[2019-06-12T10:36:26,369][INFO ][o.e.n.Node ] [InterStat1] initializing ... [2019-06-12T10:36:26,712][INFO ][o.e.e.NodeEnvironment ] [InterStat1] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [16.8gb], net total_space [21.4gb], spins? [unknown], types [rootfs] [2019-06-12T10:36:26,712][INFO ][o.e.e.NodeEnvironment ] [InterStat1] heap size [1015.6mb], compressed ordinary object pointers [true] [2019-06-12T10:36:26,768][INFO ][o.e.n.Node ] [InterStat1] node name [InterStat1], node ID [3wsxg1t6QMWywYB1eHcT3Q] [2019-06-12T10:36:26,768][INFO ][o.e.n.Node ] [InterStat1] version[5.6.10], pid[21684], build[b727a60/2018-06-06T15:48:34.860Z], OS[Linux/3.10.0-957.21.2.el7.x86_64/amd64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/1.8.0_212/25.212-b04] [2019-06-12T10:36:26,768][INFO ][o.e.n.Node ] [InterStat1] JVM arguments [-Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+DisableExplicitGC, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -Djdk.io.permissionsUseCanonicalPath=true, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j.skipJansi=true, -XX:+HeapDumpOnOutOfMemoryError, -Des.path.home=/usr/share/elasticsearch] [2019-06-12T10:36:30,513][INFO ][c.f.s.SearchGuardPlugin ] Clustername: InterStat [2019-06-12T10:36:30,513][WARN ][c.f.s.SearchGuardPlugin ] ### LICENSE NOTICE Search Guard ### If you use one or more of the following features in production make sure you have a valid Search Guard license (See https://floragunn.com/searchguard-validate-license) * Kibana Multitenancy * LDAP authentication/authorization * Active Directory authentication/authorization * REST Management API * JSON Web Token (JWT) authentication/authorization * Kerberos authentication/authorization * Document- and Fieldlevel Security (DLS/FLS) * Auditlogging In case of any doubt mail to ################################### [2019-06-12T10:36:30,514][WARN ][c.f.s.SearchGuardPlugin ] Consider setting -Djdk.tls.rejectClientInitiatedRenegotiation=true to prevent DoS attacks through client side initiated TLS renegotiation. [2019-06-12T10:36:30,626][INFO ][c.f.s.SearchGuardPlugin ] Node [InterStat1] is a transportClient: false/tribeNode: false/tribeNodeClient: false [2019-06-12T10:36:30,641][INFO ][c.f.s.SearchGuardPlugin ] FLS/DLS module not available [2019-06-12T10:36:30,654][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.version: 1.8.0_212 [2019-06-12T10:36:30,654][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vendor: Oracle Corporation [2019-06-12T10:36:30,654][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.specification.version: 1.8 [2019-06-12T10:36:30,654][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.specification.vendor: Oracle Corporation [2019-06-12T10:36:30,654][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.specification.name: Java Virtual Machine Specification [2019-06-12T10:36:30,655][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.name: OpenJDK 64-Bit Server VM [2019-06-12T10:36:30,655][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.vendor: Oracle Corporation [2019-06-12T10:36:30,655][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.specification.version: 1.8 [2019-06-12T10:36:30,655][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.specification.vendor: Oracle Corporation [2019-06-12T10:36:30,655][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.specification.name: Java Platform API Specification [2019-06-12T10:36:30,655][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] os.name: Linux [2019-06-12T10:36:30,655][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] os.arch: amd64 [2019-06-12T10:36:30,656][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] os.version: 3.10.0-957.21.2.el7.x86_64 [2019-06-12T10:36:31,246][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] JVM supports the following 43 ciphers for transport [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] [2019-06-12T10:36:31,261][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] Config directory is /etc/elasticsearch/, from there the key- and truststore files are resolved relatively [2019-06-12T10:36:31,262][DEBUG][c.f.s.s.DefaultSearchGuardKeyStore] Value for searchguard.ssl.transport.keystore_filepath is InterTalk1-keystore.jks [2019-06-12T10:36:31,262][DEBUG][c.f.s.s.DefaultSearchGuardKeyStore] Resolved InterTalk1-keystore.jks to /etc/elasticsearch/InterTalk1-keystore.jks against /etc/elasticsearch [2019-06-12T10:36:31,262][DEBUG][c.f.s.s.DefaultSearchGuardKeyStore] Value for searchguard.ssl.transport.truststore_filepath is truststore.jks [2019-06-12T10:36:31,263][DEBUG][c.f.s.s.DefaultSearchGuardKeyStore] Resolved truststore.jks to /etc/elasticsearch/truststore.jks against /etc/elasticsearch [2019-06-12T10:36:31,283][DEBUG][c.f.s.s.u.SSLCertificateHelper] Keystore has 1 entries/aliases [2019-06-12T10:36:31,284][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias 1: is a certificate entry?false/is a key entry?true [2019-06-12T10:36:31,284][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias 1: chain len 2 [2019-06-12T10:36:31,289][DEBUG][c.f.s.s.u.SSLCertificateHelper] cert CN=InterTalk Critical Information Systems, OU=Ops, O=InterTalk Critical Information Systems of type -1 -> false [2019-06-12T10:36:31,290][DEBUG][c.f.s.s.u.SSLCertificateHelper] cert CN=InterTalk Critical Information Systems Root CA, OU=InterTalk Critical Information Systems Root CA, O=InterTalk Critical Information Systems of type 2147483647 -> true [2019-06-12T10:36:31,290][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias 1: single cert CN=InterTalk Critical Information Systems, OU=Ops, O=InterTalk Critical Information Systems of type -1 -> false [2019-06-12T10:36:31,290][INFO ][c.f.s.s.u.SSLCertificateHelper] No alias given, use the first one: 1 [2019-06-12T10:36:31,308][WARN ][c.f.s.s.u.SSLCertificateHelper] Certificate chain for alias 1 contains a root certificate [2019-06-12T10:36:31,308][DEBUG][c.f.s.s.u.SSLCertificateHelper] Keystore has 1 entries/aliases [2019-06-12T10:36:31,308][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias 1: is a certificate entry?false/is a key entry?true [2019-06-12T10:36:31,309][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias 1: chain len 2 [2019-06-12T10:36:31,309][DEBUG][c.f.s.s.u.SSLCertificateHelper] cert CN=InterTalk Critical Information Systems, OU=Ops, O=InterTalk Critical Information Systems of type -1 -> false [2019-06-12T10:36:31,309][DEBUG][c.f.s.s.u.SSLCertificateHelper] cert CN=InterTalk Critical Information Systems Root CA, OU=InterTalk Critical Information Systems Root CA, O=InterTalk Critical Information Systems of type 2147483647 -> true [2019-06-12T10:36:31,309][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias 1: single cert CN=InterTalk Critical Information Systems, OU=Ops, O=InterTalk Critical Information Systems of type -1 -> false [2019-06-12T10:36:31,339][DEBUG][c.f.s.s.u.SSLCertificateHelper] Keystore has 1 entries/aliases [2019-06-12T10:36:31,339][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias root-ca-chain: is a certificate entry?true/is a key entry?false [2019-06-12T10:36:31,339][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias root-ca-chain: single cert CN=InterTalk Critical Information Systems Root CA, OU=InterTalk Critical Information Systems Root CA, O=InterTalk Critical Information Systems of type 2147483647 -> true [2019-06-12T10:36:31,339][DEBUG][c.f.s.s.u.SSLCertificateHelper] No alias given, will trust all of the certificates in the store [2019-06-12T10:36:31,442][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] sslTransportServerProvider:JDK with ciphers [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256] [2019-06-12T10:36:31,442][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] sslHTTPProvider:null with ciphers [] [2019-06-12T10:36:31,442][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] sslTransport protocols [TLSv1.2, TLSv1.1] [2019-06-12T10:36:31,442][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] sslHTTP protocols [TLSv1.2, TLSv1.1] [2019-06-12T10:36:31,446][INFO ][o.e.p.PluginsService ] [InterStat1] loaded module [aggs-matrix-stats] [2019-06-12T10:36:31,446][INFO ][o.e.p.PluginsService ] [InterStat1] loaded module [ingest-common] [2019-06-12T10:36:31,446][INFO ][o.e.p.PluginsService ] [InterStat1] loaded module [lang-expression] [2019-06-12T10:36:31,446][INFO ][o.e.p.PluginsService ] [InterStat1] loaded module [lang-groovy] [2019-06-12T10:36:31,446][INFO ][o.e.p.PluginsService ] [InterStat1] loaded module [lang-mustache] [2019-06-12T10:36:31,446][INFO ][o.e.p.PluginsService ] [InterStat1] loaded module [lang-painless] [2019-06-12T10:36:31,446][INFO ][o.e.p.PluginsService ] [InterStat1] loaded module [parent-join] [2019-06-12T10:36:31,446][INFO ][o.e.p.PluginsService ] [InterStat1] loaded module [percolator] [2019-06-12T10:36:31,447][INFO ][o.e.p.PluginsService ] [InterStat1] loaded module [reindex] [2019-06-12T10:36:31,447][INFO ][o.e.p.PluginsService ] [InterStat1] loaded module [transport-netty3] [2019-06-12T10:36:31,447][INFO ][o.e.p.PluginsService ] [InterStat1] loaded module [transport-netty4] [2019-06-12T10:36:31,447][INFO ][o.e.p.PluginsService ] [InterStat1] loaded plugin [search-guard-5] [2019-06-12T10:36:36,420][DEBUG][o.e.a.ActionModule ] Using REST wrapper from plugin com.floragunn.searchguard.SearchGuardPlugin [2019-06-12T10:36:36,565][INFO ][c.f.s.SearchGuardPlugin ] FLS/DLS valve not bound (noop) due to java.lang.ClassNotFoundException: com.floragunn.searchguard.configuration.DlsFlsValveImpl [2019-06-12T10:36:36,566][INFO ][c.f.s.SearchGuardPlugin ] Auditlog not available due to java.lang.ClassNotFoundException: com.floragunn.searchguard.auditlog.impl.AuditLogImpl [2019-06-12T10:36:36,568][DEBUG][c.f.s.SearchGuardPlugin ] Using com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator as intercluster request evaluator class [2019-06-12T10:36:36,569][INFO ][c.f.s.SearchGuardPlugin ] Privileges interceptor not bound (noop) due to java.lang.ClassNotFoundException: com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl [2019-06-12T10:36:36,601][DEBUG][c.f.s.c.AdminDNs ] CN=InterTalk Critical Information Systems,OU=Ops,O=InterTalk Critical Information Systems is registered as an admin dn [2019-06-12T10:36:36,603][DEBUG][c.f.s.c.AdminDNs ] Loaded 1 admin DN's [CN=InterTalk Critical Information Systems,OU=Ops,O=InterTalk Critical Information Systems] [2019-06-12T10:36:36,605][DEBUG][c.f.s.c.AdminDNs ] Loaded 0 impersonation DN's {} [2019-06-12T10:36:36,626][DEBUG][c.f.s.c.ConfigurationLoader] Index is: searchguard [2019-06-12T10:36:36,629][DEBUG][c.f.s.c.IndexBaseConfigurationRepository] Subscribe on configuration changes by type config with listener com.floragunn.searchguard.http.XFFResolver@29f38091 [2019-06-12T10:36:36,721][DEBUG][c.f.s.c.IndexBaseConfigurationRepository] Subscribe on configuration changes by type config with listener com.floragunn.searchguard.auth.BackendRegistry@61874b9d [2019-06-12T10:36:36,909][DEBUG][c.f.s.h.SearchGuardNonSslHttpServerTransport] [InterStat1] using max_chunk_size[8kb], max_header_size[8kb], max_initial_line_length[4kb], max_content_length[100mb], receive_predictor[64kb->64kb], pipelining[true], pipelining_max_events[10000] [2019-06-12T10:36:36,911][INFO ][o.e.d.DiscoveryModule ] [InterStat1] using discovery type [zen] [2019-06-12T10:36:38,944][INFO ][o.e.n.Node ] [InterStat1] initialized [2019-06-12T10:36:38,944][INFO ][o.e.n.Node ] [InterStat1] starting ... [2019-06-12T10:36:39,123][DEBUG][c.f.s.s.t.SearchGuardSSLNettyTransport] [InterStat1] using profile[default], worker_count[2], port[9300-9400], bind_host[null], publish_host[null], compress[false], connect_timeout[30s], connections_per_node[2/3/6/1/1], receive_predictor[64kb->64kb] [2019-06-12T10:36:39,139][DEBUG][c.f.s.s.t.SearchGuardSSLNettyTransport] [InterStat1] binding server bootstrap to: [::1, 127.0.0.1] [2019-06-12T10:36:39,426][DEBUG][c.f.s.s.t.SearchGuardSSLNettyTransport] [InterStat1] Bound profile [default] to address {[::1]:9300} [2019-06-12T10:36:39,442][DEBUG][c.f.s.s.t.SearchGuardSSLNettyTransport] [InterStat1] Bound profile [default] to address {127.0.0.1:9300} [2019-06-12T10:36:39,445][INFO ][o.e.t.TransportService ] [InterStat1] publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, {127.0.0.1:9300} [2019-06-12T10:36:39,484][INFO ][c.f.s.c.IndexBaseConfigurationRepository] Check if searchguard index exists ... [2019-06-12T10:36:39,504][DEBUG][o.e.a.a.i.e.i.TransportIndicesExistsAction] [InterStat1] no known master node, scheduling a retry [2019-06-12T10:36:42,680][INFO ][o.e.c.s.ClusterService ] [InterStat1] new_master {InterStat1}{3wsxg1t6QMWywYB1eHcT3Q}{wig9f0tiSSCqKuuOksolKw}{127.0.0.1}{127.0.0.1:9300}{rack=ILS1}, reason: zen-disco-elected-as-master ([0] nodes joined)[, ] [2019-06-12T10:36:42,770][DEBUG][c.f.s.h.SearchGuardNonSslHttpServerTransport] [InterStat1] Bound http to address {[::1]:9200} [2019-06-12T10:36:42,920][DEBUG][c.f.s.h.SearchGuardNonSslHttpServerTransport] [InterStat1] Bound http to address {127.0.0.1:9200} [2019-06-12T10:36:42,982][INFO ][c.f.s.h.SearchGuardNonSslHttpServerTransport] [InterStat1] publish_address {127.0.0.1:9200}, bound_addresses {[::1]:9200}, {127.0.0.1:9200} [2019-06-12T10:36:42,982][INFO ][o.e.n.Node ] [InterStat1] started [2019-06-12T10:36:44,294][INFO ][o.e.g.GatewayService ] [InterStat1] recovered [6] indices into cluster_state [2019-06-12T10:36:44,322][DEBUG][c.f.s.c.IndexBaseConfigurationRepository] Node started, try to initialize it. Wait for at least yellow cluster state.... [2019-06-12T10:36:46,090][INFO ][o.e.c.r.a.AllocationService] [InterStat1] Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[searchguard][0]] ...]). [2019-06-12T10:36:46,138][DEBUG][c.f.s.c.IndexBaseConfigurationRepository] Try to load config ... [2019-06-12T10:36:46,281][DEBUG][c.f.s.c.ConfigurationLoader] Received config for config (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=4 [2019-06-12T10:36:46,310][DEBUG][c.f.s.c.ConfigurationLoader] Received config for roles (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=3 [2019-06-12T10:36:46,311][DEBUG][c.f.s.c.ConfigurationLoader] Received config for rolesmapping (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=2 [2019-06-12T10:36:46,312][DEBUG][c.f.s.c.ConfigurationLoader] Received config for internalusers (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=1 [2019-06-12T10:36:46,314][DEBUG][c.f.s.c.ConfigurationLoader] Received config for actiongroups (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=0 [2019-06-12T10:36:46,319][DEBUG][c.f.s.c.IndexBaseConfigurationRepository] Retrieved [rolesmapping, config, internalusers, actiongroups, roles] configs [2019-06-12T10:36:46,355][DEBUG][c.f.s.c.ConfigurationLoader] Received config for config (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=4 [2019-06-12T10:36:46,358][DEBUG][c.f.s.c.ConfigurationLoader] Received config for roles (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=3 [2019-06-12T10:36:46,358][DEBUG][c.f.s.c.ConfigurationLoader] Received config for rolesmapping (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=2 [2019-06-12T10:36:46,359][DEBUG][c.f.s.c.ConfigurationLoader] Received config for internalusers (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=1 [2019-06-12T10:36:46,361][DEBUG][c.f.s.c.ConfigurationLoader] Received config for actiongroups (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=0 [2019-06-12T10:36:46,388][DEBUG][c.f.s.c.IndexBaseConfigurationRepository] Notify com.floragunn.searchguard.http.XFFResolver@29f38091 listener about change configuration with type config [2019-06-12T10:36:46,388][DEBUG][c.f.s.c.IndexBaseConfigurationRepository] Notify com.floragunn.searchguard.auth.BackendRegistry@61874b9d listener about change configuration with type config [2019-06-12T10:36:46,392][INFO ][c.f.s.c.IndexBaseConfigurationRepository] Node 'InterStat1' initialized [2019-06-12T10:37:15,020][DEBUG][c.f.s.a.BackendRegistry ] Try to extract auth creds from http basic [2019-06-12T10:37:27,703][DEBUG][c.f.s.c.ConfigurationLoader] Received config for config (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=4 [2019-06-12T10:37:27,705][DEBUG][c.f.s.c.ConfigurationLoader] Received config for roles (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=3 [2019-06-12T10:37:27,706][DEBUG][c.f.s.c.ConfigurationLoader] Received config for rolesmapping (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=2 [2019-06-12T10:37:27,707][DEBUG][c.f.s.c.ConfigurationLoader] Received config for internalusers (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=1 [2019-06-12T10:37:27,708][DEBUG][c.f.s.c.ConfigurationLoader] Received config for actiongroups (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=0 [2019-06-12T10:37:27,709][DEBUG][c.f.s.c.IndexBaseConfigurationRepository] Notify com.floragunn.searchguard.http.XFFResolver@29f38091 listener about change configuration with type config [2019-06-12T10:37:27,710][DEBUG][c.f.s.c.IndexBaseConfigurationRepository] Notify com.floragunn.searchguard.auth.BackendRegistry@61874b9d listener about change configuration with type config [2019-06-12T10:37:47,425][DEBUG][c.f.s.c.ConfigurationLoader] Received config for internalusers (of [internalusers]) with current latch value=0 [2019-06-12T10:37:57,661][DEBUG][c.f.s.c.ConfigurationLoader] Received config for roles (of [roles]) with current latch value=0 [2019-06-12T10:38:08,413][DEBUG][c.f.s.c.ConfigurationLoader] Received config for rolesmapping (of [rolesmapping]) with current latch value=0 [2019-06-12T10:38:08,880][DEBUG][c.f.s.a.BackendRegistry ] Try to extract auth creds from http basic [2019-06-12T10:38:08,885][DEBUG][c.f.s.a.BackendRegistry ] User 'admin' is in cache? false (cache size: 0) [2019-06-12T10:38:08,911][DEBUG][c.f.s.a.BackendRegistry ] admin not cached, return from internal backend directly [2019-06-12T10:38:08,913][DEBUG][c.f.s.c.ConfigurationLoader] Received config for internalusers (of [internalusers]) with current latch value=0 [2019-06-12T10:38:09,338][DEBUG][c.f.s.a.BackendRegistry ] User 'User [name=admin, roles=[*]]' is authenticated [2019-06-12T10:38:09,338][DEBUG][c.f.s.a.BackendRegistry ] sg_tenant 'null' [2019-06-12T10:38:09,348][DEBUG][c.f.s.c.ConfigurationLoader] Received config for roles (of [roles]) with current latch value=0 [2019-06-12T10:38:09,359][DEBUG][c.f.s.c.ConfigurationLoader] Received config for config (of [config]) with current latch value=0 [2019-06-12T10:38:09,362][DEBUG][c.f.s.c.PrivilegesEvaluator] ### evaluate permissions for User [name=admin, roles=[*]] on InterStat1 [2019-06-12T10:38:09,362][DEBUG][c.f.s.c.PrivilegesEvaluator] requested indices:admin/template/put from [::1]:59010 [2019-06-12T10:38:09,363][DEBUG][c.f.s.c.PrivilegesEvaluator] Resolve [*] from class org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateRequest [2019-06-12T10:38:09,364][DEBUG][c.f.s.c.PrivilegesEvaluator] indicesOptions IndicesOptions[id=14, ignore_unavailable=false, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=true, allow_alisases_to_multiple_indices=true, forbid_closed_indices=false] [2019-06-12T10:38:09,364][DEBUG][c.f.s.c.PrivilegesEvaluator] 1 raw indices [*] [2019-06-12T10:38:09,365][DEBUG][c.f.s.c.PrivilegesEvaluator] No date math indices found [2019-06-12T10:38:09,365][DEBUG][c.f.s.c.PrivilegesEvaluator] Resolved [*] to [filebeat-2019.06.12, watcher_alarms-2019.06.12, searchguard, watcher_alarms-2019.06.11, .kibana, filebeat-2019.06.11] [2019-06-12T10:38:09,365][DEBUG][c.f.s.c.PrivilegesEvaluator] pre final indices: [filebeat-2019.06.12, watcher_alarms-2019.06.12, searchguard, watcher_alarms-2019.06.11, .kibana, filebeat-2019.06.11] [2019-06-12T10:38:09,365][DEBUG][c.f.s.c.PrivilegesEvaluator] pre final types: [] [2019-06-12T10:38:09,366][DEBUG][c.f.s.c.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=watcher_alarms-2019.06.12, type=*], IndexType [index=filebeat-2019.06.11, type=*], IndexType [index=watcher_alarms-2019.06.11, type=*], IndexType [index=filebeat-2019.06.12, type=*], IndexType [index=searchguard, type=*], IndexType [index=.kibana, type=*]] [2019-06-12T10:38:09,367][DEBUG][c.f.s.c.PrivilegesEvaluator] mapped roles for admin: [sg_all_access, sg_own_index, sg_public, sg_sentinl] [2019-06-12T10:38:09,367][DEBUG][c.f.s.c.PrivilegesEvaluator] ---------- evaluate sg_role: sg_all_access [2019-06-12T10:38:09,372][DEBUG][c.f.s.c.ConfigurationLoader] Received config for actiongroups (of [actiongroups]) with current latch value=0 [2019-06-12T10:38:09,373][DEBUG][c.f.s.c.PrivilegesEvaluator] resolved cluster actions:[*] [2019-06-12T10:38:09,373][DEBUG][c.f.s.c.PrivilegesEvaluator] found a match for 'sg_all_access' and indices:admin/template/put, skip other roles [2019-06-12T10:38:33,023][DEBUG][c.f.s.a.BackendRegistry ] Try to extract auth creds from http basic [2019-06-12T10:38:33,024][DEBUG][c.f.s.a.BackendRegistry ] User 'admin' is in cache? true (cache size: 1) [2019-06-12T10:38:33,024][DEBUG][c.f.s.a.BackendRegistry ] User 'User [name=admin, roles=[*]]' is authenticated [2019-06-12T10:38:33,024][DEBUG][c.f.s.a.BackendRegistry ] sg_tenant 'null' [2019-06-12T10:38:33,025][DEBUG][c.f.s.c.PrivilegesEvaluator] ### evaluate permissions for User [name=admin, roles=[*]] on InterStat1 [2019-06-12T10:38:33,025][DEBUG][c.f.s.c.PrivilegesEvaluator] requested cluster:monitor/main from 127.0.0.1:37284 [2019-06-12T10:38:33,025][DEBUG][c.f.s.c.PrivilegesEvaluator] class org.elasticsearch.action.main.MainRequest is not an IndicesRequest [2019-06-12T10:38:33,026][DEBUG][c.f.s.c.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2019-06-12T10:38:33,040][DEBUG][c.f.s.c.PrivilegesEvaluator] mapped roles for admin: [sg_all_access, sg_own_index, sg_public, sg_sentinl] [2019-06-12T10:38:33,040][DEBUG][c.f.s.c.PrivilegesEvaluator] ---------- evaluate sg_role: sg_all_access [2019-06-12T10:38:33,040][DEBUG][c.f.s.c.PrivilegesEvaluator] resolved cluster actions:[*] [2019-06-12T10:38:33,040][DEBUG][c.f.s.c.PrivilegesEvaluator] found a match for 'sg_all_access' and cluster:monitor/main, skip other roles [2019-06-12T10:38:33,073][DEBUG][c.f.s.a.BackendRegistry ] Try to extract auth creds from http basic [2019-06-12T10:38:33,073][DEBUG][c.f.s.a.BackendRegistry ] User 'admin' is in cache? true (cache size: 1) [2019-06-12T10:38:33,073][DEBUG][c.f.s.a.BackendRegistry ] User 'User [name=admin, roles=[*]]' is authenticated [2019-06-12T10:38:33,073][DEBUG][c.f.s.a.BackendRegistry ] sg_tenant 'null' [2019-06-12T10:38:33,075][DEBUG][c.f.s.c.PrivilegesEvaluator] ### evaluate permissions for User [name=admin, roles=[*]] on InterStat1 [2019-06-12T10:38:33,076][DEBUG][c.f.s.c.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 127.0.0.1:37284 [2019-06-12T10:38:33,076][DEBUG][c.f.s.c.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2019-06-12T10:38:33,076][DEBUG][c.f.s.c.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2019-06-12T10:38:33,077][DEBUG][c.f.s.c.PrivilegesEvaluator] mapped roles for admin: [sg_all_access, sg_own_index, sg_public, sg_sentinl] [2019-06-12T10:38:33,077][DEBUG][c.f.s.c.PrivilegesEvaluator] ---------- evaluate sg_role: sg_all_access [2019-06-12T10:38:33,077][DEBUG][c.f.s.c.PrivilegesEvaluator] resolved cluster actions:[*] [2019-06-12T10:38:33,077][DEBUG][c.f.s.c.PrivilegesEvaluator] found a match for 'sg_all_access' and cluster:monitor/nodes/info, skip other roles [2019-06-12T10:38:33,116][DEBUG][c.f.s.a.BackendRegistry ] Try to extract auth creds from http basic [2019-06-12T10:38:33,116][DEBUG][c.f.s.a.BackendRegistry ] User 'admin' is in cache? true (cache size: 1) [2019-06-12T10:38:33,116][DEBUG][c.f.s.a.BackendRegistry ] User 'User [name=admin, roles=[*]]' is authenticated [2019-06-12T10:38:33,116][DEBUG][c.f.s.a.BackendRegistry ] sg_tenant 'null' [2019-06-12T10:38:33,117][DEBUG][c.f.s.c.PrivilegesEvaluator] ### evaluate permissions for User [name=admin, roles=[*]] on InterStat1 [2019-06-12T10:38:33,117][DEBUG][c.f.s.c.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 127.0.0.1:37284 [2019-06-12T10:38:33,117][DEBUG][c.f.s.c.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2019-06-12T10:38:33,117][DEBUG][c.f.s.c.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2019-06-12T10:38:33,118][DEBUG][c.f.s.c.PrivilegesEvaluator] mapped roles for admin: [sg_all_access, sg_own_index, sg_public, sg_sentinl] [2019-06-12T10:38:33,118][DEBUG][c.f.s.c.PrivilegesEvaluator] ---------- evaluate sg_role: sg_all_access [2019-06-12T10:38:33,118][DEBUG][c.f.s.c.PrivilegesEvaluator] resolved cluster actions:[*] [2019-06-12T10:38:33,118][DEBUG][c.f.s.c.PrivilegesEvaluator] found a match for 'sg_all_access' and cluster:monitor/nodes/info, skip other roles [2019-06-12T10:38:33,138][DEBUG][c.f.s.a.BackendRegistry ] Try to extract auth creds from http basic [2019-06-12T10:38:33,139][DEBUG][c.f.s.a.BackendRegistry ] User 'admin' is in cache? true (cache size: 1) [2019-06-12T10:38:33,139][DEBUG][c.f.s.a.BackendRegistry ] User 'User [name=admin, roles=[*]]' is authenticated [2019-06-12T10:38:33,139][DEBUG][c.f.s.a.BackendRegistry ] sg_tenant 'null' [2019-06-12T10:38:33,141][DEBUG][c.f.s.c.PrivilegesEvaluator] ### evaluate permissions for User [name=admin, roles=[*]] on InterStat1 [2019-06-12T10:38:33,141][DEBUG][c.f.s.c.PrivilegesEvaluator] requested indices:data/read/mget from 127.0.0.1:37284 [2019-06-12T10:38:33,141][DEBUG][c.f.s.c.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.get.MultiGetRequest$Item [2019-06-12T10:38:33,146][DEBUG][c.f.s.c.PrivilegesEvaluator] indicesOptions IndicesOptions[id=48, ignore_unavailable=false, allow_no_indices=false, expand_wildcards_open=false, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=false, forbid_closed_indices=true] [2019-06-12T10:38:33,146][DEBUG][c.f.s.c.PrivilegesEvaluator] 1 raw indices [.kibana] [2019-06-12T10:38:33,146][DEBUG][c.f.s.c.PrivilegesEvaluator] No date math indices found [2019-06-12T10:38:33,146][DEBUG][c.f.s.c.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2019-06-12T10:38:33,146][DEBUG][c.f.s.c.PrivilegesEvaluator] pre final indices: [.kibana] [2019-06-12T10:38:33,147][DEBUG][c.f.s.c.PrivilegesEvaluator] pre final types: [config] [2019-06-12T10:38:33,147][DEBUG][c.f.s.c.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=config]] [2019-06-12T10:38:33,147][DEBUG][c.f.s.c.PrivilegesEvaluator] mapped roles for admin: [sg_all_access, sg_own_index, sg_public, sg_sentinl] [2019-06-12T10:38:33,147][DEBUG][c.f.s.c.PrivilegesEvaluator] ---------- evaluate sg_role: sg_all_access [2019-06-12T10:38:33,148][DEBUG][c.f.s.c.PrivilegesEvaluator] resolved cluster actions:[*] [2019-06-12T10:38:33,148][DEBUG][c.f.s.c.PrivilegesEvaluator] found a match for 'sg_all_access' and indices:data/read/mget, skip other roles [2019-06-12T10:38:33,148][DEBUG][c.f.s.c.PrivilegesEvaluator] requested indices:data/read/mget[shard] from 127.0.0.1:37284 [2019-06-12T10:38:33,148][DEBUG][c.f.s.c.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.get.MultiGetShardRequest [2019-06-12T10:38:33,148][DEBUG][c.f.s.c.PrivilegesEvaluator] indicesOptions IndicesOptions[id=48, ignore_unavailable=false, allow_no_indices=false, expand_wildcards_open=false, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=false, forbid_closed_indices=true] [2019-06-12T10:38:33,148][DEBUG][c.f.s.c.PrivilegesEvaluator] 1 raw indices [.kibana] [2019-06-12T10:38:33,149][DEBUG][c.f.s.c.PrivilegesEvaluator] No date math indices found [2019-06-12T10:38:33,149][DEBUG][c.f.s.c.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2019-06-12T10:38:33,149][DEBUG][c.f.s.c.PrivilegesEvaluator] pre final indices: [.kibana] [2019-06-12T10:38:33,149][DEBUG][c.f.s.c.PrivilegesEvaluator] pre final types: [] [2019-06-12T10:38:33,149][DEBUG][c.f.s.c.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,149][DEBUG][c.f.s.c.PrivilegesEvaluator] mapped roles for admin: [sg_all_access, sg_own_index, sg_public, sg_sentinl] [2019-06-12T10:38:33,150][DEBUG][c.f.s.c.PrivilegesEvaluator] ---------- evaluate sg_role: sg_all_access [2019-06-12T10:38:33,150][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for * [2019-06-12T10:38:33,150][DEBUG][c.f.s.c.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2019-06-12T10:38:33,150][DEBUG][c.f.s.c.PrivilegesEvaluator] matches for *, will check now types [*] [2019-06-12T10:38:33,150][DEBUG][c.f.s.c.PrivilegesEvaluator] match requested action [indices:data/read/mget[shard]] against */*: [*] [2019-06-12T10:38:33,150][DEBUG][c.f.s.c.PrivilegesEvaluator] removed .kibana* [2019-06-12T10:38:33,150][DEBUG][c.f.s.c.PrivilegesEvaluator] For index * remaining requested local indextype: [] [2019-06-12T10:38:33,150][DEBUG][c.f.s.c.PrivilegesEvaluator] For index * remaining requested global indextype: [] [2019-06-12T10:38:33,151][DEBUG][c.f.s.c.PrivilegesEvaluator] found a match for 'sg_all_access.*', evaluate other roles [2019-06-12T10:38:33,151][DEBUG][c.f.s.c.PrivilegesEvaluator] Added to leftovers sg_all_access=>[] [2019-06-12T10:38:33,151][DEBUG][c.f.s.c.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2019-06-12T10:38:33,151][DEBUG][c.f.s.c.PrivilegesEvaluator] Resolve and match admin [2019-06-12T10:38:33,151][DEBUG][c.f.s.c.PrivilegesEvaluator] no permittedAliasesIndex 'admin' found for '[indices:data/read/mget[shard]]' [2019-06-12T10:38:33,152][DEBUG][c.f.s.c.PrivilegesEvaluator] permittedAliasesIndices '{admin=org.elasticsearch.common.settings.Settings@5eed, watch*=org.elasticsearch.common.settings.Settings@f77300e0, ?kibana*=org.elasticsearch.common.settings.Settings@58627e45}' -> '{*.0=ALL}' [2019-06-12T10:38:33,152][DEBUG][c.f.s.c.PrivilegesEvaluator] permittedAliasesIndices '{admin=org.elasticsearch.common.settings.Settings@5eed, watch*=org.elasticsearch.common.settings.Settings@f77300e0, ?kibana*=org.elasticsearch.common.settings.Settings@58627e45}' -> '{*.0=READ, *.1=WRITE, *.2=MANAGE, *.3=CREATE_INDEX, *.4=INDEX, *.5=DELETE, *.6=indices:data/read/search, *.7=indices:admin/get}' [2019-06-12T10:38:33,152][DEBUG][c.f.s.c.PrivilegesEvaluator] permittedAliasesIndices '{admin=org.elasticsearch.common.settings.Settings@5eed, watch*=org.elasticsearch.common.settings.Settings@f77300e0, ?kibana*=org.elasticsearch.common.settings.Settings@58627e45}' -> '{*.0=indices:data/read/search*, *.1=indices:admin/get}' [2019-06-12T10:38:33,152][DEBUG][c.f.s.c.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.kibana, type=*]]' [2019-06-12T10:38:33,152][DEBUG][c.f.s.c.PrivilegesEvaluator] resolved permitted aliases indices for admin: [admin] [2019-06-12T10:38:33,152][DEBUG][c.f.s.c.PrivilegesEvaluator] matches for admin, will check now types [*] [2019-06-12T10:38:33,153][DEBUG][c.f.s.c.PrivilegesEvaluator] match requested action [indices:data/read/mget[shard]] against admin/*: [indices:*] [2019-06-12T10:38:33,153][DEBUG][c.f.s.c.PrivilegesEvaluator] no match admin* in [IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,153][DEBUG][c.f.s.c.PrivilegesEvaluator] For index admin remaining requested local indextype: [IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,153][DEBUG][c.f.s.c.PrivilegesEvaluator] For index admin remaining requested global indextype: [] [2019-06-12T10:38:33,153][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for watch* [2019-06-12T10:38:33,153][DEBUG][c.f.s.c.PrivilegesEvaluator] No wildcard match found for watch* [2019-06-12T10:38:33,153][DEBUG][c.f.s.c.PrivilegesEvaluator] For index watch* remaining requested local indextype: [IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,153][DEBUG][c.f.s.c.PrivilegesEvaluator] For index watch* remaining requested global indextype: [] [2019-06-12T10:38:33,153][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for ?kibana* [2019-06-12T10:38:33,153][DEBUG][c.f.s.c.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2019-06-12T10:38:33,153][DEBUG][c.f.s.c.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2019-06-12T10:38:33,154][DEBUG][c.f.s.c.PrivilegesEvaluator] For index ?kibana* remaining requested local indextype: [IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,154][DEBUG][c.f.s.c.PrivilegesEvaluator] For index ?kibana* remaining requested global indextype: [] [2019-06-12T10:38:33,154][DEBUG][c.f.s.c.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,154][DEBUG][c.f.s.c.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2019-06-12T10:38:33,154][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for watch* [2019-06-12T10:38:33,154][DEBUG][c.f.s.c.PrivilegesEvaluator] No wildcard match found for watch* [2019-06-12T10:38:33,154][DEBUG][c.f.s.c.PrivilegesEvaluator] For index watch* remaining requested local indextype: [IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,154][DEBUG][c.f.s.c.PrivilegesEvaluator] For index watch* remaining requested global indextype: [] [2019-06-12T10:38:33,154][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for ?kibana* [2019-06-12T10:38:33,154][DEBUG][c.f.s.c.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2019-06-12T10:38:33,154][DEBUG][c.f.s.c.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2019-06-12T10:38:33,155][DEBUG][c.f.s.c.PrivilegesEvaluator] For index ?kibana* remaining requested local indextype: [IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,155][DEBUG][c.f.s.c.PrivilegesEvaluator] For index ?kibana* remaining requested global indextype: [] [2019-06-12T10:38:33,155][DEBUG][c.f.s.c.PrivilegesEvaluator] Added to leftovers sg_public=>[IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,155][DEBUG][c.f.s.c.PrivilegesEvaluator] ---------- evaluate sg_role: sg_sentinl [2019-06-12T10:38:33,155][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for watch* [2019-06-12T10:38:33,155][DEBUG][c.f.s.c.PrivilegesEvaluator] No wildcard match found for watch* [2019-06-12T10:38:33,155][DEBUG][c.f.s.c.PrivilegesEvaluator] For index watch* remaining requested local indextype: [IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,155][DEBUG][c.f.s.c.PrivilegesEvaluator] For index watch* remaining requested global indextype: [] [2019-06-12T10:38:33,156][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for * [2019-06-12T10:38:33,156][DEBUG][c.f.s.c.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2019-06-12T10:38:33,156][DEBUG][c.f.s.c.PrivilegesEvaluator] matches for *, will check now types [*] [2019-06-12T10:38:33,156][DEBUG][c.f.s.c.PrivilegesEvaluator] match requested action [indices:data/read/mget[shard]] against */*: [indices:data/read/msearch*, indices:monitor/stats, indices:data/read/search*, indices:data/read/suggest*, indices:admin/get, indices:admin/mappings/fields/get*, indices:admin/mappings/get, indices:data/read*] [2019-06-12T10:38:33,156][DEBUG][c.f.s.c.PrivilegesEvaluator] removed .kibana* [2019-06-12T10:38:33,156][DEBUG][c.f.s.c.PrivilegesEvaluator] For index * remaining requested local indextype: [] [2019-06-12T10:38:33,156][DEBUG][c.f.s.c.PrivilegesEvaluator] For index * remaining requested global indextype: [] [2019-06-12T10:38:33,156][DEBUG][c.f.s.c.PrivilegesEvaluator] found a match for 'sg_sentinl.*', evaluate other roles [2019-06-12T10:38:33,156][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for ?kibana* [2019-06-12T10:38:33,156][DEBUG][c.f.s.c.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2019-06-12T10:38:33,157][DEBUG][c.f.s.c.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2019-06-12T10:38:33,157][DEBUG][c.f.s.c.PrivilegesEvaluator] match requested action [indices:data/read/mget[shard]] against ?kibana*/*: [indices:data/write/delete*, indices:admin/*, indices:admin/mapping/put, indices:data/read/search*, indices:data/*, indices:data/write/update*, indices:admin/get, indices:admin/mappings/fields/get*, indices:data/read*, indices:data/read/msearch*, indices:data/write/bulk*, indices:data/read/suggest*, indices:data/write/index*, indices:data/read/search, indices:data/write*, indices:monitor/*] [2019-06-12T10:38:33,157][DEBUG][c.f.s.c.PrivilegesEvaluator] no match .kibana* in [] [2019-06-12T10:38:33,157][DEBUG][c.f.s.c.PrivilegesEvaluator] For index ?kibana* remaining requested local indextype: [] [2019-06-12T10:38:33,157][DEBUG][c.f.s.c.PrivilegesEvaluator] For index ?kibana* remaining requested global indextype: [] [2019-06-12T10:38:33,157][DEBUG][c.f.s.c.PrivilegesEvaluator] found a match for 'sg_sentinl.?kibana*', evaluate other roles [2019-06-12T10:38:33,157][DEBUG][c.f.s.c.PrivilegesEvaluator] Added to leftovers sg_sentinl=>[] [2019-06-12T10:38:33,176][DEBUG][c.f.s.a.BackendRegistry ] Try to extract auth creds from http basic [2019-06-12T10:38:33,176][DEBUG][c.f.s.a.BackendRegistry ] User 'admin' is in cache? true (cache size: 1) [2019-06-12T10:38:33,176][DEBUG][c.f.s.a.BackendRegistry ] User 'User [name=admin, roles=[*]]' is authenticated [2019-06-12T10:38:33,176][DEBUG][c.f.s.a.BackendRegistry ] sg_tenant 'null' [2019-06-12T10:38:33,178][DEBUG][c.f.s.c.PrivilegesEvaluator] ### evaluate permissions for User [name=admin, roles=[*]] on InterStat1 [2019-06-12T10:38:33,178][DEBUG][c.f.s.c.PrivilegesEvaluator] requested cluster:monitor/health from 127.0.0.1:37284 [2019-06-12T10:38:33,178][DEBUG][c.f.s.c.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.admin.cluster.health.ClusterHealthRequest [2019-06-12T10:38:33,179][DEBUG][c.f.s.c.PrivilegesEvaluator] indicesOptions IndicesOptions[id=7, ignore_unavailable=true, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=false] [2019-06-12T10:38:33,179][DEBUG][c.f.s.c.PrivilegesEvaluator] 1 raw indices [.kibana] [2019-06-12T10:38:33,179][DEBUG][c.f.s.c.PrivilegesEvaluator] No date math indices found [2019-06-12T10:38:33,179][DEBUG][c.f.s.c.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2019-06-12T10:38:33,179][DEBUG][c.f.s.c.PrivilegesEvaluator] pre final indices: [.kibana] [2019-06-12T10:38:33,179][DEBUG][c.f.s.c.PrivilegesEvaluator] pre final types: [] [2019-06-12T10:38:33,179][DEBUG][c.f.s.c.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,180][DEBUG][c.f.s.c.PrivilegesEvaluator] mapped roles for admin: [sg_all_access, sg_own_index, sg_public, sg_sentinl] [2019-06-12T10:38:33,180][DEBUG][c.f.s.c.PrivilegesEvaluator] ---------- evaluate sg_role: sg_all_access [2019-06-12T10:38:33,180][DEBUG][c.f.s.c.PrivilegesEvaluator] resolved cluster actions:[*] [2019-06-12T10:38:33,180][DEBUG][c.f.s.c.PrivilegesEvaluator] found a match for 'sg_all_access' and cluster:monitor/health, skip other roles [2019-06-12T10:38:33,203][DEBUG][c.f.s.a.BackendRegistry ] Try to extract auth creds from http basic [2019-06-12T10:38:33,204][DEBUG][c.f.s.a.BackendRegistry ] User 'admin' is in cache? true (cache size: 1) [2019-06-12T10:38:33,204][DEBUG][c.f.s.a.BackendRegistry ] User 'User [name=admin, roles=[*]]' is authenticated [2019-06-12T10:38:33,204][DEBUG][c.f.s.a.BackendRegistry ] sg_tenant 'null' [2019-06-12T10:38:33,213][DEBUG][c.f.s.c.PrivilegesEvaluator] ### evaluate permissions for User [name=admin, roles=[*]] on InterStat1 [2019-06-12T10:38:33,213][DEBUG][c.f.s.c.PrivilegesEvaluator] requested indices:admin/get from 127.0.0.1:37284 [2019-06-12T10:38:33,213][DEBUG][c.f.s.c.