DEVHIDE
Login Or Sign up

Tracing request origin on Elastic Cloud

338 Views Asked by At

I have an old Elasticsearch cluster that shouldn't be getting traffic but somehow it still is. I have hundreds of services that could potentially be hitting it. I'm looking for a way to maybe capture the request origin so I can see where the requests are coming from. I tried enabling the REST request tracer but that didn't seem to do anything (https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-http.html).

Any thoughts?

elasticsearch kibana elastic-cloud
Original Q&A
1

There are 1 best solutions below

2
On

If you have authentication enabled (or are ok to enable it and let requests fail then), I would enable audit logging. This will log auditing events including an origin.address, which should show you where those are coming from.

Example (request on localhost):

{
  "type": "audit",
  "timestamp": "2020-07-29T20:11:08,529+0200",
  "node.id": "sDCzapQcSgCTgaOnebA07w",
  "event.type": "rest",
  "event.action": "anonymous_access_denied",
  "origin.type": "rest",
  "origin.address": "127.0.0.1:58611",
  "url.path": "/",
  "request.method": "HEAD",
  "request.id": "4s_UWL35TfiI0nGZvNeomA"
}

Though on Elastic Cloud you will have to contact support to provide you those logs.

Related Questions in ELASTICSEARCH

Related Questions in KIBANA

Related Questions in ELASTIC-CLOUD

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.