Jatan, Can you confirm the following were run as asked from the prior bz? from one of the ES nodes: es_util --query="_flush/synced" -XPOST es_util --query=".kibana_1" -XDELETE es_util --query=".security" -XDELETE es_util --query="_flush/synced" -XPOST then from the cli: oc delete pods -l component=elasticsearch -n openshift-logging The cluster looks to have agreed on an elected master but I still saw errors about users not having permissions. I did see the following in the elasticsearch proxy... level=info msg="Error processing request in handler authorization: Unable to determine username" This can be caused by token being expired. Can you try deleting the user's cookie or browsing from an incognito browser? https://github.com/openshift/elasticsearch-proxy/pull/47 should end up providing a better UX in the future around this.
Hello Eric, Thanks for the help on this bugzilla, Just to keep the bugzilla updated with the workaround for now until the bugzilla is been included in an errata, We saw that when we hit kibana status page we could see http 400 message with the bytes reported to be not allowed where we saw default of 8kb. We changed the elasticsearch CR to unmanaged initially # oc edit elasticsearch elasticsearch -n openshift-logging Setting it to unmanaged, we moved to the configmaps in the openshift-logging namespace, # oc edit cm elasticsearch -n openshift-logging // added the following line, http.max_header_size: 16kb Once that is done we need to probably restart the elasticsearch so that the new pods run with updated config, # oc delete pod -l component=elasticsearch Wait for the new pods and then check if we can clear the cookies and then access the kibana status page. It should show you the index management page and then once the index pattern is setup you should be able to see the kibanaUI page. Thanks.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6.1 extras update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4198