Cannot add or update cross-cluster index pattern

Question

Cannot add or update cross-cluster index pattern

Closed this issue 4 years ago · 8 comments

fristedt commented 4 years ago

Kibana version: 7.10

Elasticsearch version: 7.10.2

Server OS version:

Browser version: Chrome Version 90.0.4430.93 (Official Build) (64-bit)

Browser OS version:

Original install method (e.g. download page, yum, from source, etc.):

Describe the bug: When we try to add an index pattern for cross-cluster search Kibana fails to find fields for the indices. The cross-cluster connection seems to work as we can see the indices dev:* when querying using the Kibana dev tools. The issue also seems to break previously added index patterns as we cannot update fields.

Steps to reproduce:

Set up cross-cluster connection using the Kibana and Elasticsearch versions provided
Attempt to add an index pattern för cross-cluster search (e.g. ccs:*)
Index pattern is created but no fields are found

Expected behavior:
Index pattern should be added with fields.

Screenshots (if relevant):

Errors in browser console (if relevant):

Request URL: https://example.com/_plugin/kibana/api/index_patterns/_fields_for_wildcard?pattern=dev%3Alogstash-*&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score
Request Method: GET
Status Code: 404 Not Found

Provide logs and/or server output (if relevant):

Any additional context:

Answer 1 · 2021-05-10T15:59:48.000Z

Pinging @elastic/kibana-app-services (Team:AppServices)

Answer 2 · 2021-05-11T01:28:32.000Z

What version is the remote cluster running?

Have you verified permissions on the remote cluster? In particular, verify that you have view_index_metadata access.

Answer 3 · 2021-05-11T07:09:01.000Z

@mattkime The remote cluster is running the same version of ES and Kibana as the local cluster, 7.10 and 7.10.2.

I think the permissions are valid as my user has role all_access in both the local and remote cluster. Also, the error is 404 which makes me think it's not a permission problem. 🤔 Do you have a way for me to verify?

Answer 4 · 2021-05-11T13:20:14.000Z

@fristedt I don't see all_access listed on https://www.elastic.co/guide/en/elasticsearch/reference/7.10/security-privileges.html

You can also try using the kibana dev tools to hit the resolve end point to verify that you have access - https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-resolve-index-api.html

Might also be worthwhile to upload a har file that captures the problem to make sure nothing else is being overlooked.

Answer 5 · 2021-05-12T11:51:33.000Z

Sorry, I guess all_access is the role name from Open Distro. But the actual security privilege should be valid as I can correctly hit the resolve endpoint using kibana dev tools.

The path that is making the invalid requests is /_plugin/kibana/app/management/kibana/indexPatterns. Does that fall under the umbrella of Kibana or Open Distro?

Answer 6 · 2021-05-12T14:01:57.000Z

Unfortunately I'm unable to help with the Open Distro version of ES and Kibana. I simply lack experience with them. At this point I'm unsure if the problem is unique to Open Distro or affects Elasticsearch and Kibana as well.

Answer 7 · 2021-05-18T08:06:30.000Z

Solved by an update to AWS Elasticsearch Service. Big thanks for the help! 👍

Answer 8 · 2021-06-09T07:57:33.000Z

@mattkime hi. Excuse you. I also encountered this problem. My information is as follows
error msg

# request
GET api/index_patterns/_fields_for_wildcard?pattern=tx%3Ahbase&meta_fields=_source

# respon
{"statusCode":400,"error":"Bad Request","message":"Bad Request"}

env and system

kibana: 7.8.1
elastic: 7.8.1
Linux  hostname 3.10.0-1160.11.1.el7.x86_64 #1 SMP Fri Dec 18 16:34:56 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux