Receiving org.elasticsearch.action.search.SearchPhaseExecutionException: all shards failed after 7.17.1 to 8.2.3 upgrade

Receiving org.elasticsearch.action.search.SearchPhaseExecutionException: all shards failed after 7.17.1 to 8.2.3 upgrade. This is causing permission issues in accessing indexes in kibana and API using elastic user stating superuser doesn't have permissions. Cannot delete indexes and DataViews are giving errors.

Seeing this in the elasticsearch log.

org.elasticsearch.action.search.SearchPhaseExecutionException: all shards failed
        at org.elasticsearch.action.search.AbstractSearchAsyncAction.onPhaseFailure(AbstractSearchAsyncAction.java:729) [elasticsearch-8.3.2.jar:?]
        at org.elasticsearch.action.search.AbstractSearchAsyncAction.executeNextPhase(AbstractSearchAsyncAction.java:419) [elasticsearch-8.3.2.jar:?]
        at org.elasticsearch.action.search.AbstractSearchAsyncAction.onPhaseDone(AbstractSearchAsyncAction.java:761) [elasticsearch-8.3.2.jar:?]
        at org.elasticsearch.action.search.AbstractSearchAsyncAction.onShardFailure(AbstractSearchAsyncAction.java:513) [elasticsearch-8.3.2.jar:?]
        at org.elasticsearch.action.search.AbstractSearchAsyncAction$1.onFailure(AbstractSearchAsyncAction.java:350) [elasticsearch-8.3.2.jar:?]
        at org.elasticsearch.action.ActionListener$Delegating.onFailure(ActionListener.java:92) [elasticsearch-8.3.2.jar:?]
        at org.elasticsearch.action.ActionListenerResponseHandler.handleException(ActionListenerResponseHandler.java:48) [elasticsearch-8.3.2.jar:?]
        at org.elasticsearch.action.search.SearchTransportService$ConnectionCountingHandler.handleException(SearchTransportService.java:642) [elasticsearch-8.3.2.jar:?]
        at org.elasticsearch.transport.TransportService$UnregisterChildTransportResponseHandler.handleException(TransportService.java:1599) [elasticsearch-8.3.2.jar:?]
        at org.elasticsearch.transport.TransportService$ContextRestoreResponseHandler.handleException(TransportService.java:1339) [elasticsearch-8.3.2.jar:?]
        at org.elasticsearch.transport.TransportService$DirectResponseChannel.processException(TransportService.java:1461) [elasticsearch-8.3.2.jar:?]
        at org.elasticsearch.transport.TransportService$DirectResponseChannel.sendResponse(TransportService.java:1436) [elasticsearch-8.3.2.jar:?]
        at org.elasticsearch.transport.TaskTransportChannel.sendResponse(TaskTransportChannel.java:50) [elasticsearch-8.3.2.jar:?]
        at org.elasticsearch.action.support.ChannelActionListener.onFailure(ChannelActionListener.java:48) [elasticsearch-8.3.2.jar:?]
        at org.elasticsearch.action.ActionRunnable.onFailure(ActionRunnable.java:77) [elasticsearch-8.3.2.jar:?]
        at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.onFailure(ThreadContext.java:757) [elasticsearch-8.3.2.jar:?]
        at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:28) [elasticsearch-8.3.2.jar:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?]
        at java.lang.Thread.run(Thread.java:833) [?:?]

And getting this error in Kibana.

Error fetching fields for data view ,.alerts-security.alerts-default,apm-*-transaction*,auditbeat-*,filebeat-*,logs-*,packetbeat-*,traces-apm*,winlogbeat-* (ID: security-solution-default)
[object Object]: security_exception: [security_exception] Reason: action [indices:data/read/field_caps] is unauthorized for user [elastic] with roles [superuser], this action is granted by the index privileges [view_index_metadata,manage,read,all]
Error: [object Object]: security_exception: [security_exception] Reason: action [indices:data/read/field_caps] is unauthorized for user [elastic] with roles [superuser], this action is granted by the index privileges [view_index_metadata,manage,read,all]
    at https://elk.sgoc.local:5601/52239/bundles/plugin/dataViews/kibana/dataViews.plugin.js:1:38334
    at async data_views_service_public_DataViewsServicePublic.refreshFieldSpecMap (https://elk.sgoc.local:5601/52239/bundles/plugin/dataViews/kibana/dataViews.plugin.js:1:23084)
    at async data_views_service_public_DataViewsServicePublic.initFromSavedObject (https://elk.sgoc.local:5601/52239/bundles/plugin/dataViews/kibana/dataViews.plugin.js:1:24761)

Any help is much appreciated. Been searching and working on this issue for over a week.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.