401 Unauthorized on /audit/events – Kibana Live Error Report from Somalia CRVS Deployment

**Reported by:** Somalia CRVS Technical Team — *Mohamed Hussein*
**Deployment Context:** National Production Instance (Live)  
**Monitoring Source:** Kibana / Elastic APM (Live Event Trace)  
**Screenshot:** *(Kibana screenshot attached below)*

<img width="1571" height="709" alt="image" src="https://github.com/user-attachments/assets/41c789ea-c566-4f74-b45c-1ea448e22dc3" />


### 🚨 Issue Summary

During live operations on the Somalia National CRVS instance, we detected repeated `401 Unauthorized` responses logged in **Kibana / Elastic APM**, specifically when the system attempts to retrieve user mobile number during the `/audit/events` API call.

---

### 🔍 Error Trace (as captured in Kibana APM)

relates to discussion [10741 ](https://github.com/opencrvs/opencrvs-core/discussions/10741)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

401 Unauthorized on /audit/events – Kibana Live Error Report from Somalia CRVS Deployment #10843

🚨 Issue Summary

🔍 Error Trace (as captured in Kibana APM)

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

401 Unauthorized on /audit/events – Kibana Live Error Report from Somalia CRVS Deployment #10843

Description

🚨 Issue Summary

🔍 Error Trace (as captured in Kibana APM)

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions