You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Suman B N (Jira)" <ji...@apache.org> on 2022/10/03 07:52:00 UTC
[jira] [Created] (RANGER-3938) Unable to access audit logs from an elasticsearch alias
Suman B N created RANGER-3938:
---------------------------------
Summary: Unable to access audit logs from an elasticsearch alias
Key: RANGER-3938
URL: https://issues.apache.org/jira/browse/RANGER-3938
Project: Ranger
Issue Type: Bug
Components: audit
Reporter: Suman B N
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if there are 2 or more indices for an alias then audit API doesn't work. Because while fetching the records, ranger uses multi get request on an alias.
It results in below error:
```
Alias [alias-name] has more than one indices associated with it [[index-000002, index-000001]], can't execute a single index op
```
[Code snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
```
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
```
So there can be 2 possible approaches to resolve this:
- Approach 1(Quick and fast):
Use `hit.getIndex()` instead of index(in this case its has alias) for a MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.
- Approach 2(Change the MultiGet to search):
```
POST /_search
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
```
This would be a recommended approach.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)