Kibana 7.11.0 with authentication is failing to connect to ES cluster

I have a Elastic Search set up with 2 nodes and running 7.11.0 version with TLS configured
I have kibana-7.11.0 installed in a docker image.
when I am trying to bring up the kibana, its is failing to connect to the ES cluster.

Have followed this approach for connecting to ES from kibana using TLS cert

Please find the logs from kibana and Elastic Search Servers

kibana

  log   [11:44:21.690] [warning][savedobjects-service] Unable to connect to Elasticsearch. Error: class_cast_exception
  log   [11:44:21.691] [fatal][root] ResponseError: class_cast_exception
    at onBody (/mnt1/kibana/kibana7/node_modules/@elastic/elasticsearch/lib/Transport.js:333:23)
    at IncomingMessage.onEnd (/mnt1/kibana/kibana7/node_modules/@elastic/elasticsearch/lib/Transport.js:260:11)
    at IncomingMessage.emit (events.js:327:22)
    at endReadableNT (internal/streams/readable.js:1327:12)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  meta: {
    body: { error: [Object], status: 500 },
    statusCode: 500,
    headers: {
      'content-type': 'application/json; charset=UTF-8',
      'content-length': '411'
    },
    meta: {
      context: null,
      request: [Object],
      name: 'elasticsearch-js',
      connection: [Object],
      attempts: 0,
      aborted: false
    }
  }
}

ElasticSearch logs

2021-07-05T09:14:00,351][WARN ][r.suppressed             ] [es-data-monitoring-es7] path: /.kibana_1, params: {index=.kibana_1}
java.lang.ClassCastException: class java.lang.String cannot be cast to class java.util.Map (java.lang.String and java.util.Map are in module java.base of loader 'bootstrap')
	at org.elasticsearch.action.admin.indices.create.CreateIndexRequest.source(CreateIndexRequest.java:395) ~[elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.rest.action.admin.indices.RestCreateIndexAction.prepareRequest(RestCreateIndexAction.java:61) ~[elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.rest.BaseRestHandler.handleRequest(BaseRestHandler.java:83) ~[elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.rest.SecurityRestFilter.lambda$handleRequest$0(SecurityRestFilter.java:86) ~[?:?]
	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:117) [elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.support.SecondaryAuthenticator.lambda$authenticateAndAttachToContext$2(SecondaryAuthenticator.java:83) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:117) [elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.support.SecondaryAuthenticator.authenticate(SecondaryAuthenticator.java:93) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.support.SecondaryAuthenticator.authenticateAndAttachToContext(SecondaryAuthenticator.java:78) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.rest.SecurityRestFilter.lambda$handleRequest$2(SecurityRestFilter.java:80) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:117) [elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$writeAuthToContext$24(AuthenticationService.java:692) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.writeAuthToContext(AuthenticationService.java:710) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.finishAuthentication(AuthenticationService.java:681) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.consumeUser(AuthenticationService.java:628) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$consumeToken$16(AuthenticationService.java:498) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:117) [elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:32) [elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.core.common.IteratingActionListener.onResponse(IteratingActionListener.java:121) [x-pack-core-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$consumeToken$13(AuthenticationService.java:464) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:117) [elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm.lambda$authenticateWithCache$1(CachingUsernamePasswordRealm.java:147) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:117) [elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm.handleCachedAuthentication(CachingUsernamePasswordRealm.java:198) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm.lambda$authenticateWithCache$2(CachingUsernamePasswordRealm.java:139) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:117) [elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.common.util.concurrent.ListenableFuture$1.doRun(ListenableFuture.java:101) [elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:26) [elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.common.util.concurrent.EsExecutors$DirectExecutorService.execute(EsExecutors.java:213) [elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.common.util.concurrent.ListenableFuture.notifyListener(ListenableFuture.java:95) [elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.common.util.concurrent.ListenableFuture.addListener(ListenableFuture.java:57) [elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm.authenticateWithCache(CachingUsernamePasswordRealm.java:134) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm.authenticate(CachingUsernamePasswordRealm.java:105) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$consumeToken$15(AuthenticationService.java:453) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.core.common.IteratingActionListener.run(IteratingActionListener.java:103) [x-pack-core-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.consumeToken(AuthenticationService.java:508) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$extractToken$11(AuthenticationService.java:420) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.extractToken(AuthenticationService.java:430) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$checkForApiKey$3(AuthenticationService.java:371) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:117) [elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.ApiKeyService.authenticateWithApiKeyIfPresent(ApiKeyService.java:374) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.checkForApiKey(AuthenticationService.java:352) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$authenticateAsync$0(AuthenticationService.java:334) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:117) [elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.TokenService.getAndValidateToken(TokenService.java:410) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$authenticateAsync$2(AuthenticationService.java:330) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$lookForExistingAuthentication$6(AuthenticationService.java:389) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lookForExistingAuthentication(AuthenticationService.java:400) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.authenticateAsync(AuthenticationService.java:325) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.access$000(AuthenticationService.java:266) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:146) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:131) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.xpack.security.rest.SecurityRestFilter.handleRequest(SecurityRestFilter.java:73) [x-pack-security-7.11.0.jar:7.11.0]
	at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:247) [elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.rest.RestController.tryAllHandlers(RestController.java:329) [elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:180) [elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.http.AbstractHttpServerTransport.dispatchRequest(AbstractHttpServerTransport.java:325) [elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.http.AbstractHttpServerTransport.handleIncomingRequest(AbstractHttpServerTransport.java:390) [elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.http.AbstractHttpServerTransport.incomingRequest(AbstractHttpServerTransport.java:307) [elasticsearch-7.11.0.jar:7.11.0]
	at org.elasticsearch.http.netty4.Netty4HttpRequestHandler.channelRead0(Netty4HttpRequestHandler.java:31) [transport-netty4-client-7.11.0.jar:7.11.0]
	at org.elasticsearch.http.netty4.Netty4HttpRequestHandler.channelRead0(Netty4HttpRequestHandler.java:17) [transport-netty4-client-7.11.0.jar:7.11.0]
	at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
	at org.elasticsearch.http.netty4.Netty4HttpPipeliningHandler.channelRead(Netty4HttpPipeliningHandler.java:47) [transport-netty4-client-7.11.0.jar:7.11.0]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
	at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) [netty-codec-4.1.49.Final.jar:4.1.49.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
	at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) [netty-codec-4.1.49.Final.jar:4.1.49.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.49.Final.jar:4.1.49.Final]