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.admin.indices.get.GetIndexRequest [2019-06-12T10:38:33,213][DEBUG][c.f.s.c.PrivilegesEvaluator] indicesOptions IndicesOptions[id=6, ignore_unavailable=false, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=false] [2019-06-12T10:38:33,213][DEBUG][c.f.s.c.PrivilegesEvaluator] 1 raw indices [.kibana] [2019-06-12T10:38:33,214][DEBUG][c.f.s.c.PrivilegesEvaluator] No date math indices found [2019-06-12T10:38:33,214][DEBUG][c.f.s.c.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2019-06-12T10:38:33,214][DEBUG][c.f.s.c.PrivilegesEvaluator] pre final indices: [.kibana] [2019-06-12T10:38:33,214][DEBUG][c.f.s.c.PrivilegesEvaluator] pre final types: [] [2019-06-12T10:38:33,214][DEBUG][c.f.s.c.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,214][DEBUG][c.f.s.c.PrivilegesEvaluator] mapped roles for admin: [sg_all_access, sg_own_index, sg_public, sg_sentinl] [2019-06-12T10:38:33,214][DEBUG][c.f.s.c.PrivilegesEvaluator] ---------- evaluate sg_role: sg_all_access [2019-06-12T10:38:33,215][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for * [2019-06-12T10:38:33,215][DEBUG][c.f.s.c.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2019-06-12T10:38:33,215][DEBUG][c.f.s.c.PrivilegesEvaluator] matches for *, will check now types [*] [2019-06-12T10:38:33,215][DEBUG][c.f.s.c.PrivilegesEvaluator] match requested action [indices:admin/get] against */*: [*] [2019-06-12T10:38:33,215][DEBUG][c.f.s.c.PrivilegesEvaluator] removed .kibana* [2019-06-12T10:38:33,215][DEBUG][c.f.s.c.PrivilegesEvaluator] For index * remaining requested local indextype: [] [2019-06-12T10:38:33,215][DEBUG][c.f.s.c.PrivilegesEvaluator] For index * remaining requested global indextype: [] [2019-06-12T10:38:33,215][DEBUG][c.f.s.c.PrivilegesEvaluator] found a match for 'sg_all_access.*', evaluate other roles [2019-06-12T10:38:33,215][DEBUG][c.f.s.c.PrivilegesEvaluator] Added to leftovers sg_all_access=>[] [2019-06-12T10:38:33,215][DEBUG][c.f.s.c.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2019-06-12T10:38:33,216][DEBUG][c.f.s.c.PrivilegesEvaluator] Resolve and match admin [2019-06-12T10:38:33,216][DEBUG][c.f.s.c.PrivilegesEvaluator] no permittedAliasesIndex 'admin' found for '[indices:admin/get]' [2019-06-12T10:38:33,216][DEBUG][c.f.s.c.PrivilegesEvaluator] permittedAliasesIndices '{admin=org.elasticsearch.common.settings.Settings@5eed, watch*=org.elasticsearch.common.settings.Settings@f77300e0, ?kibana*=org.elasticsearch.common.settings.Settings@58627e45}' -> '{*.0=ALL}' [2019-06-12T10:38:33,216][DEBUG][c.f.s.c.PrivilegesEvaluator] permittedAliasesIndices '{admin=org.elasticsearch.common.settings.Settings@5eed, watch*=org.elasticsearch.common.settings.Settings@f77300e0, ?kibana*=org.elasticsearch.common.settings.Settings@58627e45}' -> '{*.0=ALL}' [2019-06-12T10:38:33,216][DEBUG][c.f.s.c.PrivilegesEvaluator] permittedAliasesIndices '{admin=org.elasticsearch.common.settings.Settings@5eed, watch*=org.elasticsearch.common.settings.Settings@f77300e0, ?kibana*=org.elasticsearch.common.settings.Settings@58627e45}' -> '{*.0=READ, *.1=WRITE, *.2=MANAGE, *.3=CREATE_INDEX, *.4=INDEX, *.5=DELETE, *.6=indices:data/read/search, *.7=indices:admin/get}' [2019-06-12T10:38:33,216][DEBUG][c.f.s.c.PrivilegesEvaluator] permittedAliasesIndices '{admin=org.elasticsearch.common.settings.Settings@5eed, watch*=org.elasticsearch.common.settings.Settings@f77300e0, ?kibana*=org.elasticsearch.common.settings.Settings@58627e45}' -> '{*.0=indices:data/read/search*, *.1=indices:admin/get}' [2019-06-12T10:38:33,216][DEBUG][c.f.s.c.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.kibana, type=*]]' [2019-06-12T10:38:33,216][DEBUG][c.f.s.c.PrivilegesEvaluator] resolved permitted aliases indices for admin: [admin] [2019-06-12T10:38:33,216][DEBUG][c.f.s.c.PrivilegesEvaluator] matches for admin, will check now types [*] [2019-06-12T10:38:33,217][DEBUG][c.f.s.c.PrivilegesEvaluator] match requested action [indices:admin/get] against admin/*: [indices:*] [2019-06-12T10:38:33,217][DEBUG][c.f.s.c.PrivilegesEvaluator] no match admin* in [IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,217][DEBUG][c.f.s.c.PrivilegesEvaluator] For index admin remaining requested local indextype: [IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,217][DEBUG][c.f.s.c.PrivilegesEvaluator] For index admin remaining requested global indextype: [] [2019-06-12T10:38:33,217][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for watch* [2019-06-12T10:38:33,217][DEBUG][c.f.s.c.PrivilegesEvaluator] No wildcard match found for watch* [2019-06-12T10:38:33,217][DEBUG][c.f.s.c.PrivilegesEvaluator] For index watch* remaining requested local indextype: [IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,217][DEBUG][c.f.s.c.PrivilegesEvaluator] For index watch* remaining requested global indextype: [] [2019-06-12T10:38:33,217][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for ?kibana* [2019-06-12T10:38:33,217][DEBUG][c.f.s.c.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2019-06-12T10:38:33,217][DEBUG][c.f.s.c.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2019-06-12T10:38:33,217][DEBUG][c.f.s.c.PrivilegesEvaluator] match requested action [indices:admin/get] against ?kibana*/*: [indices:data/read/search*, indices:admin/get] [2019-06-12T10:38:33,218][DEBUG][c.f.s.c.PrivilegesEvaluator] removed .kibana* [2019-06-12T10:38:33,218][DEBUG][c.f.s.c.PrivilegesEvaluator] For index ?kibana* remaining requested local indextype: [] [2019-06-12T10:38:33,218][DEBUG][c.f.s.c.PrivilegesEvaluator] For index ?kibana* remaining requested global indextype: [] [2019-06-12T10:38:33,218][DEBUG][c.f.s.c.PrivilegesEvaluator] found a match for 'sg_own_index.?kibana*', evaluate other roles [2019-06-12T10:38:33,218][DEBUG][c.f.s.c.PrivilegesEvaluator] Added to leftovers sg_own_index=>[] [2019-06-12T10:38:33,218][DEBUG][c.f.s.c.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2019-06-12T10:38:33,218][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for watch* [2019-06-12T10:38:33,218][DEBUG][c.f.s.c.PrivilegesEvaluator] No wildcard match found for watch* [2019-06-12T10:38:33,218][DEBUG][c.f.s.c.PrivilegesEvaluator] For index watch* remaining requested local indextype: [IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,218][DEBUG][c.f.s.c.PrivilegesEvaluator] For index watch* remaining requested global indextype: [] [2019-06-12T10:38:33,218][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for ?kibana* [2019-06-12T10:38:33,219][DEBUG][c.f.s.c.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2019-06-12T10:38:33,219][DEBUG][c.f.s.c.