Good morning,
I recently integrated the Crowdstrike FDR stream into my Elastic instance. The integration includes a premade dashboard called [Crowdstrike] FDR Overview. When I load the dashboard up, the data is populated as it should. However, sections of the dashboard load up with the following error:
Request error: security_exception, unable to authenticate user [] for REST request [/logs-*/_async_search?batched_reduce_size=64&wait_for_completion_timeout=100ms&keep_on_completion=true&keep_alive=604800000ms&ignore_unavailable=true&preference=1694609314833]
Every time I refresh or load the dashboard, a different panel will have this error. For example, there is a panel titled Top DNS Queries. It will sometimes load the list as normal but sometimes throw this error. I have yet to load the dashboard and have all panels populate data at the same time, at least one throws the error above.
I tried to search for the error but I could not find any reference that would tell me why the error was being thrown. If my creds were incorrect, then it shouldn't be loading any data so I am assuming there is another reason this is happening.
Does anyone have experience with this or know why this is happening? Any ideas where I might be able to find REST settings to do some troubleshooting? Thanks!