Please find below a 'heavily' cleanup log trace from load to failure:
{"type":"response","@timestamp":"2020-01-27T14:28:00Z","tags":[],"pid":6,"method":"get","statusCode":200,"req":{"url":"/login","method":"get","headers":{"host":"10.42.2.23:5601","user-agent":"kube-probe/1.15","accept-encoding":"gzip","connection":"close"},"remoteAddress":"10.102.20.196","userAgent":"10.102.20.196"},"res":{"statusCode":200,"responseTime":102,"contentLength":9},"message":"GET /login 200 102ms - 9.0B"}
{"type":"log","@timestamp":"2020-01-27T14:28:01Z","tags":["license","debug","xpack"],"pid":6,"message":"Calling [data] Elasticsearch _xpack API. Polling frequency: 30001"}
{"type":"log","@timestamp":"2020-01-27T14:28:02Z","tags":["debug","upgrade_assistant","reindex_worker"],"pid":6,"message":"Polling for reindex operations"}
{"type":"log","@timestamp":"2020-01-27T14:28:02Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Trying to authenticate user request to /api/interpreter/fns."}
{"type":"log","@timestamp":"2020-01-27T14:28:02Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Trying to authenticate via header."}
{"type":"log","@timestamp":"2020-01-27T14:28:02Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Authorization header is not presented."}
{"type":"log","@timestamp":"2020-01-27T14:28:02Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Trying to authenticate via state."}
{"type":"log","@timestamp":"2020-01-27T14:28:02Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Request has been authenticated via state."}
{"type":"log","@timestamp":"2020-01-27T14:28:05Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Trying to authenticate user request to /app/canvas."}
{"type":"log","@timestamp":"2020-01-27T14:28:05Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Trying to authenticate via header."}
{"type":"log","@timestamp":"2020-01-27T14:28:05Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Authorization header is not presented."}
{"type":"log","@timestamp":"2020-01-27T14:28:05Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Trying to authenticate via state."}
{"type":"log","@timestamp":"2020-01-27T14:28:05Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Request has been authenticated via state."}
{"type":"log","@timestamp":"2020-01-27T14:28:05Z","tags":["debug","plugins","spaces"],"pid":6,"message":"Verifying access to space \"customer\""}
{"type":"log","@timestamp":"2020-01-27T14:28:05Z","tags":["security","app-authorization","debug"],"pid":6,"message":"authorizing access to \"canvas\""}
{"type":"log","@timestamp":"2020-01-27T14:28:05Z","tags":["security","app-authorization","debug"],"pid":6,"message":"authorized for \"canvas\""}
{"type":"log","@timestamp":"2020-01-27T14:28:14Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Trying to authenticate user request to /api/canvas/workpad/workpad-fec09cf5-f945-4a74-89f0-9dad671ba96a."}
{"type":"log","@timestamp":"2020-01-27T14:28:14Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Trying to authenticate via header."}
{"type":"log","@timestamp":"2020-01-27T14:28:14Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Authorization header is not presented."}
{"type":"log","@timestamp":"2020-01-27T14:28:14Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Trying to authenticate via state."}
{"type":"log","@timestamp":"2020-01-27T14:28:14Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Trying to authenticate user request to /api/spaces/space."}
{"type":"log","@timestamp":"2020-01-27T14:28:14Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Trying to authenticate via header."}
{"type":"log","@timestamp":"2020-01-27T14:28:14Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Authorization header is not presented."}
{"type":"log","@timestamp":"2020-01-27T14:28:14Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Trying to authenticate via state."}
{"type":"log","@timestamp":"2020-01-27T14:28:14Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Request has been authenticated via state."}
{"type":"log","@timestamp":"2020-01-27T14:28:14Z","tags":["debug","plugins","spaces"],"pid":6,"message":"Inside GET /api/spaces/space"}
{"type":"log","@timestamp":"2020-01-27T14:28:14Z","tags":["debug","plugins","spaces"],"pid":6,"message":"Attempting to retrieve all spaces for any purpose"}
{"type":"response","@timestamp":"2020-01-27T14:28:14Z","tags":[],"pid":6,"method":"get","statusCode":200,"req":{"url":"/api/security/v1/me","method":"get","headers":{"host":"kibana.test.*************.com","x-request-id":"4e88b8c653e3ac4081fd2b2514762a8e","x-real-ip":"***","x-forwarded-for":"***","x-forwarded-host":"kibana.test.*************.com","x-forwarded-port":"443","x-forwarded-proto":"https","x-original-uri":"/s/customer/api/security/v1/me","x-scheme":"https","x-original-forwarded-for":"***","x-amzn-trace-id":"Root=1-5e2ef37e-a93f5ce0a872a64024178de0","accept":"application/json, text/plain, */*","kbn-version":"7.5.1","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","referer":"https://kibana.test.*************.com/s/customer/app/canvas","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9,nl;q=0.8,pt;q=0.7"},"remoteAddress":"10.102.20.196","userAgent":"10.102.20.196","referer":"https://kibana.test.*************.com/s/customer/app/canvas"},"res":{"statusCode":200,"responseTime":107,"contentLength":9},"message":"GET /api/security/v1/me 200 107ms - 9.0B"}
