Closed enarcee closed 2 years ago
I am having the same issue
Hi @enarcee the docker-compose I'm using is 1.25.0, I would recommend upgrading to that
I would also try it on another hypervisor (plain old KVM) just to see if there is any issue there as well
Please also attach more docker logs
I am having the same issue with 1.25.0
found a solution
you have to set the passwords in the .env file
Great, happy that you found a solution.
The current docker docs need some TLC, ill try to get to that soon.
unfortunately it still does not work. It seems that different services can not authenticate. or do not reach each other
I have also tried it with Debain 10/11 and the current Docker version, but unfortunately the same errors.
it is a VM on an ESXi host Linux 4.9.0-18-amd64 x86_64 PRETTY_NAME="Debian GNU/Linux 9 (stretch)" NAME="Debian GNU/Linux" VERSION_ID="9" VERSION="9 (stretch)" VERSION_CODENAME=stretch ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/"
Docker version 19.03.9, build 9d988398e7 docker-compose version 1.25.0, build 0a186604 ELK_VERSION=8.1.0
ES01 Logs: Attaching to es01 es01 | {"@timestamp":"2022-03-29T08:59:55.351Z", "log.level": "INFO", "message":"version[8.1.0], pid[6], build[default/docker/3700f7679f7d95e36da0b43762189bab189bc53a/2022-03-03T14:20:00.690422633Z], OS[Linux/4.9.0-18-amd64/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/17.0.2/17.0.2+8]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T08:59:55.364Z", "log.level": "INFO", "message":"JVM home [/usr/share/elasticsearch/jdk], using bundled JDK [true]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T08:59:55.364Z", "log.level": "INFO", "message":"JVM arguments [-Xshare:auto, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -Djava.security.manager=allow, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j2.formatMsgNoLookups=true, -Djava.locale.providers=SPI,COMPAT, --add-opens=java.base/java.io=ALL-UNNAMED, -XX:+UseG1GC, -Djava.io.tmpdir=/tmp/elasticsearch-9599185348138897738, -XX:+HeapDumpOnOutOfMemoryError, -XX:+ExitOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Des.cgroups.hierarchy.override=/, -Xms512m, -Xmx512m, -XX:MaxDirectMemorySize=268435456, -XX:G1HeapRegionSize=4m, -XX:InitiatingHeapOccupancyPercent=30, -XX:G1ReservePercent=15, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/usr/share/elasticsearch/config, -Des.distribution.flavor=default, -Des.distribution.type=docker, -Des.bundled_jdk=true]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.499Z", "log.level": "INFO", "message":"loaded module [aggs-matrix-stats]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.499Z", "log.level": "INFO", "message":"loaded module [analysis-common]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.500Z", "log.level": "INFO", "message":"loaded module [constant-keyword]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.501Z", "log.level": "INFO", "message":"loaded module [data-streams]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.501Z", "log.level": "INFO", "message":"loaded module [frozen-indices]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.502Z", "log.level": "INFO", "message":"loaded module [ingest-common]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.503Z", "log.level": "INFO", "message":"loaded module [ingest-geoip]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.510Z", "log.level": "INFO", "message":"loaded module [ingest-user-agent]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.511Z", "log.level": "INFO", "message":"loaded module [kibana]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.511Z", "log.level": "INFO", "message":"loaded module [lang-expression]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.513Z", "log.level": "INFO", "message":"loaded module [lang-mustache]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.513Z", "log.level": "INFO", "message":"loaded module [lang-painless]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.514Z", "log.level": "INFO", "message":"loaded module [legacy-geo]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.514Z", "log.level": "INFO", "message":"loaded module [mapper-extras]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.515Z", "log.level": "INFO", "message":"loaded module [mapper-version]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.515Z", "log.level": "INFO", "message":"loaded module [old-lucene-versions]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.516Z", "log.level": "INFO", "message":"loaded module [parent-join]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.516Z", "log.level": "INFO", "message":"loaded module [percolator]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.517Z", "log.level": "INFO", "message":"loaded module [rank-eval]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.517Z", "log.level": "INFO", "message":"loaded module [reindex]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.517Z", "log.level": "INFO", "message":"loaded module [repositories-metering-api]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.519Z", "log.level": "INFO", "message":"loaded module [repository-azure]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.519Z", "log.level": "INFO", "message":"loaded module [repository-encrypted]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.520Z", "log.level": "INFO", "message":"loaded module [repository-gcs]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.520Z", "log.level": "INFO", "message":"loaded module [repository-s3]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.520Z", "log.level": "INFO", "message":"loaded module [repository-url]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.521Z", "log.level": "INFO", "message":"loaded module [runtime-fields-common]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.521Z", "log.level": "INFO", "message":"loaded module [search-business-rules]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.521Z", "log.level": "INFO", "message":"loaded module [searchable-snapshots]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.522Z", "log.level": "INFO", "message":"loaded module [snapshot-based-recoveries]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.522Z", "log.level": "INFO", "message":"loaded module [snapshot-repo-test-kit]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.522Z", "log.level": "INFO", "message":"loaded module [spatial]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.524Z", "log.level": "INFO", "message":"loaded module [transform]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.524Z", "log.level": "INFO", "message":"loaded module [transport-netty4]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.525Z", "log.level": "INFO", "message":"loaded module [unsigned-long]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.525Z", "log.level": "INFO", "message":"loaded module [vector-tile]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.526Z", "log.level": "INFO", "message":"loaded module [vectors]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.526Z", "log.level": "INFO", "message":"loaded module [wildcard]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.526Z", "log.level": "INFO", "message":"loaded module [x-pack-aggregate-metric]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.527Z", "log.level": "INFO", "message":"loaded module [x-pack-analytics]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.528Z", "log.level": "INFO", "message":"loaded module [x-pack-async]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.528Z", "log.level": "INFO", "message":"loaded module [x-pack-async-search]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.528Z", "log.level": "INFO", "message":"loaded module [x-pack-autoscaling]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.529Z", "log.level": "INFO", "message":"loaded module [x-pack-ccr]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.529Z", "log.level": "INFO", "message":"loaded module [x-pack-core]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.530Z", "log.level": "INFO", "message":"loaded module [x-pack-deprecation]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.530Z", "log.level": "INFO", "message":"loaded module [x-pack-enrich]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.530Z", "log.level": "INFO", "message":"loaded module [x-pack-eql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.531Z", "log.level": "INFO", "message":"loaded module [x-pack-fleet]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.532Z", "log.level": "INFO", "message":"loaded module [x-pack-graph]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.532Z", "log.level": "INFO", "message":"loaded module [x-pack-identity-provider]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.532Z", "log.level": "INFO", "message":"loaded module [x-pack-ilm]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.533Z", "log.level": "INFO", "message":"loaded module [x-pack-logstash]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.533Z", "log.level": "INFO", "message":"loaded module [x-pack-ml]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.534Z", "log.level": "INFO", "message":"loaded module [x-pack-monitoring]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.534Z", "log.level": "INFO", "message":"loaded module [x-pack-ql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.534Z", "log.level": "INFO", "message":"loaded module [x-pack-rollup]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.535Z", "log.level": "INFO", "message":"loaded module [x-pack-security]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.535Z", "log.level": "INFO", "message":"loaded module [x-pack-shutdown]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.536Z", "log.level": "INFO", "message":"loaded module [x-pack-sql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.536Z", "log.level": "INFO", "message":"loaded module [x-pack-stack]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.538Z", "log.level": "INFO", "message":"loaded module [x-pack-text-structure]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.539Z", "log.level": "INFO", "message":"loaded module [x-pack-voting-only-node]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.539Z", "log.level": "INFO", "message":"loaded module [x-pack-watcher]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.541Z", "log.level": "INFO", "message":"no plugins loaded", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.615Z", "log.level": "INFO", "message":"using [1] data paths, mounts [[/usr/share/elasticsearch/data (/dev/sda1)]], net usable_space [453.5gb], net total_space [483.2gb], types [ext4]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.env.NodeEnvironment","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.616Z", "log.level": "INFO", "message":"heap size [512mb], compressed ordinary object pointers [true]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.env.NodeEnvironment","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:01.796Z", "log.level": "INFO", "message":"node name [es01], node ID [tSyt6JPdRw615RHiY2_yDA], cluster name [es-docker-cluster], roles [data_hot, ml, data_frozen, ingest, data_cold, data, remote_cluster_client, master, data_warm, data_content, transform]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:15.467Z", "log.level": "INFO", "message":"[controller/311] [Main.cc@123] controller (64 bit): Version 8.1.0 (Build 36e2300340f08a) Copyright (c) 2022 Elasticsearch BV", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"ml-cpp-log-tail-thread","log.logger":"org.elasticsearch.xpack.ml.process.logging.CppLogMessageHandler","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:15.784Z", "log.level": "INFO", "message":"Security is enabled", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.security.Security","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:16.506Z", "log.level": "INFO", "message":"license mode is [trial], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.security.authc.Realms","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:16.537Z", "log.level": "INFO", "message":"parsed [0] roles from file [/usr/share/elasticsearch/config/roles.yml]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.security.authz.store.FileRolesStore","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:20.155Z", "log.level": "INFO", "message":"creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=1mb, factors={es.