Discovery Search results causing runtime error

trouble · August 27, 2019, 1:12am

I have a dashboard that includes a discovery search widget. When i use the following permission, the widget doesnt show anything (and when there is no data - it doesnt even show emoji with the ‘No results found’ text either.

- name: "::Admin::"
  kibana_access: ro
  indices: [".kibana", "<FIRST PART OF INDEX NAME THAT IS COMMON FOR ALL INDEXES>-*"]
  kibana_hide_apps: ["readonlyrest_kbn", "timelion", "kibana:dev_tools", "kibana:management", "apm", "monitoring", "kibana:discover","kibana:visualize", "canvas", "apm", "infra:home", "infra:logs", "kibana:dev_tools", "kibana:management"]

And Kibana, i get a runtime error:

Error: Request to Elasticsearch failed: {“error”:{“root_cause”:[{“type”:“script_exception”,“reason”:“runtime error”,“script_stack”:[“org.elasticsearch.search.lookup.LeafDocLookup.get(LeafDocLookup.java:81)”,“org.elasticsearch.search.lookup.LeafDocLookup.get(LeafDocLookup.java:39)”,“doc[‘callid’].value”," ^---- HERE"],“script”:“doc[‘callid’].value”,“lang”:“painless”}],“type”:“search_phase_execution_exception”,“reason”:“all shards failed”,“phase”:“query”,“grouped”:true,“failed_shards”:[{“shard”:0,“index”:“-”,“node”:“v7YDGI8ZTX-kmMAuAUhTvQ”,“reason”:{“type”:“script_exception”,“reason”:“runtime error”,“script_stack”:[“org.elasticsearch.search.lookup.LeafDocLookup.get(LeafDocLookup.java:81)”,“org.elasticsearch.search.lookup.LeafDocLookup.get(LeafDocLookup.java:39)”,“doc[‘callid’].value”," ^---- HERE"],“script”:“doc[‘callid’].value”,“lang”:“painless”,“caused_by”:{“type”:“illegal_argument_exception”,“reason”:“No field found for [callid] in mapping with types ”}}}]},“status”:500}
at https://SERVER:5601/bundles/commons.bundle.js:19:183361
at Function.Promise.try (https://SERVER:5601/bundles/commons.bundle.js:3:1003954)
at https://SERVER:5601/bundles/commons.bundle.js:3:1003323
at Array.map ()
at Function.Promise.map (https://SERVER:5601/bundles/commons.bundle.js:3:1003281)
at callResponseHandlers (https://SERVER:5601/bundles/commons.bundle.js:19:182373)
at https://SERVER:5601/bundles/commons.bundle.js:19:164526
at processQueue (https://SERVER:5601/built_assets/dlls/vendors.bundle.dll.js:450:199687)
at https://SERVER:5601/built_assets/dlls/vendors.bundle.dll.js:450:200650
at Scope.$digest (https://SERVER:5601/built_assets/dlls/vendors.bundle.dll.js:450:210412)

If i remove the indices line from the config - it works fine, but i dont want the users to be able to see other indicies.

i thought i could even try adding in actions, such as this - but no luck

actions: ["indices:data/*", "indices:admin/*","indices:monitor/*","cluster:admin/*","cluster:monitor/*","internal:indices/*"]

I have even tried removing kibana_access, or even changing it to ‘admin’ - same thing.
We are not using multi-tenancy, so not sure what i need to do.

sscarduzio · August 29, 2019, 4:11am

this is an error in a Painless script within ES. The effects of the indices rule can be the rewrite of the target indices on the incoming request. Have you tried debugging the script?

trouble · August 30, 2019, 1:47am

No, where/how would i debug the script [i am not a coder though]?

trouble · August 30, 2019, 6:14am

Ohh I thinnk i know what you mean.

If i go to Management → Kibana → Index Patterns. For the index pattern, i have 2 ‘scripted fields’
One is scripted as: doc[‘callid’].value

Other is scripted as: doc[‘realtimeinsec’].value/60

I removed both these scripted fields, and it still doesnt work - and shows a login prompt, when i cancel it i see this:

SearchError: Unauthorized
at https://SERVER:5601/bundles/commons.bundle.js:20:383668
at processQueue (https://SERVER:5601/built_assets/dlls/vendors.bundle.dll.js:450:199687)
at https://SERVER:5601/built_assets/dlls/vendors.bundle.dll.js:450:200650
at Scope.$digest (https://SERVER:5601/built_assets/dlls/vendors.bundle.dll.js:450:210412)
at Scope.$apply (https://SERVER:5601/built_assets/dlls/vendors.bundle.dll.js:450:213219)
at done (https://SERVER:5601/built_assets/dlls/vendors.bundle.dll.js:450:132717)
at completeRequest (https://SERVER:5601/built_assets/dlls/vendors.bundle.dll.js:450:136329)
at XMLHttpRequest.requestLoaded (https://SERVER:5601/built_assets/dlls/vendors.bundle.dll.js:450:135225)

sscarduzio · August 30, 2019, 7:56am

does that correspond to another error in the elasticsearch.log? I.e. “forbidden” logline