Async Search Issue: FORBIDDEN/8/index write (api)

Elastic Stack Elasticsearch
1

Since upgrading our cluster from 7.6 to 7.8 we are experiencing problems with kibana. We are using elasticsearch for our central logging, we have a logstash index for every single day. If I do a empty kibana search (using no search term in discover) within a daily index everything works fine. But as soon as I am choosing a time range which is including indexes older than the current day, the following error message appears:

[cluster_block_exception] index [.async-search] blocked by: [FORBIDDEN/8/index write (api)];

This is only occuring in kibana AND only if I am doing a search without using any term. For example by clicking on the discover tab and choosing "last 24 hours".

I've already tried to set

PUT _all/_settings
{ "index": { "blocks": { "write": "false" } } }

unfortunately without success. If I am using a search query like "test" everything works fine.

2

Ok, it seems like that is an privileges issue. If I try a async search directly via Dev Tools I get the following error:

{
  "error" : {
    "root_cause" : [
      {
        "type" : "cluster_block_exception",
        "reason" : "index [.async-search] blocked by: [FORBIDDEN/8/index write (api)];"
      }
    ],
    "type" : "cluster_block_exception",
    "reason" : "index [.async-search] blocked by: [FORBIDDEN/8/index write (api)];"
  },
  "status" : 403
}

But i definitley have every privilege possible?

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.