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=4mb, heap_size=512mb}]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.transport.netty4.NettyAllocator","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:20.214Z", "log.level": "INFO", "message":"using rate limit [40mb] with [default=40mb, read=0b, write=0b, max=0b]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.indices.recovery.RecoverySettings","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:20.282Z", "log.level": "INFO", "message":"using discovery type [multi-node] and seed hosts providers [settings]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.discovery.DiscoveryModule","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:23.243Z", "log.level": "INFO", "message":"initialized", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:23.244Z", "log.level": "INFO", "message":"starting ...", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:23.390Z", "log.level": "INFO", "message":"persistent cache index loaded", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.searchablesnapshots.cache.full.PersistentCache","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:23.392Z", "log.level": "INFO", "message":"deprecation component started", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.deprecation.logging.DeprecationIndexingComponent","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:23.591Z", "log.level": "INFO", "message":"publish_address {172.22.0.3:9300}, bound_addresses {0.0.0.0:9300}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.transport.TransportService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:25.327Z", "log.level": "INFO", "message":"bound or publishing to a non-loopback address, enforcing bootstrap checks", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.bootstrap.BootstrapChecks","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:25.408Z", "log.level": "INFO", "message":"cluster UUID [rV9mYhOGTxunt8nBQfvt-A]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.cluster.coordination.Coordinator","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:29.475Z", "log.level": "INFO", "message":"master node changed {previous [], current [{es02}{g9Oqbnp5R4qLGkhe61I2Ag}{kSLKgZQNQAiPhBAAbqgEow}{172.22.0.4}{172.22.0.4:9300}{cdfhilmrstw}]}, added {{es02}{g9Oqbnp5R4qLGkhe61I2Ag}{kSLKgZQNQAiPhBAAbqgEow}{172.22.0.4}{172.22.0.4:9300}{cdfhilmrstw}}, term: 12, version: 234, reason: ApplyCommitRequest{term=12, version=234, sourceNode={es02}{g9Oqbnp5R4qLGkhe61I2Ag}{kSLKgZQNQAiPhBAAbqgEow}{172.22.0.4}{172.22.0.4:9300}{cdfhilmrstw}{ml.machine_memory=8374788096, xpack.installed=true, ml.max_jvm_size=536870912}}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.ClusterApplierService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:29.507Z", "log.level": "INFO", "message":"publish_address {172.22.0.3:9200}, bound_addresses {0.0.0.0:9200}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.http.AbstractHttpServerTransport","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:29.508Z", "log.level": "INFO", "message":"started", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:31.663Z", "log.level": "INFO", "message":"license [0de81af4-e8fc-43b1-a6e2-56cbfa00e4ec] mode [basic] - valid", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.license.LicenseService","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:31.664Z", "log.level": "INFO", "message":"license mode is [basic], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.Realms","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:32.514Z", "log.level": "INFO", "message":"added {{es03}{T-8YofBkRr6Vz8-VJ1IEnw}{6qzcqDSjTWConXFBWuuQ9w}{172.22.0.5}{172.22.0.5:9300}{cdfhilmrstw}}, term: 12, version: 237, reason: ApplyCommitRequest{term=12, version=237, sourceNode={es02}{g9Oqbnp5R4qLGkhe61I2Ag}{kSLKgZQNQAiPhBAAbqgEow}{172.22.0.4}{172.22.0.4:9300}{cdfhilmrstw}{ml.machine_memory=8374788096, xpack.installed=true, ml.max_jvm_size=536870912}}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.ClusterApplierService","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:34.363Z", "log.level": "INFO", "message":"refresh keys", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.TokenService","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:34.965Z", "log.level": "INFO", "message":"refreshed keys", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.TokenService","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:41.182Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#1]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:41.461Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#5]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:41.620Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-ASN.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#2]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:45.150Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#3]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:00:51.820Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:01:02.146Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#8]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:01:09.905Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#2]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:01:10.076Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:01:12.301Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:01:22.459Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:01:32.799Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#5]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:01:40.193Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#8]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:01:40.451Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:01:43.152Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:01:53.488Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:02:03.806Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:02:10.356Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:02:10.358Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#6]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:02:14.121Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:02:24.460Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:02:34.782Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:02:40.366Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:02:40.647Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:02:45.101Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#2]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:02:55.419Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:03:05.711Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#8]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:03:10.374Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:03:10.937Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:03:16.027Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:03:26.339Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#2]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:03:36.667Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:03:40.363Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:03:41.225Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:03:46.989Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#2]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:03:57.302Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#8]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:04:07.617Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:04:10.361Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#2]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:04:11.390Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:04:17.936Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:04:28.245Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:04:38.562Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#2]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:04:40.359Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:04:41.673Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:04:48.877Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:04:59.207Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:05:09.528Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:05:10.360Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:05:11.960Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:05:19.827Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#5]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:05:30.136Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:05:40.364Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:05:40.644Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#2]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:05:42.242Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:05:50.962Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:06:01.279Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#2]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:06:10.358Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:06:11.601Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:06:12.530Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#5]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:06:21.785Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:06:32.051Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:06:40.358Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:06:42.530Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#5]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:06:42.813Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#2]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:06:52.872Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#2]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:07:03.191Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:07:10.359Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#2]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:07:13.094Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:07:13.532Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#8]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:07:23.854Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:07:34.160Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:07:40.217Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#5]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:07:43.234Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#8]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:07:44.467Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:07:54.777Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:08:05.107Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:08:10.360Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:08:13.507Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#2]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:08:15.420Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:08:25.730Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:08:36.044Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#5]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:08:40.219Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#8]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:08:43.786Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:08:46.216Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:08:56.530Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:09:06.842Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:09:10.361Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:09:14.064Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:09:17.159Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#2]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:09:27.468Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:09:37.784Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#8]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:09:40.357Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:09:44.354Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#2]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:09:48.032Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:09:58.353Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:10:08.670Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:10:10.354Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:10:14.630Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:10:19.002Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:10:29.316Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#8]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:10:39.633Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:10:40.371Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#2]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:10:44.913Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:10:49.952Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:11:00.277Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:11:10.214Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#2]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:11:10.576Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#2]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:11:15.192Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:11:20.885Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:11:31.209Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:11:40.363Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:11:41.546Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:11:45.476Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:11:51.860Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#8]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:12:02.178Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:12:10.352Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:12:12.326Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:12:15.758Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#2]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:12:22.639Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:12:32.954Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#2]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:12:40.359Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][system_critical_read][T#2]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:12:43.284Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:12:46.041Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#5]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:12:53.605Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:13:03.923Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"} es01 | {"@timestamp":"2022-03-29T09:13:10.353Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][transport_worker][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"tSyt6JPdRw615RHiY2_yDA","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"es-docker-cluster"}
es02 Logs:
Attaching to es02 es02 | {"@timestamp":"2022-03-29T08:59:56.389Z", "log.level": "INFO", "message":"version[8.1.0], pid[6], build[default/docker/3700f7679f7d95e36da0b43762189bab189bc53a/2022-03-03T14:20:00.690422633Z], OS[Linux/4.9.0-18-amd64/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/17.0.2/17.0.2+8]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T08:59:56.415Z", "log.level": "INFO", "message":"JVM home [/usr/share/elasticsearch/jdk], using bundled JDK [true]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T08:59:56.415Z", "log.level": "INFO", "message":"JVM arguments [-Xshare:auto, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -Djava.security.manager=allow, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j2.formatMsgNoLookups=true, -Djava.locale.providers=SPI,COMPAT, --add-opens=java.base/java.io=ALL-UNNAMED, -XX:+UseG1GC, -Djava.io.tmpdir=/tmp/elasticsearch-17698921900301752910, -XX:+HeapDumpOnOutOfMemoryError, -XX:+ExitOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Des.cgroups.hierarchy.override=/, -Xms512m, -Xmx512m, -XX:MaxDirectMemorySize=268435456, -XX:G1HeapRegionSize=4m, -XX:InitiatingHeapOccupancyPercent=30, -XX:G1ReservePercent=15, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/usr/share/elasticsearch/config, -Des.distribution.flavor=default, -Des.distribution.type=docker, -Des.bundled_jdk=true]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.336Z", "log.level": "INFO", "message":"loaded module [aggs-matrix-stats]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.337Z", "log.level": "INFO", "message":"loaded module [analysis-common]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.337Z", "log.level": "INFO", "message":"loaded module [constant-keyword]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.338Z", "log.level": "INFO", "message":"loaded module [data-streams]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.338Z", "log.level": "INFO", "message":"loaded module [frozen-indices]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.339Z", "log.level": "INFO", "message":"loaded module [ingest-common]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.340Z", "log.level": "INFO", "message":"loaded module [ingest-geoip]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.349Z", "log.level": "INFO", "message":"loaded module [ingest-user-agent]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.350Z", "log.level": "INFO", "message":"loaded module [kibana]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.350Z", "log.level": "INFO", "message":"loaded module [lang-expression]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.351Z", "log.level": "INFO", "message":"loaded module [lang-mustache]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.351Z", "log.level": "INFO", "message":"loaded module [lang-painless]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.352Z", "log.level": "INFO", "message":"loaded module [legacy-geo]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.352Z", "log.level": "INFO", "message":"loaded module [mapper-extras]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.353Z", "log.level": "INFO", "message":"loaded module [mapper-version]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.353Z", "log.level": "INFO", "message":"loaded module [old-lucene-versions]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.354Z", "log.level": "INFO", "message":"loaded module [parent-join]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.354Z", "log.level": "INFO", "message":"loaded module [percolator]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.354Z", "log.level": "INFO", "message":"loaded module [rank-eval]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.355Z", "log.level": "INFO", "message":"loaded module [reindex]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.355Z", "log.level": "INFO", "message":"loaded module [repositories-metering-api]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.355Z", "log.level": "INFO", "message":"loaded module [repository-azure]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.356Z", "log.level": "INFO", "message":"loaded module [repository-encrypted]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.356Z", "log.level": "INFO", "message":"loaded module [repository-gcs]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.356Z", "log.level": "INFO", "message":"loaded module [repository-s3]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.356Z", "log.level": "INFO", "message":"loaded module [repository-url]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.357Z", "log.level": "INFO", "message":"loaded module [runtime-fields-common]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.357Z", "log.level": "INFO", "message":"loaded module [search-business-rules]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.357Z", "log.level": "INFO", "message":"loaded module [searchable-snapshots]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.358Z", "log.level": "INFO", "message":"loaded module [snapshot-based-recoveries]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.358Z", "log.level": "INFO", "message":"loaded module [snapshot-repo-test-kit]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.358Z", "log.level": "INFO", "message":"loaded module [spatial]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.358Z", "log.level": "INFO", "message":"loaded module [transform]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.359Z", "log.level": "INFO", "message":"loaded module [transport-netty4]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.359Z", "log.level": "INFO", "message":"loaded module [unsigned-long]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.359Z", "log.level": "INFO", "message":"loaded module [vector-tile]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.359Z", "log.level": "INFO", "message":"loaded module [vectors]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.362Z", "log.level": "INFO", "message":"loaded module [wildcard]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.363Z", "log.level": "INFO", "message":"loaded module [x-pack-aggregate-metric]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.363Z", "log.level": "INFO", "message":"loaded module [x-pack-analytics]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.365Z", "log.level": "INFO", "message":"loaded module [x-pack-async]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.365Z", "log.level": "INFO", "message":"loaded module [x-pack-async-search]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.365Z", "log.level": "INFO", "message":"loaded module [x-pack-autoscaling]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.366Z", "log.level": "INFO", "message":"loaded module [x-pack-ccr]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.367Z", "log.level": "INFO", "message":"loaded module [x-pack-core]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.367Z", "log.level": "INFO", "message":"loaded module [x-pack-deprecation]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.368Z", "log.level": "INFO", "message":"loaded module [x-pack-enrich]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.368Z", "log.level": "INFO", "message":"loaded module [x-pack-eql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.368Z", "log.level": "INFO", "message":"loaded module [x-pack-fleet]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.370Z", "log.level": "INFO", "message":"loaded module [x-pack-graph]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.370Z", "log.level": "INFO", "message":"loaded module [x-pack-identity-provider]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.371Z", "log.level": "INFO", "message":"loaded module [x-pack-ilm]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.371Z", "log.level": "INFO", "message":"loaded module [x-pack-logstash]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.372Z", "log.level": "INFO", "message":"loaded module [x-pack-ml]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.372Z", "log.level": "INFO", "message":"loaded module [x-pack-monitoring]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.373Z", "log.level": "INFO", "message":"loaded module [x-pack-ql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.373Z", "log.level": "INFO", "message":"loaded module [x-pack-rollup]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.374Z", "log.level": "INFO", "message":"loaded module [x-pack-security]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.375Z", "log.level": "INFO", "message":"loaded module [x-pack-shutdown]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.375Z", "log.level": "INFO", "message":"loaded module [x-pack-sql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.376Z", "log.level": "INFO", "message":"loaded module [x-pack-stack]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.379Z", "log.level": "INFO", "message":"loaded module [x-pack-text-structure]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.381Z", "log.level": "INFO", "message":"loaded module [x-pack-voting-only-node]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.381Z", "log.level": "INFO", "message":"loaded module [x-pack-watcher]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.383Z", "log.level": "INFO", "message":"no plugins loaded", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.592Z", "log.level": "INFO", "message":"using [1] data paths, mounts [[/usr/share/elasticsearch/data (/dev/sda1)]], net usable_space [453.5gb], net total_space [483.2gb], types [ext4]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.env.NodeEnvironment","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:02.592Z", "log.level": "INFO", "message":"heap size [512mb], compressed ordinary object pointers [true]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.env.NodeEnvironment","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:03.005Z", "log.level": "INFO", "message":"node name [es02], node ID [g9Oqbnp5R4qLGkhe61I2Ag], cluster name [es-docker-cluster], roles [data_frozen, ingest, data_cold, data, remote_cluster_client, master, data_warm, data_content, transform, data_hot, ml]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:16.398Z", "log.level": "INFO", "message":"[controller/313] [Main.cc@123] controller (64 bit): Version 8.1.0 (Build 36e2300340f08a) Copyright (c) 2022 Elasticsearch BV", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"ml-cpp-log-tail-thread","log.logger":"org.elasticsearch.xpack.ml.process.logging.CppLogMessageHandler","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:16.831Z", "log.level": "INFO", "message":"Security is enabled", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.security.Security","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:17.625Z", "log.level": "INFO", "message":"license mode is [trial], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.security.authc.Realms","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:17.641Z", "log.level": "INFO", "message":"parsed [0] roles from file [/usr/share/elasticsearch/config/roles.yml]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.security.authz.store.FileRolesStore","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:21.492Z", "log.level": "INFO", "message":"creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=1mb, factors={es.