We're looking into this. I'm planning on reopening Kibana 7.5.2 is imcompatible with elasticsearch 7.5.2 · Issue #57117 · elastic/kibana · GitHub, but hoping to add more info.

If you get a chance, can you add elasticsearch.logQueries: true and logging.verbose: true to kibana.yml and attach logs around the error. There's a query failing and we're hoping to narrow it down. Also if it's possible, can you attach a sanitized version of your elasticsearch.yml and kibana.yml?

Hi Jon,

please find the files

kibana.yml

# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "0.0.0.0"

# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""

# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# This setting was effectively always `false` before Kibana 6.3 and will
# default to `true` starting in Kibana 7.0.
#server.rewriteBasePath: false

# The maximum payload size in bytes for incoming server requests.
server.maxPayloadBytes: 1073741824

# The Kibana server's name.  This is used for display purposes.
#server.name: "your-hostname"

# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["https://${ELASTICSEARCH_NODE}:8443"]

# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true

# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"

# The default application to load.
kibana.defaultAppId: "discover"

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "kibana-system"
elasticsearch.password: "${ELASTICSEARCH_PASSWORD}"

# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key

# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key

# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
elasticsearch.ssl.certificateAuthorities: /mnt1/kibana7/config/ca.crt

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
elasticsearch.ssl.verificationMode: certificate

# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
elasticsearch.requestTimeout: 3000000

# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]

# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000

# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
#elasticsearch.startupTimeout: 5000

# Logs queries sent to Elasticsearch. Requires logging.verbose set to true.
elasticsearch.logQueries: true

# Specifies the path where Kibana creates the process ID file.
#pid.file: /var/run/kibana.pid

# Enables you specify a file where Kibana stores log output.
logging.dest: stdout

# Set the value of this setting to true to suppress all logging output.
logging.silent: false

# Set the value of this setting to true to suppress all logging output other than error messages.
logging.quiet: false

# Set the value of this setting to true to log all events, including system usage information
# and all requests.
logging.verbose: true

