0

I am getting the below Warning messages for every query that is sent from the Spring Boot API and would like to remove it from the Logs.

2022-08-17 12:41:31.123 WARN 61390 --- [nio-9002-exec-2] org.elasticsearch.client.RestClient : request [POST http://localhost:9200/_search?typed_keys=true&max_concurrent_shard_requests=5&ignore_unavailable=false&expand_wildcards=open&allow_no_indices=true&ignore_throttled=true&search_type=query_then_fetch&batched_reduce_size=512&ccs_minimize_roundtrips=true] returned 1 warnings: [299 Elasticsearch-7.14.1-66b55ebfa59c92c15 "Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/7.14/security-minimal-setup.html to enable security."]

I am using the RestHighLevelClient. According to Elasticsearch, this can be solved by migrating to The Elasticsearch Java API Client that they recently introduced. However, this would take a long time for us make that kind of change.

The Elasticsearch version is 7.14.1 and unfortunately, we can not upgrade this.

I was wondering if there is a simpler solution to this problem.

Improve this question

2 Answers 2

Reset to default
0

This warning are coming because you have not enable security for elasticsearch cluster and anyone can access your elasticsearch cluster using URL. You can enable basic authentication to your elasticsearch cluster to remove this warning.

Please check this documentation for how to enable security for your elasticsearch cluster.

Also, once you enable security, you can use below code to pass authentication details to Java High Level client for connecting to secure elasticsearch cluster.

RestClientBuilder builder = RestClient.builder(new HttpHost(hostname, port)); CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(elasticUserName, password)); builder.setHttpClientConfigCallback(httpClientBuilder -> { httpClientBuilder.disableAuthCaching(); return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider); }); RestHighLevelClient restHighLevelClient = new RestHighLevelClient(builder);
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you for your message. Is there any other way without installing Kibana and configuring a bunch of stuff? For example, disabling the Warn messages on the API side?
You not need to install Kibana here. You can just update elasticsearch.yml file with xpack.security.enabled: true and generate password with ./bin/elasticsearch-setup-passwords auto and use that password for default elastic user login. You can just follow link i have given in my answer.
0

I solved the issue simply by adding the options to the .properties for the Logback as below;

logging.level.root=ERROR logging.level.org.springframework.web=DEBUG logging.level.org.hibernate=ERROR

Thanks for the top answer on this post.

Improve this answer

4 Comments

You will not get other WARN level message related to elasticsearch and this is not right approach to fix the warning. You need to enable security in elasticsearch to fix warning.
This is just stopping WARN prining in your log message but still your elasticsearch cluster in unsecure.
And that is exactly what I wanted. Remove them. I was looking for the simplest solution as I indicated in the question. Thanks.
Ok. this will remove this warning and all other as well. So if something goes wrong then you will not able to trace that. Also, If you are using in production then it is not recomndate to use elasticsearch without security.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.