11 08:54:13,048][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard without types: .kibana -> .kibana [2015-06-11 08:54:13,048][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] -->Index .kibana match .kibana [2015-06-11 08:54:13,048][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Index .kibana has a matching pattern [2015-06-11 08:54:13,049][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] ----> APPLY RULE <---- which means the following executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:13,049][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Final executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:13,044][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] user User [name=mahesh, roles=[enduser]] [2015-06-11 08:54:13,045][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 3.: ACRule [hosts=null, users=[mahesh], roles=null, indices=[.kibana, ea], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:13,050][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User mahesh match [2015-06-11 08:54:13,050][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:13,050][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:13,050][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Identity would match, see if aliases and indices are also ok? [2015-06-11 08:54:13,050][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Alias wildcard match [2015-06-11 08:54:13,050][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedHostAddress: xxx_IP OR xxx.com [2015-06-11 08:54:13,051][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] typeAndMatch(): request abc, granted .kibana, requestedTypes [*] [2015-06-11 08:54:13,051][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Index abc not match .kibana [2015-06-11 08:54:13,051][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] typeAndMatch(): request abc, granted ea, requestedTypes [*] [2015-06-11 08:54:13,051][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Index abc not match ea [2015-06-11 08:54:13,051][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Index abc does not have a matching pattern, skip this rule [2015-06-11 08:54:13,051][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Final executeFilters: []/bypassFilters: [] [2015-06-11 08:54:13,051][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedAliases: [*] [2015-06-11 08:54:13,053][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedIndices: [.kibana] [2015-06-11 08:54:13,053][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] requestedTypes: [__kibanaQueryValidator] [2015-06-11 08:54:13,053][ERROR][com.floragunn.searchguard.filter.SearchGuardActionFilter] Error while apply() due to com.floragunn.searchguard.tokeneval.MalformedConfigurationException: no bypass or execute filters at all for action indices:data/read/msearch com.floragunn.searchguard.tokeneval.MalformedConfigurationException: no bypass or execute filters at all at com.floragunn.searchguard.tokeneval.TokenEvaluator$Evaluator.validateAndMerge(TokenEvaluator.java:374) at com.floragunn.searchguard.tokeneval.TokenEvaluator$Evaluator.(TokenEvaluator.java:362) at com.floragunn.searchguard.tokeneval.TokenEvaluator.getEvaluator(TokenEvaluator.java:310) at com.floragunn.searchguard.filter.SearchGuardActionFilter.apply0(SearchGuardActionFilter.java:250) at com.floragunn.searchguard.filter.SearchGuardActionFilter.apply(SearchGuardActionFilter.java:89) at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:165) at com.floragunn.searchguard.filter.FLSActionFilter.applySecure(FLSActionFilter.java:76) at com.floragunn.searchguard.filter.AbstractActionFilter.apply(AbstractActionFilter.java:97) at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:165) at com.floragunn.searchguard.filter.DLSActionFilter.applySecure(DLSActionFilter.java:73) at com.floragunn.searchguard.filter.AbstractActionFilter.apply(AbstractActionFilter.java:97) at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:165) at com.floragunn.searchguard.filter.RequestActionFilter.applySecure(RequestActionFilter.java:94) at com.floragunn.searchguard.filter.AbstractActionFilter.apply(AbstractActionFilter.java:97) at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:165) at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:82) at org.elasticsearch.client.node.NodeClient.execute(NodeClient.java:98) at org.elasticsearch.client.FilterClient.execute(FilterClient.java:66) at org.elasticsearch.rest.BaseRestHandler$HeadersAndContextCopyClient.execute(BaseRestHandler.java:92) at org.elasticsearch.client.support.AbstractClient.multiSearch(AbstractClient.java:364) at org.elasticsearch.rest.action.search.RestMultiSearchAction.handleRequest(RestMultiSearchAction.java:66) at org.elasticsearch.rest.BaseRestHandler.handleRequest(BaseRestHandler.java:53) at org.elasticsearch.rest.RestController.executeHandler(RestController.java:225) at org.elasticsearch.rest.RestController$RestHandlerFilter.process(RestController.java:299) at org.elasticsearch.rest.RestController$ControllerFilterChain.continueProcessing(RestController.java:280) at com.floragunn.searchguard.rest.DefaultRestFilter.processSecure(DefaultRestFilter.java:37) at com.floragunn.searchguard.rest.AbstractACRestFilter.process(AbstractACRestFilter.java:198) at org.elasticsearch.rest.RestController$ControllerFilterChain.continueProcessing(RestController.java:283) at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:180) at org.elasticsearch.http.HttpServer.internalDispatchRequest(HttpServer.java:121) at org.elasticsearch.http.HttpServer$Dispatcher.dispatchRequest(HttpServer.java:83) at org.elasticsearch.http.netty.NettyHttpServerTransport.dispatchRequest(NettyHttpServerTransport.java:329) at org.elasticsearch.http.netty.HttpRequestHandler.messageReceived(HttpRequestHandler.java:63) at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70) at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791) at org.elasticsearch.http.netty.pipelining.HttpPipeliningHandler.messageReceived(HttpPipeliningHandler.java:60) at org.elasticsearch.common.netty.channel.SimpleChannelHandler.handleUpstream(SimpleChannelHandler.java:88) at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791) at org.elasticsearch.common.netty.handler.codec.http.HttpChunkAggregator.messageReceived(HttpChunkAggregator.java:145) at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70) at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791) at org.elasticsearch.common.netty.handler.codec.http.HttpContentDecoder.messageReceived(HttpContentDecoder.java:108) at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70) at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791) at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:296) at org.elasticsearch.common.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:459) at org.elasticsearch.common.netty.handler.codec.replay.ReplayingDecoder.callDecode(ReplayingDecoder.java:536) at org.elasticsearch.common.netty.handler.codec.replay.ReplayingDecoder.messageReceived(ReplayingDecoder.java:435) at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70) at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791) at org.elasticsearch.common.netty.OpenChannelsHandler.handleUpstream(OpenChannelsHandler.java:74) at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559) at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:268) at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:255) at org.elasticsearch.common.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88) at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108) at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337) at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89) at org.elasticsearch.common.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178) at org.elasticsearch.common.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) at org.elasticsearch.common.