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000

# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English - en , by default , Chinese - zh-CN .
#i18n.locale: "en"

elasticsearch.yml

cluster.name: spr-monitoring-es7
node.name: es-data-monitoring-es7-1
discovery.zen.minimum_master_nodes: 2
discovery.seed_hosts: ["xx.xx.xx.xx:9300","xx.xx.xx.xx:9300"]
cluster.initial_master_nodes: ["xx.xx.xx.xx:9300","xx.xx.xx.xx:9300"]
cluster.routing.allocation.awareness.force.zone.values: zone1,zone2
cluster.routing.allocation.awareness.attributes: zone
node.attr.zone: zone2
node.roles: [ master, data, remote_cluster_client ]
path.data: /mnt1/data/es
path.logs: /logs/es/
network.host: ["xx.xx.xx.xx", "_local_"]
network.publish_host: xx.xx.xx.xx
transport.tcp.port: 9300
http.port: 8443
bootstrap.memory_lock: true
http.cors.enabled: false
indices.query.bool.max_clause_count: 20480
cluster.routing.allocation.node_concurrent_recoveries: 3
thread_pool.search.queue_size: 1000
thread_pool.write.queue_size: 1000

indices.breaker.total.use_real_memory: false
indices.fielddata.cache.size : 2%
http.max_content_length: 1gb
http.max_chunk_size: 256kb
http.max_header_size: 256kb
http.max_initial_line_length: 512mb
search.max_open_scroll_context: 100000
search.max_buckets: 10000000
xpack.ml.enabled: false

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.certificate: server.crt
xpack.security.transport.ssl.key: server.key
xpack.security.transport.ssl.certificate_authorities: ["ca.crt"]
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.verification_mode: certificate
xpack.security.http.ssl.key: server.key
xpack.security.http.ssl.certificate: server.crt
xpack.watcher.enabled: false
xpack.monitoring.enabled: false
xpack.graph.enabled: false

