How to see Elasticsearch logs in Orchestrator if 403 Error is received when access the Elasticsearch?
Issue Description: Users accessing the https://: where Elasticsearch authentication is required are encountering a 403 error.
Background:
If Elasticsearch is secured with username/password, the user must have sufficient rights to access (read/ write) the indices named . Two scenarios in particular are executed whenever the Logs in the Robots/Jobs section of Orchestrator are accessed.
For the logs viewed from the Robots page (default filters/paging), if following is required,
Orchestrator request to get log count:
- GET /odata/RobotLogs/UiPath.Server.Configuration.OData.GetTotalCount?$filter=(TimeStamp gt and RobotName eq '')&$orderby=TimeStamp desc&$top=10
Corresponding ES request:
POST /-*/logEvent/_count
with JSON body:
{
"query": {
"bool": {
"must": [{
"match_all": {}
}
],
"filter": [{
"range": {
"timeStamp": {
"gt": ""
}
}
}, {
"term": {
"robotName.keyword": {
"value": ""
}
}
}
]
}
}
Orchestrator request to search for the logs:
- GET /odata/RobotLogs?$filter=(TimeStamp gt and RobotName eq 'robot name')&$orderby=TimeStamp desc&$top=10
Corresponding ES request:
POST /-%2A/logEvent/_search
with JSON body:
{
"size": 10,
"sort": [{
"timeStamp": {
"order": "desc"
}
}
],
"query": {
"bool": {
"must": [{
"match_all": {}
}
],
"filter": [{
"range": {
"timeStamp": {
"gt": ""
}
}
}, {
"term": {
"robotName.keyword": {
"value": ""
}
}
}
]
}
}
}
For the logs viewed from the Jobs page (default filters/paging), there are two requests to the Orchestrator server as well, each with a different request to the ES server:
Orchestrator request:
- GET /odata/RobotLogs/UiPath.Server.Configuration.OData.GetTotalCount?$filter=(JobKey eq 'job key')&$orderby=TimeStamp desc&$top=10
Corresponding ES request:
POST /-%2A/logEvent/_count
with JSON body:
{
"query": {
"bool": {
"must": [{
"match_all": {}
}
],
"filter": [{
"term": {
"jobId.keyword": {
"value": ""
}
}
}
]
}
}
}
Orchestrator request:
- GET /odata/RobotLogs?$filter=(JobKey eq )&$orderby=TimeStamp desc&$top=10
Corresponding ES request:
POST /-%2A/logEvent/_search
with JSON body:
{
"size": 10,
"sort": [{
"timeStamp": {
"order": "desc"
}
}
],
"query": {
"bool": {
"must": [{
"match_all": {}
}
],
"filter": [{
"term": {
"jobId.keyword": {
"value": ""
}
}
}
]
}
}
}
Symptoms
Accessing the https://: in the browser and authenticating produces a 403 error.
Or
Turning on the NLog Debugging generates a 403 in the NLog debug logs.
2019-01-14 13:13:10.3460 Error Failed to send log messages to elasticsearch: status=403, message="One or more errors occurred."
2019-01-14 13:13:10.3460 Error Error while sending log messages to elasticsearch: message="One or more errors occurred."
2019-01-14 13:13:10.9295 Debug Targets for UiPath.Web.Controllers.HomeController by level:
Resolution
The user needs to be granted sufficient access to perform the above queries on the indices by the team managing the ElasticSearch application.
ashokkarale
MD_Farhan1
Ajay_Mishra
postwick
Dheerendra_vishwakarma
Anil_G
chandreshsinh.jadeja
Gautham_Pattabiraman
vrdabberu
aravindbalineni123