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=4mb, heap_size=512mb}]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.transport.netty4.NettyAllocator","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:21.564Z", "log.level": "INFO", "message":"using rate limit [40mb] with [default=40mb, read=0b, write=0b, max=0b]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.indices.recovery.RecoverySettings","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:21.649Z", "log.level": "INFO", "message":"using discovery type [multi-node] and seed hosts providers [settings]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.discovery.DiscoveryModule","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:24.815Z", "log.level": "INFO", "message":"initialized", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:24.816Z", "log.level": "INFO", "message":"starting ...", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:24.874Z", "log.level": "INFO", "message":"persistent cache index loaded", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.searchablesnapshots.cache.full.PersistentCache","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:24.876Z", "log.level": "INFO", "message":"deprecation component started", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.deprecation.logging.DeprecationIndexingComponent","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:25.074Z", "log.level": "INFO", "message":"publish_address {172.22.0.4:9300}, bound_addresses {0.0.0.0:9300}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.transport.TransportService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:26.428Z", "log.level": "INFO", "message":"bound or publishing to a non-loopback address, enforcing bootstrap checks", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.bootstrap.BootstrapChecks","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:26.477Z", "log.level": "INFO", "message":"cluster UUID [rV9mYhOGTxunt8nBQfvt-A]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.cluster.coordination.Coordinator","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:28.557Z", "log.level": "INFO", "message":"elected-as-master ([2] nodes joined)[{es01}{tSyt6JPdRw615RHiY2_yDA}{T8JiSahJRY-TUS9VZL9wnQ}{172.22.0.3}{172.22.0.3:9300}{cdfhilmrstw} completing election, {es02}{g9Oqbnp5R4qLGkhe61I2Ag}{kSLKgZQNQAiPhBAAbqgEow}{172.22.0.4}{172.22.0.4:9300}{cdfhilmrstw} completing election, _BECOME_MASTERTASK, _FINISHELECTION], term: 12, version: 234, delta: master node changed {previous [], current [{es02}{g9Oqbnp5R4qLGkhe61I2Ag}{kSLKgZQNQAiPhBAAbqgEow}{172.22.0.4}{172.22.0.4:9300}{cdfhilmrstw}]}, added {{es01}{tSyt6JPdRw615RHiY2_yDA}{T8JiSahJRY-TUS9VZL9wnQ}{172.22.0.3}{172.22.0.3:9300}{cdfhilmrstw}}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.MasterService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:29.514Z", "log.level": "INFO", "message":"master node changed {previous [], current [{es02}{g9Oqbnp5R4qLGkhe61I2Ag}{kSLKgZQNQAiPhBAAbqgEow}{172.22.0.4}{172.22.0.4:9300}{cdfhilmrstw}]}, added {{es01}{tSyt6JPdRw615RHiY2_yDA}{T8JiSahJRY-TUS9VZL9wnQ}{172.22.0.3}{172.22.0.3:9300}{cdfhilmrstw}}, term: 12, version: 234, reason: Publication{term=12, version=234}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.ClusterApplierService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:29.681Z", "log.level": "INFO", "message":"skipping monitor as a check is already in progress", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.DiskThresholdMonitor","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"g9Oqbnp5R4qLGkhe61I2Ag","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:29.685Z", "log.level": "INFO", "message":"publish_address {172.22.0.4:9200}, bound_addresses {0.0.0.0:9200}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.http.AbstractHttpServerTransport","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"g9Oqbnp5R4qLGkhe61I2Ag","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:29.686Z", "log.level": "INFO", "message":"started", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"g9Oqbnp5R4qLGkhe61I2Ag","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:32.353Z", "log.level": "INFO", "message":"license [0de81af4-e8fc-43b1-a6e2-56cbfa00e4ec] mode [basic] - valid", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.license.LicenseService","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"g9Oqbnp5R4qLGkhe61I2Ag","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:32.355Z", "log.level": "INFO", "message":"license mode is [basic], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.Realms","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"g9Oqbnp5R4qLGkhe61I2Ag","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:32.372Z", "log.level": "INFO", "message":"recovered [10] indices into cluster_state", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.gateway.GatewayService","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"g9Oqbnp5R4qLGkhe61I2Ag","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:32.374Z", "log.level": "INFO", "message":"node-join[{es03}{T-8YofBkRr6Vz8-VJ1IEnw}{6qzcqDSjTWConXFBWuuQ9w}{172.22.0.5}{172.22.0.5:9300}{cdfhilmrstw} joining], term: 12, version: 237, delta: added {{es03}{T-8YofBkRr6Vz8-VJ1IEnw}{6qzcqDSjTWConXFBWuuQ9w}{172.22.0.5}{172.22.0.5:9300}{cdfhilmrstw}}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.MasterService","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"g9Oqbnp5R4qLGkhe61I2Ag","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:34.229Z", "log.level": "INFO", "message":"added {{es03}{T-8YofBkRr6Vz8-VJ1IEnw}{6qzcqDSjTWConXFBWuuQ9w}{172.22.0.5}{172.22.0.5:9300}{cdfhilmrstw}}, term: 12, version: 237, reason: Publication{term=12, version=237}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.ClusterApplierService","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"g9Oqbnp5R4qLGkhe61I2Ag","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:41.264Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#1]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"g9Oqbnp5R4qLGkhe61I2Ag","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:41.286Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-ASN.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#2]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"g9Oqbnp5R4qLGkhe61I2Ag","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:42.752Z", "log.level": "INFO", "current.health":"YELLOW","message":"Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[.ds-ilm-history-5-2022.03.28-000001][0], [.kibana-event-log-8.1.0-000001][0]]]).","previous.health":"RED","reason":"shards started [[.ds-ilm-history-5-2022.03.28-000001][0], [.kibana-event-log-8.1.0-000001][0]]" , "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"g9Oqbnp5R4qLGkhe61I2Ag","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:45.461Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#4]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"g9Oqbnp5R4qLGkhe61I2Ag","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"} es02 | {"@timestamp":"2022-03-29T09:00:47.832Z", "log.level": "INFO", "current.health":"GREEN","message":"Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.ds-ilm-history-5-2022.03.28-000001][0]]]).","previous.health":"YELLOW","reason":"shards started [[.ds-ilm-history-5-2022.03.28-000001][0]]" , "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"g9Oqbnp5R4qLGkhe61I2Ag","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"es-docker-cluster"}
es03 Logs:
Attaching to es03 es03 | {"@timestamp":"2022-03-29T08:59:58.613Z", "log.level": "INFO", "message":"version[8.1.0], pid[7], build[default/docker/3700f7679f7d95e36da0b43762189bab189bc53a/2022-03-03T14:20:00.690422633Z], OS[Linux/4.9.0-18-amd64/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/17.0.2/17.0.2+8]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T08:59:58.634Z", "log.level": "INFO", "message":"JVM home [/usr/share/elasticsearch/jdk], using bundled JDK [true]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T08:59:58.634Z", "log.level": "INFO", "message":"JVM arguments [-Xshare:auto, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -Djava.security.manager=allow, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j2.formatMsgNoLookups=true, -Djava.locale.providers=SPI,COMPAT, --add-opens=java.base/java.io=ALL-UNNAMED, -XX:+UseG1GC, -Djava.io.tmpdir=/tmp/elasticsearch-16155365370214724021, -XX:+HeapDumpOnOutOfMemoryError, -XX:+ExitOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Des.cgroups.hierarchy.override=/, -Xms512m, -Xmx512m, -XX:MaxDirectMemorySize=268435456, -XX:G1HeapRegionSize=4m, -XX:InitiatingHeapOccupancyPercent=30, -XX:G1ReservePercent=15, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/usr/share/elasticsearch/config, -Des.distribution.flavor=default, -Des.distribution.type=docker, -Des.bundled_jdk=true]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.326Z", "log.level": "INFO", "message":"loaded module [aggs-matrix-stats]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.327Z", "log.level": "INFO", "message":"loaded module [analysis-common]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.327Z", "log.level": "INFO", "message":"loaded module [constant-keyword]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.327Z", "log.level": "INFO", "message":"loaded module [data-streams]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.327Z", "log.level": "INFO", "message":"loaded module [frozen-indices]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.328Z", "log.level": "INFO", "message":"loaded module [ingest-common]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.328Z", "log.level": "INFO", "message":"loaded module [ingest-geoip]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.329Z", "log.level": "INFO", "message":"loaded module [ingest-user-agent]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.329Z", "log.level": "INFO", "message":"loaded module [kibana]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.329Z", "log.level": "INFO", "message":"loaded module [lang-expression]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.330Z", "log.level": "INFO", "message":"loaded module [lang-mustache]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.330Z", "log.level": "INFO", "message":"loaded module [lang-painless]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.331Z", "log.level": "INFO", "message":"loaded module [legacy-geo]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.331Z", "log.level": "INFO", "message":"loaded module [mapper-extras]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.331Z", "log.level": "INFO", "message":"loaded module [mapper-version]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.332Z", "log.level": "INFO", "message":"loaded module [old-lucene-versions]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.332Z", "log.level": "INFO", "message":"loaded module [parent-join]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.333Z", "log.level": "INFO", "message":"loaded module [percolator]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.333Z", "log.level": "INFO", "message":"loaded module [rank-eval]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.333Z", "log.level": "INFO", "message":"loaded module [reindex]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.334Z", "log.level": "INFO", "message":"loaded module [repositories-metering-api]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.334Z", "log.level": "INFO", "message":"loaded module [repository-azure]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.335Z", "log.level": "INFO", "message":"loaded module [repository-encrypted]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.335Z", "log.level": "INFO", "message":"loaded module [repository-gcs]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.336Z", "log.level": "INFO", "message":"loaded module [repository-s3]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.336Z", "log.level": "INFO", "message":"loaded module [repository-url]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.336Z", "log.level": "INFO", "message":"loaded module [runtime-fields-common]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.337Z", "log.level": "INFO", "message":"loaded module [search-business-rules]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.337Z", "log.level": "INFO", "message":"loaded module [searchable-snapshots]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.337Z", "log.level": "INFO", "message":"loaded module [snapshot-based-recoveries]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.338Z", "log.level": "INFO", "message":"loaded module [snapshot-repo-test-kit]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.338Z", "log.level": "INFO", "message":"loaded module [spatial]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.339Z", "log.level": "INFO", "message":"loaded module [transform]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.339Z", "log.level": "INFO", "message":"loaded module [transport-netty4]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.340Z", "log.level": "INFO", "message":"loaded module [unsigned-long]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.340Z", "log.level": "INFO", "message":"loaded module [vector-tile]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.341Z", "log.level": "INFO", "message":"loaded module [vectors]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.341Z", "log.level": "INFO", "message":"loaded module [wildcard]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.341Z", "log.level": "INFO", "message":"loaded module [x-pack-aggregate-metric]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.342Z", "log.level": "INFO", "message":"loaded module [x-pack-analytics]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.342Z", "log.level": "INFO", "message":"loaded module [x-pack-async]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.343Z", "log.level": "INFO", "message":"loaded module [x-pack-async-search]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.343Z", "log.level": "INFO", "message":"loaded module [x-pack-autoscaling]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.343Z", "log.level": "INFO", "message":"loaded module [x-pack-ccr]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.344Z", "log.level": "INFO", "message":"loaded module [x-pack-core]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.344Z", "log.level": "INFO", "message":"loaded module [x-pack-deprecation]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.344Z", "log.level": "INFO", "message":"loaded module [x-pack-enrich]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.345Z", "log.level": "INFO", "message":"loaded module [x-pack-eql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.345Z", "log.level": "INFO", "message":"loaded module [x-pack-fleet]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.345Z", "log.level": "INFO", "message":"loaded module [x-pack-graph]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.346Z", "log.level": "INFO", "message":"loaded module [x-pack-identity-provider]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.346Z", "log.level": "INFO", "message":"loaded module [x-pack-ilm]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.346Z", "log.level": "INFO", "message":"loaded module [x-pack-logstash]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.346Z", "log.level": "INFO", "message":"loaded module [x-pack-ml]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.347Z", "log.level": "INFO", "message":"loaded module [x-pack-monitoring]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.347Z", "log.level": "INFO", "message":"loaded module [x-pack-ql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.347Z", "log.level": "INFO", "message":"loaded module [x-pack-rollup]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.347Z", "log.level": "INFO", "message":"loaded module [x-pack-security]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.348Z", "log.level": "INFO", "message":"loaded module [x-pack-shutdown]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.348Z", "log.level": "INFO", "message":"loaded module [x-pack-sql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.348Z", "log.level": "INFO", "message":"loaded module [x-pack-stack]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.349Z", "log.level": "INFO", "message":"loaded module [x-pack-text-structure]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.349Z", "log.level": "INFO", "message":"loaded module [x-pack-voting-only-node]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.349Z", "log.level": "INFO", "message":"loaded module [x-pack-watcher]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.351Z", "log.level": "INFO", "message":"no plugins loaded", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.489Z", "log.level": "INFO", "message":"using [1] data paths, mounts [[/usr/share/elasticsearch/data (/dev/sda1)]], net usable_space [453.5gb], net total_space [483.2gb], types [ext4]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.env.NodeEnvironment","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.490Z", "log.level": "INFO", "message":"heap size [512mb], compressed ordinary object pointers [true]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.env.NodeEnvironment","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:05.798Z", "log.level": "INFO", "message":"node name [es03], node ID [T-8YofBkRr6Vz8-VJ1IEnw], cluster name [es-docker-cluster], roles [data_cold, data, remote_cluster_client, master, data_warm, data_content, transform, data_hot, ml, data_frozen, ingest]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:19.626Z", "log.level": "INFO", "message":"[controller/320] [Main.cc@123] controller (64 bit): Version 8.1.0 (Build 36e2300340f08a) Copyright (c) 2022 Elasticsearch BV", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"ml-cpp-log-tail-thread","log.logger":"org.elasticsearch.xpack.ml.process.logging.CppLogMessageHandler","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:19.880Z", "log.level": "INFO", "message":"Security is enabled", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.security.Security","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:20.536Z", "log.level": "INFO", "message":"license mode is [trial], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.security.authc.Realms","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:20.552Z", "log.level": "INFO", "message":"parsed [0] roles from file [/usr/share/elasticsearch/config/roles.yml]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.security.authz.store.FileRolesStore","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:24.649Z", "log.level": "INFO", "message":"creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=1mb, factors={es.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=4mb, heap_size=512mb}]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.transport.netty4.NettyAllocator","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:24.697Z", "log.level": "INFO", "message":"using rate limit [40mb] with [default=40mb, read=0b, write=0b, max=0b]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.indices.recovery.RecoverySettings","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:24.794Z", "log.level": "INFO", "message":"using discovery type [multi-node] and seed hosts providers [settings]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.discovery.DiscoveryModule","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:27.132Z", "log.level": "INFO", "message":"initialized", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:27.133Z", "log.level": "INFO", "message":"starting ...", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:27.178Z", "log.level": "INFO", "message":"persistent cache index loaded", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.searchablesnapshots.cache.full.PersistentCache","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:27.180Z", "log.level": "INFO", "message":"deprecation component started", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.deprecation.logging.DeprecationIndexingComponent","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:27.486Z", "log.level": "INFO", "message":"publish_address {172.22.0.5:9300}, bound_addresses {0.0.0.0:9300}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.transport.TransportService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:29.725Z", "log.level": "INFO", "message":"bound or publishing to a non-loopback address, enforcing bootstrap checks", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.bootstrap.BootstrapChecks","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:29.777Z", "log.level": "INFO", "message":"cluster UUID [rV9mYhOGTxunt8nBQfvt-A]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.cluster.coordination.Coordinator","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:33.054Z", "log.level": "INFO", "message":"master node changed {previous [], current [{es02}{g9Oqbnp5R4qLGkhe61I2Ag}{kSLKgZQNQAiPhBAAbqgEow}{172.22.0.4}{172.22.0.4:9300}{cdfhilmrstw}]}, added {{es02}{g9Oqbnp5R4qLGkhe61I2Ag}{kSLKgZQNQAiPhBAAbqgEow}{172.22.0.4}{172.22.0.4:9300}{cdfhilmrstw}, {es01}{tSyt6JPdRw615RHiY2_yDA}{T8JiSahJRY-TUS9VZL9wnQ}{172.22.0.3}{172.22.0.3:9300}{cdfhilmrstw}}, term: 12, version: 237, reason: ApplyCommitRequest{term=12, version=237, sourceNode={es02}{g9Oqbnp5R4qLGkhe61I2Ag}{kSLKgZQNQAiPhBAAbqgEow}{172.22.0.4}{172.22.0.4:9300}{cdfhilmrstw}{ml.machine_memory=8374788096, xpack.installed=true, ml.max_jvm_size=536870912}}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es03][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.ClusterApplierService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:34.206Z", "log.level": "INFO", "message":"license [0de81af4-e8fc-43b1-a6e2-56cbfa00e4ec] mode [basic] - valid", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es03][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.license.LicenseService","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:34.209Z", "log.level": "INFO", "message":"license mode is [basic], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es03][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.Realms","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:34.275Z", "log.level": "INFO", "message":"publish_address {172.22.0.5:9200}, bound_addresses {0.0.0.0:9200}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.http.AbstractHttpServerTransport","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"T-8YofBkRr6Vz8-VJ1IEnw","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:34.276Z", "log.level": "INFO", "message":"started", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"T-8YofBkRr6Vz8-VJ1IEnw","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:34.395Z", "log.level": "INFO", "message":"refresh keys", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es03][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.TokenService","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"T-8YofBkRr6Vz8-VJ1IEnw","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:35.003Z", "log.level": "INFO", "message":"refreshed keys", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es03][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.TokenService","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"T-8YofBkRr6Vz8-VJ1IEnw","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:40.797Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es03][generic][T#3]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"T-8YofBkRr6Vz8-VJ1IEnw","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:40.807Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-ASN.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es03][generic][T#2]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"T-8YofBkRr6Vz8-VJ1IEnw","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"} es03 | {"@timestamp":"2022-03-29T09:00:43.743Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es03][generic][T#1]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"rV9mYhOGTxunt8nBQfvt-A","elasticsearch.node.id":"T-8YofBkRr6Vz8-VJ1IEnw","elasticsearch.node.name":"es03","elasticsearch.cluster.name":"es-docker-cluster"}
logstash Logs:
Attaching to logstash
logstash | Using bundled JDK: /usr/share/logstash/jdk
logstash | Warning: no jvm.options file found.
logstash | Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
logstash | [INFO ] 2022-03-29 09:01:02.389 [main] runner - Starting Logstash {"logstash.version"=>"8.1.0", "jruby.version"=>"jruby 9.2.20.1 (2.5.8) 2021-11-30 2a2962fbd1 OpenJDK 64-Bit Server VM 11.0.13+8 on 11.0.13+8 +jit [linux-x86_64]"}
logstash | [INFO ] 2022-03-29 09:01:02.409 [main] runner - JVM bootstrap flags: [-Dls.cgroup.cpuacct.path.override=/, -Dls.cgroup.cpu.path.override=/, -Xmx1G, -Xms1G]
logstash | [INFO ] 2022-03-29 09:01:02.503 [main] settings - Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"}
logstash | [INFO ] 2022-03-29 09:01:02.508 [main] settings - Creating directory {:setting=>"path.dead_letter_queue", :path=>"/usr/share/logstash/data/dead_letter_queue"}
logstash | [INFO ] 2022-03-29 09:01:03.639 [LogStash::Runner] agent - No persistent UUID file found. Generating new UUID {:uuid=>"aff85f5e-5a8c-4460-95b3-7a1d0edfcea8", :path=>"/usr/share/logstash/data/uuid"}
logstash | [WARN ] 2022-03-29 09:01:07.068 [LogStash::Runner] pipelineregisterhook - Internal collectors option for Logstash monitoring is deprecated and targeted for removal in the next major version.