{"type":"log","@timestamp":"2020-01-27T14:28:14Z","tags":["debug","plugins","spaces"],"pid":6,"message":"SpacesClient.getAll(), using RBAC. Found 3 spaces"}
{"type":"log","@timestamp":"2020-01-27T14:28:14Z","tags":["debug","plugins","spaces"],"pid":6,"message":"SpacesClient.getAll(), authorized for 1 spaces, derived from ES privilege check: {\"customer\":{\"login:\":true},\"default\":{\"login:\":false},\"service-provider\":{\"login:\":false}}"}
{"type":"log","@timestamp":"2020-01-27T14:28:14Z","tags":["debug","plugins","spaces"],"pid":6,"message":"SpacesClient.getAll(), using RBAC. returning spaces: customer"}
{"type":"log","@timestamp":"2020-01-27T14:28:14Z","tags":["debug","plugins","spaces"],"pid":6,"message":"Retrieved 1 spaces for any purpose"}
{"type":"log","@timestamp":"2020-01-27T14:46:59Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Trying to authenticate user request to /api/interpreter/fns."}
{"type":"log","@timestamp":"2020-01-27T14:46:59Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Trying to authenticate via header."}
{"type":"log","@timestamp":"2020-01-27T14:46:59Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Authorization header is not presented."}
{"type":"log","@timestamp":"2020-01-27T14:46:59Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Trying to authenticate via state."}
{"type":"log","@timestamp":"2020-01-27T14:46:59Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Failed to authenticate request via state: [security_exception] token expired, with { header={ WWW-Authenticate=\"Bearer realm=\\\"security\\\", error=\\\"invalid_token\\\", error_description=\\\"The access token expired\\\"\" } }"}
{"type":"log","@timestamp":"2020-01-27T14:46:59Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Trying to refresh elasticsearch access token."}
{"type":"log","@timestamp":"2020-01-27T14:46:59Z","tags":["debug","plugins","security","tokens"],"pid":6,"message":"Access token has been successfully refreshed."}
{"type":"log","@timestamp":"2020-01-27T14:46:59Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Request has been authenticated via refreshed token."}
{"type":"response","@timestamp":"2020-01-27T14:47:00Z","tags":[],"pid":6,"method":"get","statusCode":200,"req":{"url":"/login","method":"get","headers":{"host":"10.42.2.23:5601","user-agent":"kube-probe/1.15","accept-encoding":"gzip","connection":"close"},"remoteAddress":"10.102.20.196","userAgent":"10.102.20.196"},"res":{"statusCode":200,"responseTime":105,"contentLength":9},"message":"GET /login 200 105ms - 9.0B"}
{"type":"log","@timestamp":"2020-01-27T14:47:03Z","tags":["license","debug","xpack"],"pid":6,"message":"Calling [data] Elasticsearch _xpack API. Polling frequency: 30001"}
{"type":"log","@timestamp":"2020-01-27T14:47:04Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Trying to authenticate user request to /api/interpreter/fns."}
{"type":"log","@timestamp":"2020-01-27T14:47:04Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Trying to authenticate via header."}
{"type":"log","@timestamp":"2020-01-27T14:47:04Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Authorization header is not presented."}
{"type":"log","@timestamp":"2020-01-27T14:47:04Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Trying to authenticate via state."}
{"type":"log","@timestamp":"2020-01-27T14:47:04Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Failed to authenticate request via state: [security_exception] token expired, with { header={ WWW-Authenticate=\"Bearer realm=\\\"security\\\", error=\\\"invalid_token\\\", error_description=\\\"The access token expired\\\"\" } }"}
{"type":"log","@timestamp":"2020-01-27T14:47:04Z","tags":["debug","plugins","security","oidc"],"pid":6,"message":"Trying to refresh elasticsearch access token."}
{"type":"log","@timestamp":"2020-01-27T14:47:04Z","tags":["debug","plugins","security","tokens"],"pid":6,"message":"Failed to refresh access token: invalid_grant"}
{"type":"log","@timestamp":"2020-01-27T14:47:04Z","tags":["debug","plugins","security","tokens"],"pid":6,"message":"Refresh token is either expired or already used."}
{"type":"log","@timestamp":"2020-01-27T14:47:04Z","tags":["info","plugins","security","authentication"],"pid":6,"message":"Authentication attempt failed: Both access and refresh tokens are expired."}