Yesterday we’ve upgraded our production Elastic cluster to version 8.14.3.
Shortly after the upgrade, users reported that searches and visualizations in Kibana are resulting in a error when they take longer than a few seconds.
Looking in our Elasticsearch server logs we’ve discovered following missing privileges messages:
### No cluster privileges for cluster:monitor/async_search/status (org.elasticsearch.xpack.core.async.GetAsyncStatusRequest)
User: User <USER>> [backend_roles=[...] requestedTenant=<TENANT>]
Roles: [SGS_KIBANA_USER_NO_GLOBAL_TENANT, ...]
Status: INSUFFICIENT
Evaluated Privileges:
_/cluster:monitor/async_search/status: MISSING
With a quick look into the Kibana release notes for 8.14.0 we’ve discovered following change:
Management
Kibana now uses Elasticsearch’s _async_search/status/{id} endpoint (instead of _async_search/{id}) when polling on search requests to improve performance.(#178921).
The change is documented in the linked GitHub pull request:
We’ve manually added the new cluster:monitor/async_search/status privilege to our SG role definitions, however I think this should be added into default SGS_KIBANA_USER… roles.