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) [2015-06-11 08:54:13,055][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:admin/validate/query[s] from xxx.com_client to yyy.com_data [2015-06-11 08:54:13,054][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Checking 3 rules [2015-06-11 08:54:13,066][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filtersExecute [] [2015-06-11 08:54:13,066][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Default set to filterBypass [] [2015-06-11 08:54:13,066][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 1.: ACRule [hosts=null, users=null, roles=[admin], indices=null, aliases=null, filters_execute=[], filters_bypass=[*], isDefault()=false, __Comment__="For role admin all filters are bypassed (so none will be executed). This means unrestricted access."] [2015-06-11 08:54:13,067][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User wildcard match [2015-06-11 08:54:13,067][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User does not have role admin [2015-06-11 08:54:13,067][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] No role does not match [2015-06-11 08:54:13,067][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:13,067][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:13,067][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 2.: ACRule [hosts=null, users=[spock], roles=null, indices=[abc, .kibana], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:13,068][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] User mahesh does not match [2015-06-11 08:54:13,068][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:13,068][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:13,068][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Users or roles or hosts does not match, so we skip this rule [2015-06-11 08:54:13,069][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Check rule 3.: ACRule [hosts=null, users=[mahesh], roles=null, indices=[.kibana, ea], aliases=null, filters_execute=[actionrequestfilter.readonly_kibana], filters_bypass=[], isDefault()=false, __Comment__="This means that the user spock has readonly access on index abc and ea"] [2015-06-11 08:54:13,069][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> User mahesh match [2015-06-11 08:54:13,069][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Role wildcard match [2015-06-11 08:54:13,070][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Host wildcard match [2015-06-11 08:54:13,070][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Identity would match, see if aliases and indices are also ok? [2015-06-11 08:54:13,070][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] --> Alias wildcard match [2015-06-11 08:54:13,070][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] typeAndMatch(): request .kibana, granted .kibana, requestedTypes [__kibanaQueryValidator] [2015-06-11 08:54:13,070][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard indices/aliases: .kibana -> .kibana [2015-06-11 08:54:13,070][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Wildcard without types: .kibana -> .kibana [2015-06-11 08:54:13,075][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] -->Index .kibana match .kibana [2015-06-11 08:54:13,075][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Index .kibana has a matching pattern [2015-06-11 08:54:13,075][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] ----> APPLY RULE <---- which means the following executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:13,075][DEBUG][com.floragunn.searchguard.tokeneval.TokenEvaluator] Final executeFilters: [actionrequestfilter.readonly_kibana]/bypassFilters: [] [2015-06-11 08:54:13,077][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:admin/validate/query[s] from xxx.com_client to zzz.com_data [2015-06-11 08:54:13,588][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:13,588][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:54:13,588][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:13,608][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:13,608][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:13,608][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:54:13,608][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:13,608][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:13,609][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:13,609][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:54:13,609][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:13,609][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:13,609][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to zzz.com_data [2015-06-11 08:54:13,613][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:54:13,848][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:54:14,611][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:14,611][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:54:14,611][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:14,611][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:14,611][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:14,612][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:54:14,612][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:14,612][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:14,612][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:14,612][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:54:14,612][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:14,612][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:14,613][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to yyy.com_data [2015-06-11 08:54:14,616][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:54:14,850][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:54:15,615][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:15,615][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:54:15,615][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:15,615][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:15,615][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:15,615][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:54:15,616][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:15,616][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:15,616][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:15,616][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:54:15,616][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:15,616][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:15,617][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to zzz.com_data [2015-06-11 08:54:15,619][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:54:15,853][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:54:16,618][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:16,618][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Context [] [2015-06-11 08:54:16,618][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] Headers [] [2015-06-11 08:54:16,619][DEBUG][com.floragunn.searchguard.filter.RequestActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:16,619][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:16,619][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Context [] [2015-06-11 08:54:16,619][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] Headers [] [2015-06-11 08:54:16,619][DEBUG][com.floragunn.searchguard.filter.DLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:16,619][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] REQUEST on node xxx.com_client: indices:data/read/get (class org.elasticsearch.action.get.GetRequest) from INTRANODE [2015-06-11 08:54:16,619][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Context [] [2015-06-11 08:54:16,620][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] Headers [] [2015-06-11 08:54:16,620][DEBUG][com.floragunn.searchguard.filter.FLSActionFilter] TYPE: intra node request, skip filters [2015-06-11 08:54:16,620][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send indices:data/read/get[s] from xxx.com_client to yyy.com_data [2015-06-11 08:54:16,623][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [xxx.com_client] Security configuration reloaded [2015-06-11 08:54:16,851][INFO ][node ] [xxx.com_client] stopping ... [2015-06-11 08:54:16,856][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/fd/master_ping from xxx.com_client to zzz.com_data [2015-06-11 08:54:16,864][DEBUG][com.floragunn.searchguard.transport.SearchGuardNettyTransport] [xxx.com_client] send internal:discovery/zen/leave from xxx.com_client to zzz.com_data [2015-06-11 08:54:16,911][INFO ][node ] [xxx.com_client] stopped [2015-06-11 08:54:16,912][INFO ][node ] [xxx.com_client] closing ... [2015-06-11 08:54:16,922][INFO ][node ] [xxx.com_client] closed