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2019-06-12T10:38:33,219][DEBUG][c.f.s.c.PrivilegesEvaluator] match requested action [indices:admin/get] against ?kibana*/*: [indices:data/read/search*, indices:admin/get] [2019-06-12T10:38:33,219][DEBUG][c.f.s.c.PrivilegesEvaluator] removed .kibana* [2019-06-12T10:38:33,219][DEBUG][c.f.s.c.PrivilegesEvaluator] For index ?kibana* remaining requested local indextype: [] [2019-06-12T10:38:33,219][DEBUG][c.f.s.c.PrivilegesEvaluator] For index ?kibana* remaining requested global indextype: [] [2019-06-12T10:38:33,219][DEBUG][c.f.s.c.PrivilegesEvaluator] found a match for 'sg_public.?kibana*', evaluate other roles [2019-06-12T10:38:33,219][DEBUG][c.f.s.c.PrivilegesEvaluator] Added to leftovers sg_public=>[] [2019-06-12T10:38:33,219][DEBUG][c.f.s.c.PrivilegesEvaluator] ---------- evaluate sg_role: sg_sentinl [2019-06-12T10:38:33,219][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for watch* [2019-06-12T10:38:33,220][DEBUG][c.f.s.c.PrivilegesEvaluator] No wildcard match found for watch* [2019-06-12T10:38:33,220][DEBUG][c.f.s.c.PrivilegesEvaluator] For index watch* remaining requested local indextype: [IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,220][DEBUG][c.f.s.c.PrivilegesEvaluator] For index watch* remaining requested global indextype: [] [2019-06-12T10:38:33,220][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for * [2019-06-12T10:38:33,220][DEBUG][c.f.s.c.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2019-06-12T10:38:33,220][DEBUG][c.f.s.c.PrivilegesEvaluator] matches for *, will check now types [*] [2019-06-12T10:38:33,220][DEBUG][c.f.s.c.PrivilegesEvaluator] match requested action [indices:admin/get] against */*: [indices:data/read/msearch*, indices:monitor/stats, indices:data/read/search*, indices:data/read/suggest*, indices:admin/get, indices:admin/mappings/fields/get*, indices:admin/mappings/get, indices:data/read*] [2019-06-12T10:38:33,220][DEBUG][c.f.s.c.PrivilegesEvaluator] removed .kibana* [2019-06-12T10:38:33,220][DEBUG][c.f.s.c.PrivilegesEvaluator] For index * remaining requested local indextype: [] [2019-06-12T10:38:33,220][DEBUG][c.f.s.c.PrivilegesEvaluator] For index * remaining requested global indextype: [] [2019-06-12T10:38:33,220][DEBUG][c.f.s.c.PrivilegesEvaluator] found a match for 'sg_sentinl.*', evaluate other roles [2019-06-12T10:38:33,220][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for ?kibana* [2019-06-12T10:38:33,220][DEBUG][c.f.s.c.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2019-06-12T10:38:33,221][DEBUG][c.f.s.c.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2019-06-12T10:38:33,221][DEBUG][c.f.s.c.PrivilegesEvaluator] match requested action [indices:admin/get] against ?kibana*/*: [indices:data/write/delete*, indices:admin/*, indices:admin/mapping/put, indices:data/read/search*, indices:data/*, indices:data/write/update*, indices:admin/get, indices:admin/mappings/fields/get*, indices:data/read*, indices:data/read/msearch*, indices:data/write/bulk*, indices:data/read/suggest*, indices:data/write/index*, indices:data/read/search, indices:data/write*, indices:monitor/*] [2019-06-12T10:38:33,221][DEBUG][c.f.s.c.PrivilegesEvaluator] no match .kibana* in [] [2019-06-12T10:38:33,221][DEBUG][c.f.s.c.PrivilegesEvaluator] For index ?kibana* remaining requested local indextype: [] [2019-06-12T10:38:33,221][DEBUG][c.f.s.c.PrivilegesEvaluator] For index ?kibana* remaining requested global indextype: [] [2019-06-12T10:38:33,221][DEBUG][c.f.s.c.PrivilegesEvaluator] found a match for 'sg_sentinl.?kibana*', evaluate other roles [2019-06-12T10:38:33,221][DEBUG][c.f.s.c.PrivilegesEvaluator] Added to leftovers sg_sentinl=>[] [2019-06-12T10:38:33,279][DEBUG][c.f.s.a.BackendRegistry ] Try to extract auth creds from http basic [2019-06-12T10:38:33,279][DEBUG][c.f.s.a.BackendRegistry ] User 'admin' is in cache? true (cache size: 1) [2019-06-12T10:38:33,281][DEBUG][c.f.s.a.BackendRegistry ] User 'User [name=admin, roles=[*]]' is authenticated [2019-06-12T10:38:33,281][DEBUG][c.f.s.a.BackendRegistry ] sg_tenant 'null' [2019-06-12T10:38:33,339][DEBUG][c.f.s.c.PrivilegesEvaluator] ### evaluate permissions for User [name=admin, roles=[*]] on InterStat1 [2019-06-12T10:38:33,339][DEBUG][c.f.s.c.PrivilegesEvaluator] requested indices:data/read/search from 127.0.0.1:37284 [2019-06-12T10:38:33,339][DEBUG][c.f.s.c.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.search.SearchRequest [2019-06-12T10:38:33,340][DEBUG][c.f.s.c.PrivilegesEvaluator] indicesOptions IndicesOptions[id=38, ignore_unavailable=false, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true] [2019-06-12T10:38:33,340][DEBUG][c.f.s.c.PrivilegesEvaluator] 1 raw indices [.kibana] [2019-06-12T10:38:33,341][DEBUG][c.f.s.c.PrivilegesEvaluator] No date math indices found [2019-06-12T10:38:33,341][DEBUG][c.f.s.c.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2019-06-12T10:38:33,341][DEBUG][c.f.s.c.PrivilegesEvaluator] pre final indices: [.kibana] [2019-06-12T10:38:33,341][DEBUG][c.f.s.c.PrivilegesEvaluator] pre final types: [] [2019-06-12T10:38:33,341][DEBUG][c.f.s.c.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,342][DEBUG][c.f.s.c.PrivilegesEvaluator] mapped roles for admin: [sg_all_access, sg_own_index, sg_public, sg_sentinl] [2019-06-12T10:38:33,342][DEBUG][c.f.s.c.PrivilegesEvaluator] ---------- evaluate sg_role: sg_all_access [2019-06-12T10:38:33,342][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for * [2019-06-12T10:38:33,343][DEBUG][c.f.s.c.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2019-06-12T10:38:33,343][DEBUG][c.f.s.c.PrivilegesEvaluator] matches for *, will check now types [*] [2019-06-12T10:38:33,343][DEBUG][c.f.s.c.PrivilegesEvaluator] match requested action [indices:data/read/search] against */*: [*] [2019-06-12T10:38:33,343][DEBUG][c.f.s.c.PrivilegesEvaluator] removed .kibana* [2019-06-12T10:38:33,343][DEBUG][c.f.s.c.PrivilegesEvaluator] For index * remaining requested global indextype: [] [2019-06-12T10:38:33,343][DEBUG][c.f.s.c.PrivilegesEvaluator] found a match for 'sg_all_access.*', evaluate other roles [2019-06-12T10:38:33,344][DEBUG][c.f.s.c.PrivilegesEvaluator] Added to leftovers sg_all_access=>[] [2019-06-12T10:38:33,344][DEBUG][c.f.s.c.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2019-06-12T10:38:33,344][DEBUG][c.f.s.c.PrivilegesEvaluator] Resolve and match admin [2019-06-12T10:38:33,344][DEBUG][c.f.s.c.PrivilegesEvaluator] no permittedAliasesIndex 'admin' found for '[indices:data/read/search]' [2019-06-12T10:38:33,344][DEBUG][c.f.s.c.PrivilegesEvaluator] permittedAliasesIndices '{admin=org.elasticsearch.common.settings.Settings@5eed, watch*=org.elasticsearch.common.settings.Settings@f77300e0, ?kibana*=org.elasticsearch.common.settings.Settings@58627e45}' -> '{*.0=ALL}' [2019-06-12T10:38:33,344][DEBUG][c.f.s.c.PrivilegesEvaluator] permittedAliasesIndices '{admin=org.elasticsearch.common.settings.Settings@5eed, watch*=org.elasticsearch.common.settings.Settings@f77300e0, ?kibana*=org.elasticsearch.common.settings.Settings@58627e45}' -> '{*.0=READ, *.1=WRITE, *.2=MANAGE, *.3=CREATE_INDEX, *.4=INDEX, *.5=DELETE, *.6=indices:data/read/search, *.7=indices:admin/get}' [2019-06-12T10:38:33,344][DEBUG][c.f.s.c.PrivilegesEvaluator] permittedAliasesIndices '{admin=org.elasticsearch.common.settings.Settings@5eed, watch*=org.elasticsearch.common.settings.Settings@f77300e0, ?kibana*=org.elasticsearch.common.settings.Settings@58627e45}' -> '{*.0=indices:data/read/search*, *.1=indices:admin/get}' [2019-06-12T10:38:33,345][DEBUG][c.f.s.c.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.kibana, type=*]]' [2019-06-12T10:38:33,345][DEBUG][c.f.s.c.PrivilegesEvaluator] resolved permitted aliases indices for admin: [admin] [2019-06-12T10:38:33,345][DEBUG][c.f.s.c.PrivilegesEvaluator] matches for admin, will check now types [*] [2019-06-12T10:38:33,345][DEBUG][c.f.s.c.PrivilegesEvaluator] match requested action [indices:data/read/search] against admin/*: [indices:*] [2019-06-12T10:38:33,345][DEBUG][c.f.s.c.PrivilegesEvaluator] no match admin* in [IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,345][DEBUG][c.f.s.c.PrivilegesEvaluator] For index admin remaining requested local indextype: [IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,345][DEBUG][c.f.s.c.PrivilegesEvaluator] For index admin remaining requested global indextype: [] [2019-06-12T10:38:33,345][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for watch* [2019-06-12T10:38:33,345][DEBUG][c.f.s.c.PrivilegesEvaluator] No wildcard match found for watch* [2019-06-12T10:38:33,345][DEBUG][c.f.s.c.PrivilegesEvaluator] For index watch* remaining requested local indextype: [IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,345][DEBUG][c.f.s.c.PrivilegesEvaluator] For index watch* remaining requested global indextype: [] [2019-06-12T10:38:33,345][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for ?kibana* [2019-06-12T10:38:33,345][DEBUG][c.f.s.c.