logstash | Please configure Metricbeat to monitor Logstash. Documentation can be found at:
logstash | https://www.elastic.co/guide/en/logstash/current/monitoring-with-metricbeat.html
logstash | [INFO ] 2022-03-29 09:01:08.226 [LogStash::Runner] licensereader - Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[https://elastic:xxxxxx@es01:9200/]}}
logstash | [WARN ] 2022-03-29 09:01:09.939 [LogStash::Runner] licensereader - Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://elastic:xxxxxx@es01:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'https://es01:9200/'"}
logstash | [ERROR] 2022-03-29 09:01:10.086 [LogStash::Runner] licensereader - Unable to retrieve license information from license server {:message=>"Got response code '401' contacting Elasticsearch at URL 'https://es01:9200/_xpack'"}
logstash | [ERROR] 2022-03-29 09:01:10.099 [LogStash::Runner] internalpipelinesource - Failed to fetch X-Pack information from Elasticsearch. This is likely due to failure to reach a live Elasticsearch cluster.
logstash | [INFO ] 2022-03-29 09:01:10.245 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600, :ssl_enabled=>false}
logstash | [INFO ] 2022-03-29 09:01:17.135 [Converge PipelineAction::Createpfelk
is configured with pipeline.ecs_compatibility: v8
setting. All plugins in this pipeline will default to ecs_compatibility => v8
unless explicitly configured otherwise.
logstash | [INFO ] 2022-03-29 09:01:19.851 [[pfelk]-pipeline-manager] elasticsearch - New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["https://es01:9200"]}
logstash | [INFO ] 2022-03-29 09:01:19.878 [[pfelk]-pipeline-manager] elasticsearch - Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[https://pfelk_logstash:xxxxxx@es01:9200/]}}
logstash | [WARN ] 2022-03-29 09:01:19.939 [[pfelk]-pipeline-manager] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://pfelk_logstash:xxxxxx@es01:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'https://es01:9200/'"}
logstash | [WARN ] 2022-03-29 09:01:19.943 [[pfelk]-pipeline-manager] elasticsearch - Elasticsearch Output configured with ecs_compatibility => v8
, which resolved to an UNRELEASED preview of version 8.0.0 of the Elastic Common Schema. Once ECS v8 and an updated release of this plugin are publicly available, you will need to update this plugin to resolve this warning.
logstash | [WARN ] 2022-03-29 09:01:19.944 [[pfelk]-pipeline-manager] grok - ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available, this plugin will need to be updated
logstash | [WARN ] 2022-03-29 09:01:25.005 [Ruby-0-Thread-10: /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.4.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:213] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://pfelk_logstash:xxxxxx@es01:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'https://es01:9200/'"}
logstash | [INFO ] 2022-03-29 09:01:25.811 [[pfelk]-pipeline-manager] downloadmanager - new database version detected? true
logstash | [WARN ] 2022-03-29 09:01:30.037 [Ruby-0-Thread-10: /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.4.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:213] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://pfelk_logstash:xxxxxx@es01:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'https://es01:9200/'"}
logstash | [WARN ] 2022-03-29 09:01:35.064 [Ruby-0-Thread-10: /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.4.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:213] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://pfelk_logstash:xxxxxx@es01:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'https://es01:9200/'"}
logstash | [INFO ] 2022-03-29 09:01:37.954 [[pfelk]-pipeline-manager] databasemanager - By not manually configuring a database path with database =>
, you accepted and agreed MaxMind EULA. For more details please visit https://www.maxmind.com/en/geolite2/eula
logstash | [INFO ] 2022-03-29 09:01:37.955 [[pfelk]-pipeline-manager] geoip - Using geoip database {:path=>"/usr/share/logstash/data/plugins/filters/geoip/1648544484/GeoLite2-ASN.mmdb"}
logstash | [WARN ] 2022-03-29 09:01:37.960 [[pfelk]-pipeline-manager] grok - ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available, this plugin will need to be updated
logstash | [INFO ] 2022-03-29 09:01:38.003 [[pfelk]-pipeline-manager] databasemanager - By not manually configuring a database path with database =>
, you accepted and agreed MaxMind EULA. For more details please visit https://www.maxmind.com/en/geolite2/eula
logstash | [INFO ] 2022-03-29 09:01:38.003 [[pfelk]-pipeline-manager] geoip - Using geoip database {:path=>"/usr/share/logstash/data/plugins/filters/geoip/1648544484/GeoLite2-City.mmdb"}
logstash | [WARN ] 2022-03-29 09:01:38.006 [[pfelk]-pipeline-manager] grok - ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available, this plugin will need to be updated
logstash | [WARN ] 2022-03-29 09:01:38.116 [[pfelk]-pipeline-manager] grok - ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available, this plugin will need to be updated
logstash | [WARN ] 2022-03-29 09:01:38.274 [[pfelk]-pipeline-manager] grok - ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available, this plugin will need to be updated
logstash | [INFO ] 2022-03-29 09:01:38.440 [[pfelk]-pipeline-manager] json - ECS compatibility is enabled but target
option was not specified. This may cause fields to be set at the top-level of the event where they are likely to clash with the Elastic Common Schema. It is recommended to set the target
option to avoid potential schema conflicts (if your data is ECS compliant or non-conflicting, feel free to ignore this message)
logstash | [WARN ] 2022-03-29 09:01:38.503 [[pfelk]-pipeline-manager] grok - ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available, this plugin will need to be updated
logstash | [WARN ] 2022-03-29 09:01:38.539 [[pfelk]-pipeline-manager] grok - ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available, this plugin will need to be updated
logstash | [INFO ] 2022-03-29 09:01:38.571 [[pfelk]-pipeline-manager] databasemanager - By not manually configuring a database path with database =>
, you accepted and agreed MaxMind EULA. For more details please visit https://www.maxmind.com/en/geolite2/eula
logstash | [INFO ] 2022-03-29 09:01:38.571 [[pfelk]-pipeline-manager] geoip - Using geoip database {:path=>"/usr/share/logstash/data/plugins/filters/geoip/1648544484/GeoLite2-City.mmdb"}
logstash | [WARN ] 2022-03-29 09:01:38.572 [[pfelk]-pipeline-manager] grok - ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available, this plugin will need to be updated
logstash | [WARN ] 2022-03-29 09:01:38.605 [[pfelk]-pipeline-manager] grok - ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available, this plugin will need to be updated
logstash | [WARN ] 2022-03-29 09:01:38.706 [[pfelk]-pipeline-manager] grok - ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available, this plugin will need to be updated
logstash | [WARN ] 2022-03-29 09:01:38.749 [[pfelk]-pipeline-manager] grok - ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available, this plugin will need to be updated
logstash | [WARN ] 2022-03-29 09:01:38.792 [[pfelk]-pipeline-manager] grok - ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available, this plugin will need to be updated
logstash | [INFO ] 2022-03-29 09:01:38.830 [[pfelk]-pipeline-manager] databasemanager - By not manually configuring a database path with database =>
, you accepted and agreed MaxMind EULA. For more details please visit https://www.maxmind.com/en/geolite2/eula
logstash | [INFO ] 2022-03-29 09:01:38.830 [[pfelk]-pipeline-manager] geoip - Using geoip database {:path=>"/usr/share/logstash/data/plugins/filters/geoip/1648544484/GeoLite2-ASN.mmdb"}
logstash | [WARN ] 2022-03-29 09:01:38.832 [[pfelk]-pipeline-manager] grok - ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available, this plugin will need to be updated
logstash | [INFO ] 2022-03-29 09:01:38.897 [[pfelk]-pipeline-manager] databasemanager - By not manually configuring a database path with database =>
, you accepted and agreed MaxMind EULA. For more details please visit https://www.maxmind.com/en/geolite2/eula
logstash | [INFO ] 2022-03-29 09:01:38.898 [[pfelk]-pipeline-manager] geoip - Using geoip database {:path=>"/usr/share/logstash/data/plugins/filters/geoip/1648544484/GeoLite2-City.mmdb"}
logstash | [INFO ] 2022-03-29 09:01:38.899 [[pfelk]-pipeline-manager] databasemanager - By not manually configuring a database path with database =>
, you accepted and agreed MaxMind EULA. For more details please visit https://www.maxmind.com/en/geolite2/eula
logstash | [INFO ] 2022-03-29 09:01:38.900 [[pfelk]-pipeline-manager] geoip - Using geoip database {:path=>"/usr/share/logstash/data/plugins/filters/geoip/1648544484/GeoLite2-ASN.mmdb"}
logstash | [WARN ] 2022-03-29 09:01:38.905 [[pfelk]-pipeline-manager] grok - ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available, this plugin will need to be updated
logstash | [WARN ] 2022-03-29 09:01:38.934 [[pfelk]-pipeline-manager] grok - ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available, this plugin will need to be updated
logstash | [WARN ] 2022-03-29 09:01:39.524 [[pfelk]-pipeline-manager] grok - ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available, this plugin will need to be updated
logstash | [WARN ] 2022-03-29 09:01:39.556 [[pfelk]-pipeline-manager] grok - ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available, this plugin will need to be updated
logstash | [INFO ] 2022-03-29 09:01:39.668 [[pfelk]-pipeline-manager] javapipeline - Starting pipeline {:pipeline_id=>"pfelk", "pipeline.workers"=>8, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>1000, "pipeline.sources"=>["/etc/pfelk/conf.d/01-inputs.pfelk", "/etc/pfelk/conf.d/05-apps.pfelk", "/etc/pfelk/conf.d/20-interfaces.pfelk", "/etc/pfelk/conf.d/30-geoip.pfelk", "/etc/pfelk/conf.d/37-enhanced_user_agent.pfelk", "/etc/pfelk/conf.d/38-enhanced_url.pfelk", "/etc/pfelk/conf.d/45-enhanced_private.pfelk", "/etc/pfelk/conf.d/49-cleanup.pfelk", "/etc/pfelk/conf.d/50-outputs.pfelk"], :thread=>"#<Thread:0x30adac0d@/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:129 run>"}
logstash | [WARN ] 2022-03-29 09:01:40.144 [Ruby-0-Thread-10: /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.4.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:213] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://pfelk_logstash:xxxxxx@es01:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'https://es01:9200/'"}
logstash | [WARN ] 2022-03-29 09:01:40.207 [Ruby-0-Thread-1: /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.4.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:213] licensereader - Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://elastic:xxxxxx@es01:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'https://es01:9200/'"}
logstash | [ERROR] 2022-03-29 09:01:40.462 [monitoring-license-manager] licensereader - Unable to retrieve license information from license server {:message=>"Got response code '401' contacting Elasticsearch at URL 'https://es01:9200/_xpack'"}
logstash | [WARN ] 2022-03-29 09:01:45.216 [Ruby-0-Thread-10: /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.4.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:213] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://pfelk_logstash:xxxxxx@es01:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'https://es01:9200/'"}
logstash | [INFO ] 2022-03-29 09:01:46.197 [[pfelk]-pipeline-manager] javapipeline - Pipeline Java execution initialization time {"seconds"=>6.53}
logstash | [INFO ] 2022-03-29 09:01:46.227 [[pfelk]-pipeline-manager] javapipeline - Pipeline started {"pipeline.id"=>"pfelk"}
logstash | [INFO ] 2022-03-29 09:01:46.235 [Ruby-0-Thread-31: /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-syslog-3.6.0/lib/logstash/inputs/syslog.rb:151] syslog - Starting syslog udp listener {:address=>"0.0.0.0:5140"}
logstash | [INFO ] 2022-03-29 09:01:46.235 [Ruby-0-Thread-32: /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-syslog-3.6.0/lib/logstash/inputs/syslog.rb:155] syslog - Starting syslog tcp listener {:address=>"0.0.0.0:5140"}
logstash | [INFO ] 2022-03-29 09:01:46.323 [Agent thread] agent - Pipelines running {:count=>1, :running_pipelines=>[:pfelk], :non_running_pipelines=>[]}
logstash | [WARN ] 2022-03-29 09:01:50.242 [Ruby-0-Thread-10: /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.4.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:213] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://pfelk_logstash:xxxxxx@es01:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'https://es01:9200/'"}
logstash | [WARN ] 2022-03-29 09:01:55.262 [Ruby-0-Thread-10: /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.4.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:213] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://pfelk_logstash:xxxxxx@es01:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'https://es01:9200/'"}
logstash | [WARN ] 2022-03-29 09:02:00.296 [Ruby-0-Thread-10: /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.4.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:213] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://pfelk_logstash:xxxxxx@es01:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'https://es01:9200/'"}
logstash | [WARN ] 2022-03-29 09:02:05.327 [Ruby-0-Thread-10: /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.4.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:213] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://pfelk_logstash:xxxxxx@es01:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'https://es01:9200/'"}
logstash | [WARN ] 2022-03-29 09:02:10.358 [Ruby-0-Thread-10: /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.4.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:213] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://pfelk_logstash:xxxxxx@es01:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'https://es01:9200/'"}
logstash | [ERROR] 2022-03-29 09:02:10.360 [monitoring-license-manager] licensereader - Unable to retrieve license information from license server {:message=>"Got response code '401' contacting Elasticsearch at URL 'https://es01:9200/_xpack'"}
Kibana Logs:
Attaching to kibana kibana | [2022-03-29T09:01:10.097+00:00][INFO ][plugins-service] Plugin "metricsEntities" is disabled. kibana | [2022-03-29T09:01:10.733+00:00][INFO ][http.server.Preboot] http server running at http://0.0.0.0:5601 kibana | [2022-03-29T09:01:10.942+00:00][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup] kibana | [2022-03-29T09:01:11.101+00:00][WARN ][config.deprecation] The default mechanism for Reporting privileges will work differently in future versions, which will affect the behavior of this cluster. Set "xpack.reporting.roles.enabled" to "false" to adopt the future behavior before upgrading. kibana | [2022-03-29T09:01:12.177+00:00][INFO ][plugins-system.standard] Setting up [112] plugins: [translations,licensing,globalSearch,globalSearchProviders,features,mapsEms,licenseApiGuard,usageCollection,taskManager,telemetryCollectionManager,telemetryCollectionXpack,kibanaUsageCollection,sharedUX,share,embeddable,uiActionsEnhanced,screenshotMode,screenshotting,banners,telemetry,newsfeed,fieldFormats,expressions,dataViews,charts,esUiShared,bfetch,data,savedObjects,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,customIntegrations,home,searchprofiler,painlessLab,grokdebugger,management,watcher,licenseManagement,advancedSettings,spaces,security,savedObjectsTagging,reporting,lists,fileUpload,ingestPipelines,encryptedSavedObjects,dataEnhanced,cloud,snapshotRestore,eventLog,actions,alerting,triggersActionsUi,transform,stackAlerts,ruleRegistry,savedObjectsManagement,console,controls,graph,fleet,indexManagement,remoteClusters,crossClusterReplication,indexLifecycleManagement,visualizations,canvas,visTypeXy,visTypeVislib,visTypeVega,visTypeTimeseries,rollup,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypeMetric,visTypeHeatmap,visTypeMarkdown,dashboard,maps,dashboardEnhanced,expressionTagcloud,expressionPie,visTypePie,expressionMetricVis,expressionHeatmap,expressionGauge,dataViewFieldEditor,lens,cases,timelines,discover,osquery,observability,discoverEnhanced,dataVisualizer,ml,uptime,securitySolution,infra,upgradeAssistant,monitoring,logstash,enterpriseSearch,apm,dataViewManagement] kibana | [2022-03-29T09:01:12.315+00:00][INFO ][plugins.taskManager] TaskManager is identified by the Kibana UUID: 8fec890a-9ec9-4ba3-b0d0-d70a0c4bb92d kibana | [2022-03-29T09:01:13.537+00:00][WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command. kibana | [2022-03-29T09:01:13.538+00:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended. kibana | [2022-03-29T09:01:13.622+00:00][WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command. kibana | [2022-03-29T09:01:13.624+00:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended. kibana | [2022-03-29T09:01:13.680+00:00][WARN ][plugins.reporting.config] Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command. kibana | [2022-03-29T09:01:13.683+00:00][WARN ][plugins.reporting.config] Found 'server.host: "0.0.0.0"' in Kibana configuration. Reporting is not able to use this as the Kibana server hostname. To enable PNG/PDF Reporting to work, 'xpack.reporting.kibanaServer.hostname: localhost' is automatically set in the configuration. You can prevent this message by adding 'xpack.reporting.kibanaServer.hostname: localhost' in kibana.yml. kibana | [2022-03-29T09:01:13.717+00:00][WARN ][plugins.encryptedSavedObjects] Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command. kibana | [2022-03-29T09:01:13.770+00:00][WARN ][plugins.actions] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command. kibana | [2022-03-29T09:01:13.824+00:00][WARN ][plugins.alerting] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command. kibana | [2022-03-29T09:01:13.928+00:00][INFO ][plugins.ruleRegistry] Installing common resources shared between all indices kibana | [2022-03-29T09:01:15.528+00:00][INFO ][plugins.screenshotting.config] Chromium sandbox provides an additional layer of protection, and is supported for Linux Ubuntu 20.04 OS. Automatically enabling Chromium sandbox. kibana | [2022-03-29T09:01:18.374+00:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. security_exception: [security_exception] Reason: missing authentication credentials for REST request [/_nodes?filter_path=nodes..version%2Cnodes..http.publish_address%2Cnodes.*.ip] kibana | [2022-03-29T09:01:25.826+00:00][INFO ][plugins.screenshotting.chromium] Browser executable: /usr/share/kibana/x-pack/plugins/screenshotting/chromium/headless_shell-linux_x64/headless_shell
Try to clear all the ES/Kibana state and re-launch, it could be that on the first time you ran it some of them got initialized with the wrong password/data.