while be sharing the log output with these options in next comment

  log   [12:32:34.106] [debug][licensing][plugins] Imported license information from Elasticsearch:type: basic | status: active | expiry date: Invalid date
  log   [12:32:34.410] [debug][data][elasticsearch][query] 200
GET /_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip
  log   [12:32:34.467] [info][savedobjects-service] Starting saved objects migrations
  log   [12:32:34.534] [debug][data][elasticsearch][query] 404
GET /.kibana
  log   [12:32:34.548] [debug][data][elasticsearch][query] 404
GET /.kibana_task_manager
  log   [12:32:34.555] [debug][data][elasticsearch][query] 404
GET /.kibana
  log   [12:32:34.558] [debug][data][elasticsearch][query] 404
GET /.kibana_task_manager
  log   [12:32:34.558] [info][savedobjects-service] Creating index .kibana_task_manager_1.
  log   [12:32:34.576] [debug][data][elasticsearch][query] 200
GET /_cat/templates/kibana_index_template*?format=json
  log   [12:32:34.576] [info][savedobjects-service] Creating index .kibana_1.
  log   [12:32:34.593] [error][data][elasticsearch] 500
PUT /.kibana_task_manager_1
{"mappings":{"dynamic":"strict","properties":{"migrationVersion":{"dynamic":"true","type":"object"},"type":{"type":"keyword"},"namespace":{"type":"keyword"},"namespaces":{"type":"keyword"},"originId":{"type":"keyword"},"updated_at":{"type":"date"},"references":{"type":"nested","properties":{"name":{"type":"keyword"},"type":{"type":"keyword"},"id":{"type":"keyword"}}},"task":{"properties":{"taskType":{"type":"keyword"},"scheduledAt":{"type":"date"},"runAt":{"type":"date"},"startedAt":{"type":"date"},"retryAt":{"type":"date"},"schedule":{"properties":{"interval":{"type":"keyword"}}},"attempts":{"type":"integer"},"status":{"type":"keyword"},"params":{"type":"text"},"state":{"type":"text"},"user":{"type":"keyword"},"scope":{"type":"keyword"},"ownerId":{"type":"keyword"}}}},"_meta":{"migrationMappingPropertyHashes":{"migrationVersion":"4a1746014a75ade3a714e1db5763276f","type":"2f4316de49999235636386fe51dc06c1","namespace":"2f4316de49999235636386fe51dc06c1","namespaces":"2f4316de49999235636386fe51dc06c1","originId":"2f4316de49999235636386fe51dc06c1","updated_at":"00da57df13e94e9d98437d13ace4bfe0","references":"7997cf5a56cc02bdc9c93361bde732b0","task":"235412e52d09e7165fac8a67a43ad6b4"}}},"settings":{"number_of_shards":1,"auto_expand_replicas":"0-1"}} [class_cast_exception]: class java.lang.String cannot be cast to class java.util.Map (java.lang.String and java.util.Map are in module java.base of loader 'bootstrap')
  log   [12:32:34.594] [warning][savedobjects-service] Unable to connect to Elasticsearch. Error: class_cast_exception
  log   [12:32:34.595] [debug][root] shutting root down
log   [12:32:34.596] [fatal][root] ResponseError: class_cast_exception
    at onBody (/mnt1/kibana7/node_modules/@elastic/elasticsearch/lib/Transport.js:333:23)
    at IncomingMessage.onEnd (/mnt1/kibana7/node_modules/@elastic/elasticsearch/lib/Transport.js:260:11)
    at IncomingMessage.emit (events.js:327:22)
    at endReadableNT (internal/streams/readable.js:1327:12)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  meta: {
    body: { error: [Object], status: 500 },
    statusCode: 500,
    headers: {
      'content-type': 'application/json; charset=UTF-8',
      'content-length': '411'
    },
    meta: {
      context: null,
      request: [Object],
      name: 'elasticsearch-js',
      connection: [Object],
      attempts: 0,
      aborted: false
    }
  }
}
  log   [12:32:34.600] [debug][server] stopping server
  log   [12:32:34.601] [debug][legacy-service] stopping legacy service
  log   [12:32:34.601] [debug][plugins-service] Stopping plugins service
  log   [12:32:34.601] [info][plugins-system] Stopping all plugins.
  log   [12:32:34.602] [debug][plugins-system] Stopping plugin "translations"...
  log   [12:32:34.602] [debug][plugins-system] Stopping plugin "apm"...
  log   [12:32:34.602] [debug][plugins-system] Stopping plugin "case"...
  log   [12:32:34.602] [debug][case][plugins] Stopping Case Workflow
  log   [12:32:34.602] [debug][plugins-system] Stopping plugin "securitySolution"...
  log   [12:32:34.603] [debug][plugins][securitySolution] Stopping plugin
  log   [12:32:34.603] [debug][plugins-system] Stopping plugin "maps"...
  log   [12:32:34.603] [debug][plugins-system] Stopping plugin "fileUpload"...
  log   [12:32:34.603] [debug][plugins-system] Stopping plugin "uptime"...
  log   [12:32:34.604] [debug][plugins-system] Stopping plugin "logstash"...
  log   [12:32:34.604] [debug][plugins-system] Stopping plugin "monitoring"...
  log   [12:32:34.606] [info][kibana-monitoring][monitoring][monitoring][plugins] Monitoring stats collection is stopped
  log   [12:32:34.606] [debug][plugins-system] Stopping plugin "infra"...
  log   [12:32:34.607] [debug][plugins-system] Stopping plugin "stackAlerts"...
  log   [12:32:34.607] [debug][plugins-system] Stopping plugin "triggersActionsUi"...
  log   [12:32:34.607] [debug][plugins-system] Stopping plugin "alerts"...
  log   [12:32:34.607] [debug][plugins-system] Stopping plugin "actions"...
  log   [12:32:34.608] [debug][plugins-system] Stopping plugin "eventLog"...
  log   [12:32:34.608] [debug][eventLog][plugins] stopping plugin
  log   [12:32:34.610] [debug][eventLog][plugins] shutdown: waiting to finish
  log   [12:32:34.612] [error][data][elasticsearch] 500

not able to paste the entire output of PUT ./kibana_1 query log, is there anyother way I can share this.

I have a similar issue. Is there a workaround by deleting .kibana_1

@jbudz do we have any update on this,
tried the same on 7.7.0 cluster with 7.7.0 kibana version, still facing same issue.

My issue was with the upgrade elasticsearch complaining about too many shards per node but the error message from kibana was "Unable to connect" which was very confusing.