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2019-06-12T10:38:33,345][DEBUG][c.f.s.c.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2019-06-12T10:38:33,346][DEBUG][c.f.s.c.PrivilegesEvaluator] match requested action [indices:data/read/search] against ?kibana*/*: [indices:data/read/search*, indices:admin/get] [2019-06-12T10:38:33,346][DEBUG][c.f.s.c.PrivilegesEvaluator] removed .kibana* [2019-06-12T10:38:33,346][DEBUG][c.f.s.c.PrivilegesEvaluator] For index ?kibana* remaining requested local indextype: [] [2019-06-12T10:38:33,346][DEBUG][c.f.s.c.PrivilegesEvaluator] For index ?kibana* remaining requested global indextype: [] [2019-06-12T10:38:33,346][DEBUG][c.f.s.c.PrivilegesEvaluator] found a match for 'sg_own_index.?kibana*', evaluate other roles [2019-06-12T10:38:33,346][DEBUG][c.f.s.c.PrivilegesEvaluator] Added to leftovers sg_own_index=>[] [2019-06-12T10:38:33,346][DEBUG][c.f.s.c.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2019-06-12T10:38:33,346][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for watch* [2019-06-12T10:38:33,346][DEBUG][c.f.s.c.PrivilegesEvaluator] No wildcard match found for watch* [2019-06-12T10:38:33,346][DEBUG][c.f.s.c.PrivilegesEvaluator] For index watch* remaining requested local indextype: [IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,346][DEBUG][c.f.s.c.PrivilegesEvaluator] For index watch* remaining requested global indextype: [] [2019-06-12T10:38:33,346][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for ?kibana* [2019-06-12T10:38:33,346][DEBUG][c.f.s.c.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2019-06-12T10:38:33,347][DEBUG][c.f.s.c.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2019-06-12T10:38:33,347][DEBUG][c.f.s.c.PrivilegesEvaluator] match requested action [indices:data/read/search] against ?kibana*/*: [indices:data/read/search*, indices:admin/get] [2019-06-12T10:38:33,347][DEBUG][c.f.s.c.PrivilegesEvaluator] For index ?kibana* remaining requested local indextype: [] [2019-06-12T10:38:33,347][DEBUG][c.f.s.c.PrivilegesEvaluator] For index ?kibana* remaining requested global indextype: [] [2019-06-12T10:38:33,347][DEBUG][c.f.s.c.PrivilegesEvaluator] found a match for 'sg_public.?kibana*', evaluate other roles [2019-06-12T10:38:33,347][DEBUG][c.f.s.c.PrivilegesEvaluator] Added to leftovers sg_public=>[] [2019-06-12T10:38:33,347][DEBUG][c.f.s.c.PrivilegesEvaluator] ---------- evaluate sg_role: sg_sentinl [2019-06-12T10:38:33,347][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for watch* [2019-06-12T10:38:33,347][DEBUG][c.f.s.c.PrivilegesEvaluator] No wildcard match found for watch* [2019-06-12T10:38:33,347][DEBUG][c.f.s.c.PrivilegesEvaluator] For index watch* remaining requested local indextype: [IndexType [index=.kibana, type=*]] [2019-06-12T10:38:33,348][DEBUG][c.f.s.c.PrivilegesEvaluator] For index watch* remaining requested global indextype: [] [2019-06-12T10:38:33,348][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for * [2019-06-12T10:38:33,348][DEBUG][c.f.s.c.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2019-06-12T10:38:33,348][DEBUG][c.f.s.c.PrivilegesEvaluator] matches for *, will check now types [*] [2019-06-12T10:38:33,348][DEBUG][c.f.s.c.PrivilegesEvaluator] match requested action [indices:data/read/search] against */*: [indices:data/read/msearch*, indices:monitor/stats, indices:data/read/search*, indices:data/read/suggest*, indices:admin/get, indices:admin/mappings/fields/get*, indices:admin/mappings/get, indices:data/read*] [2019-06-12T10:38:33,348][DEBUG][c.f.s.c.PrivilegesEvaluator] removed .kibana* [2019-06-12T10:38:33,348][DEBUG][c.f.s.c.PrivilegesEvaluator] For index * remaining requested local indextype: [] [2019-06-12T10:38:33,348][DEBUG][c.f.s.c.PrivilegesEvaluator] For index * remaining requested global indextype: [] [2019-06-12T10:38:33,348][DEBUG][c.f.s.c.PrivilegesEvaluator] found a match for 'sg_sentinl.*', evaluate other roles [2019-06-12T10:38:33,348][DEBUG][c.f.s.c.PrivilegesEvaluator] Try wildcard match for ?kibana* [2019-06-12T10:38:33,349][DEBUG][c.f.s.c.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2019-06-12T10:38:33,349][DEBUG][c.f.s.c.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2019-06-12T10:38:33,349][DEBUG][c.f.s.c.PrivilegesEvaluator] match requested action [indices:data/read/search] against ?kibana*/*: [indices:data/write/delete*, indices:admin/*, indices:admin/mapping/put, indices:data/read/search*, indices:data/*, indices:data/write/update*, indices:admin/get, indices:admin/mappings/fields/get*, indices:data/read*, indices:data/read/msearch*, indices:data/write/bulk*, indices:data/read/suggest*, indices:data/write/index*, indices:data/read/search, indices:data/write*, indices:monitor/*] [2019-06-12T10:38:33,349][DEBUG][c.f.s.c.PrivilegesEvaluator] no match .kibana* in [] [2019-06-12T10:38:33,349][DEBUG][c.f.s.c.PrivilegesEvaluator] For index ?kibana* remaining requested local indextype: [] [2019-06-12T10:38:33,349][DEBUG][c.f.s.c.PrivilegesEvaluator] For index ?kibana* remaining requested global indextype: [] [2019-06-12T10:38:33,349][DEBUG][c.f.s.c.PrivilegesEvaluator] found a match for 'sg_sentinl.?kibana*', evaluate other roles [2019-06-12T10:38:33,349][DEBUG][c.f.s.c.PrivilegesEvaluator] Added to leftovers sg_sentinl=>[] [2019-06-12T10:38:33,617][DEBUG][c.f.s.a.BackendRegistry ] Try to extract auth creds from http basic [2019-06-12T10:38:33,617][DEBUG][c.f.s.a.BackendRegistry ] User 'admin' is in cache? true (cache size: 1) [2019-06-12T10:38:33,617][DEBUG][c.f.s.a.BackendRegistry ] User 'User [name=admin, roles=[*]]' is authenticated [2019-06-12T10:38:33,617][DEBUG][c.f.s.a.BackendRegistry ] sg_tenant 'null' [2019-06-12T10:38:33,624][DEBUG][c.f.s.c.PrivilegesEvaluator] ### evaluate permissions for User [name=admin, roles=[*]] on InterStat1 [2019-06-12T10:38:33,624][DEBUG][c.f.s.c.PrivilegesEvaluator] requested cluster:monitor/state from 127.0.0.1:37286 [2019-06-12T10:38:33,624][DEBUG][c.f.s.c.PrivilegesEvaluator] Resolve [] from class org.elasticsearch.action.admin.cluster.state.ClusterStateRequest [2019-06-12T10:38:33,624][DEBUG][c.f.s.c.PrivilegesEvaluator] indicesOptions IndicesOptions[id=7, ignore_unavailable=true, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=false] [2019-06-12T10:38:33,624][DEBUG][c.f.s.c.PrivilegesEvaluator] 0 raw indices [] [2019-06-12T10:38:33,624][DEBUG][c.f.s.c.PrivilegesEvaluator] No indices found in request, assume _all [2019-06-12T10:38:33,625][DEBUG][c.f.s.c.PrivilegesEvaluator] pre final indices: [filebeat-2019.06.12, watcher_alarms-2019.06.12, searchguard, watcher_alarms-2019.06.11, .kibana, filebeat-2019.06.11] [2019-06-12T10:38:33,625][DEBUG][c.f.s.c.PrivilegesEvaluator] pre final types: [] [2019-06-12T10:38:33,625][DEBUG][c.f.s.c.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=watcher_alarms-2019.06.12, type=*], IndexType [index=filebeat-2019.06.11, type=*], IndexType [index=watcher_alarms-2019.06.11, type=*], IndexType [index=filebeat-2019.06.12, type=*], IndexType [index=searchguard, type=*], IndexType [index=.kibana, type=*]]