Currently, when logging authentication via the API, in case of an error, the following message is displayed:
{"@timestamp":"2024-03-07T14:00:20.001Z", "log.level": "WARN", "message":"Authentication using apikey failed - unable to find apikey with id HBjhbh", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[test-elk-coordinator][transport_worker][T#11]","log.logger":"org.elasticsearch.xpack.security.authc.ApiKeyAuthenticator","elasticsearch.cluster.uuid":"sdafsdfafdsf","elasticsearch.node.id":"asdgfsadf","elasticsearch.node.name":"test-elk-coordinator","elasticsearch.cluster.name":"test-elk-cluster"}
Unfortunately, based on this event, it is impossible to determine which client is experiencing authentication issues.
I kindly request considering the possibility of adding client IP address information to the log output.
Description
Currently, when logging authentication via the API, in case of an error, the following message is displayed:
{"@timestamp":"2024-03-07T14:00:20.001Z", "log.level": "WARN", "message":"Authentication using apikey failed - unable to find apikey with id HBjhbh", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[test-elk-coordinator][transport_worker][T#11]","log.logger":"org.elasticsearch.xpack.security.authc.ApiKeyAuthenticator","elasticsearch.cluster.uuid":"sdafsdfafdsf","elasticsearch.node.id":"asdgfsadf","elasticsearch.node.name":"test-elk-coordinator","elasticsearch.cluster.name":"test-elk-cluster"}
Unfortunately, based on this event, it is impossible to determine which client is experiencing authentication issues. I kindly request considering the possibility of adding client IP address information to the log output.