It's the little things..."three little words" see you have already updated doco setting passwords in .env = issue resolved thanks for the prompt support
Thank you @a3ilson
Issue
docker-compose erroring out when instantiating container - error below tested on Ubuntu 20.04.4 LTS and 18.04.6 LTS VM - clean installs hypervisor XCPng 8.2 Docker version 20.10.7, build 20.10.7-0ubuntu5~18.04.3 docker-compose version 1.17.1, build unknown
looks like an issue bringing up interfaces
what am I missing here? Any assistance warmly rcvd.
Cheers...
error
Starting dockermain_setup_1 ... done
ERROR: for es01 Container "a38b229c83c2" is unhealthy. ERROR: Encountered errors while bringing up the project.
interfaces
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:5f:29:16:ae brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever 4: br-7b6c673229b7: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:2d:80:34:45 brd ff:ff:ff:ff:ff:ff inet 172.18.0.1/16 brd 172.18.255.255 scope global br-7b6c673229b7 valid_lft forever preferred_lft forever inet6 fe80::42:2dff:fe80:3445/64 scope link valid_lft forever preferred_lft forever
syslog
Mar 26 09:37:30 mrc-node-a5 kernel: [ 2150.140883] br-7b6c673229b7: port 1(veth1fe0cf8) entered blocking state Mar 26 09:37:30 mrc-node-a5 kernel: [ 2150.140884] br-7b6c673229b7: port 1(veth1fe0cf8) entered disabled state Mar 26 09:37:30 mrc-node-a5 kernel: [ 2150.141031] device veth1fe0cf8 entered promiscuous mode Mar 26 09:37:30 mrc-node-a5 systemd-udevd[17589]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable. Mar 26 09:37:30 mrc-node-a5 systemd-udevd[17589]: Could not generate persistent MAC address for veth23b82c5: No such file or directory Mar 26 09:37:30 mrc-node-a5 systemd-networkd[2630]: veth1fe0cf8: Link UP Mar 26 09:37:30 mrc-node-a5 systemd-timesyncd[2699]: Network configuration changed, trying to establish connection. Mar 26 09:37:30 mrc-node-a5 kernel: [ 2150.142612] IPv6: ADDRCONF(NETDEV_UP): veth1fe0cf8: link is not ready Mar 26 09:37:30 mrc-node-a5 networkd-dispatcher[1227]: WARNING:Unknown index 8 seen, reloading interface list Mar 26 09:37:30 mrc-node-a5 systemd-udevd[17591]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable. Mar 26 09:37:30 mrc-node-a5 systemd-udevd[17591]: Could not generate persistent MAC address for veth1fe0cf8: No such file or directory Mar 26 09:37:30 mrc-node-a5 dockerd[14398]: time="2022-03-26T09:37:30.501182725Z" level=info msg="No non-localhost DNS nameservers are left in resolv.conf. Using default external servers: [nameserver 8.8.8.8 nameserver 8.8.4.4]" Mar 26 09:37:30 mrc-node-a5 dockerd[14398]: time="2022-03-26T09:37:30.501619765Z" level=info msg="IPv6 enabled; Adding default IPv6 external servers: [nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844]" Mar 26 09:37:30 mrc-node-a5 containerd[13883]: time="2022-03-26T09:37:30.529884353Z" level=info msg="starting signal loop" namespace=moby path=/run/containerd/io.containerd.runtime.v2.task/moby/a38b229c83c27d75d3d70982f84665f4ef094667919c056c3793a9b90be712f2 pid=17612 Mar 26 09:37:30 mrc-node-a5 systemd-timesyncd[2699]: Synchronized to time server 91.189.89.199:123 (ntp.ubuntu.com). Mar 26 09:37:31 mrc-node-a5 systemd-timesyncd[2699]: Network configuration changed, trying to establish connection. Mar 26 09:37:31 mrc-node-a5 kernel: [ 2150.662400] eth0: renamed from veth23b82c5 Mar 26 09:37:31 mrc-node-a5 systemd-networkd[2630]: veth1fe0cf8: Gained carrier Mar 26 09:37:31 mrc-node-a5 systemd-networkd[2630]: br-7b6c673229b7: Gained carrier Mar 26 09:37:31 mrc-node-a5 kernel: [ 2150.680713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1fe0cf8: link becomes ready Mar 26 09:37:31 mrc-node-a5 kernel: [ 2150.680761] br-7b6c673229b7: port 1(veth1fe0cf8) entered blocking state Mar 26 09:37:31 mrc-node-a5 kernel: [ 2150.680764] br-7b6c673229b7: port 1(veth1fe0cf8) entered forwarding state Mar 26 09:37:31 mrc-node-a5 dockerd[14398]: time="2022-03-26T09:37:31.166589765Z" level=info msg="ignoring event" container=a38b229c83c27d75d3d70982f84665f4ef094667919c056c3793a9b90be712f2 module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete" Mar 26 09:37:31 mrc-node-a5 containerd[13883]: time="2022-03-26T09:37:31.166818308Z" level=info msg="shim disconnected" id=a38b229c83c27d75d3d70982f84665f4ef094667919c056c3793a9b90be712f2 Mar 26 09:37:31 mrc-node-a5 containerd[13883]: time="2022-03-26T09:37:31.166904591Z" level=warning msg="cleaning up after shim disconnected" id=a38b229c83c27d75d3d70982f84665f4ef094667919c056c3793a9b90be712f2 namespace=moby Mar 26 09:37:31 mrc-node-a5 containerd[13883]: time="2022-03-26T09:37:31.166929693Z" level=info msg="cleaning up dead shim" Mar 26 09:37:31 mrc-node-a5 containerd[13883]: time="2022-03-26T09:37:31.174186189Z" level=warning msg="cleanup warnings time=\"2022-03-26T09:37:31Z\" level=info msg=\"starting signal loop\" namespace=moby pid=17721\n" Mar 26 09:37:31 mrc-node-a5 systemd-networkd[2630]: veth1fe0cf8: Lost carrier Mar 26 09:37:31 mrc-node-a5 kernel: [ 2150.830830] br-7b6c673229b7: port 1(veth1fe0cf8) entered disabled state Mar 26 09:37:31 mrc-node-a5 kernel: [ 2150.831548] veth23b82c5: renamed from eth0 Mar 26 09:37:31 mrc-node-a5 systemd-udevd[17749]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable. Mar 26 09:37:31 mrc-node-a5 systemd-networkd[2630]: veth1fe0cf8: Link DOWN Mar 26 09:37:31 mrc-node-a5 kernel: [ 2150.860827] br-7b6c673229b7: port 1(veth1fe0cf8) entered disabled state Mar 26 09:37:31 mrc-node-a5 kernel: [ 2150.864005] device veth1fe0cf8 left promiscuous mode Mar 26 09:37:31 mrc-node-a5 kernel: [ 2150.864009] br-7b6c673229b7: port 1(veth1fe0cf8) entered disabled state Mar 26 09:37:31 mrc-node-a5 networkd-dispatcher[1227]: WARNING:Unknown index 7 seen, reloading interface list Mar 26 09:37:31 mrc-node-a5 networkd-dispatcher[1227]: ERROR:Unknown interface index 7 seen even after reload Mar 26 09:37:31 mrc-node-a5 systemd-timesyncd[2699]: Synchronized to time server 91.189.89.199:123 (ntp.ubuntu.com). Mar 26 09:37:31 mrc-node-a5 systemd-networkd[2630]: br-7b6c673229b7: Lost carrier Mar 26 09:37:31 mrc-node-a5 systemd-timesyncd[2699]: Network configuration changed, trying to establish connection. Mar 26 09:37:31 mrc-node-a5 systemd-timesyncd[2699]: Synchronized to time server 91.189.89.199:123 (ntp.ubuntu.com).