Hello,
after upgrading Elastic and Kibana to 8.7 i get reports from users that they are seeing this:
Combined with missing values in the control. If they type the value they are missing in the search field of the control, it shows up.
So i never set anything related to expensive queries. Up until now i did not know this setting exists and prior to the 8.7 Update, this has never happened.
Initially i did not notice it, because this only happens for users. With the superuser account, this warning is never shown.
So i did a quick research and checked
GET /_cluster/settings
Which resulted in
{
"persistent" : { },
"transient" : { }
}
}
So
"search.allow_expensive_queries"
was neither true nor false.
I used
PUT _cluster/settings
{
"transient": {
"search.allow_expensive_queries": "true"
}
}
and now
GET /_cluster/settings
returns
{
"persistent": {},
"transient": {
"search": {
"allow_expensive_queries": "true"
}
}
}
but i still get the warning and missing values with test accounts, that are not the superuser.
How do i fix this and why did it happen in the first place? This is another problem i have with 8.7. This release looks really unfinished and untested, which is usually not the case with elastic.
(Disable exists query in Kibana 8.7, Kibana 8.7 Control Sort)
Edit: This is the case for all controls for all dashboards. The fields are just normal keyword or number fields. No scripted or runtimefields or anything that would justify a problem with expensive queries.
Edit2: The problem is resolved for a user if he is given the "monitor" (or manage or all as they are supersets) cluster privilege. But what has that to do with any of this?
Best regards
Jonas