Upgrade Elastic and Kibana from 7.17 to 8.7 - S

Hello,

We are in the process of migrating our Elasticsearch and Kibana from 7.17 to 8.7. We are facing an issue where after upgrading Elasticsearch works out fine but when starting Kibana we are seeing these errors.

"Action failed with 'security_exception Root cause security_exception action [indices: adamin/create] is unathorized for user [username] with effective roles superuser on restricted indices [.kibana_8.71_001] This action is granted by the index priviliges [create_index,manage,alll]' Retrying attempt "

Any idea what can be the issue ? Thankyou

Maybe the user that are writing not have the proper privileges?

Have you looked at the roles of this user to make sure they have the requirements;

User has the role as superuser, from what I found out these seem to be protected indexes and its not possible to have these permissions on them. What way can I grant the user "elastic" authorization on those indices ?

Superuser no longer has write permission to system indices (.kibana is one of them) in 8.x. For running kibana, the recommendation is to use either the dedicate kibana_system user or the elastic/kibana service account instead of the elastic user. These can be configured with either elasticsearch.username and elasticsearch.password or elasticsearch.serviceAccountToken.

Thanks a lot for your reply @Yang_Wang When I specified elastic.username and elastic.password for kibana_system. KIbana application still tried to access elastic via a user called "elasticdeploy" although this user is not specified in kibana.yml

try this. I remember I had same issue as well

use kibana_system inbuilt user in kibana.yml for example.

# less /etc/kibana/kibana.yml |grep kibana
elasticsearch.username: "kibana_system"
elasticsearch.password: "kibana_password"

if you do not know the password of this user setup like this

/usr/share/elasticsearch/bin/elasticsearch-reset-password -i -u kibana_system

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.