OpenSearch Dashboard Notebook Creation Error

OpenSearch Dashboards
1

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

OpenSearch +Dashboard: 2.16.0
Running in K8S cluster: 1.29.3
OS: AlmaLinux 9.3

Describe the issue:

I want to create a Notebook in OpenSearch Dashboard but have this error:
Please ask your administrator to enable Notebooks for you.

I am not sure if I need to install Notebook plugin separately, or enable somewhere in the configuration file?

Update: I saw this error in the browser console:

Update Sample Notebook error{“error”:{“root_cause”:[{“type”:“strict_dynamic_mapping_exception”,“reason”:“mapping set to strict, dynamic introduction of [observability-notebook] within [_doc] is not allowed”}],“type”:“strict_dynamic_mapping_exception”,“reason”:“mapping set to strict, dynamic introduction of [observability-notebook] within [_doc] is not allowed”},“status”:400}

2

Hi @hungtp,

Looks like you do not have enough permissions to use the Notebook.
could you please share the output of:

curl --insecure -u <user_name>:<password> -XGET https://<OS_node>:9200/_plugins/_security/authinfo?pretty

best,
mj

3

Hi @Mantas,

thank you for reply.

My user is authenticated with OIDC and the backend role “logging-admin”, this backend role is also mapped to roles “all_access”, and “notebooks_full_access”.

Here is the output:

{
  "user": "User [name=hung.pham, backend_roles=[logging-admin], requestedTenant=ITD]",
  "user_name": "hung.pham",
  "user_requested_tenant": "ITD",
  "backend_roles": [
    "logging-admin"
  ],
  "custom_attribute_names": [
    "attr.jwt.auth_time",
    "attr.jwt.email_verified",
    "attr.jwt.preferred_username",
    "attr.jwt.user_status",
    "attr.jwt.given_name",
    "attr.jwt.aud",
    "attr.jwt.clogging_roles",
    "attr.jwt.provider",
    "attr.jwt.ua_hash",
    "attr.jwt.last_accessed_at",
    "attr.jwt.family_name",
    "attr.jwt.customFields",
    "attr.jwt.sub",
    "attr.jwt.iss",
    "attr.jwt.c_hash",
    "attr.jwt.roles",
    "attr.jwt.amr",
    "attr.jwt.updated_at",
    "attr.jwt.isub",
    "attr.jwt.at_hash",
    "attr.jwt.last_used_identity_id",
    "attr.jwt.sid",
    "attr.jwt.createdTime",
    "attr.jwt.scopes",
    "attr.jwt.exp",
    "attr.jwt.iat",
    "attr.jwt.jti",
    "attr.jwt.email"
  ],
  "roles": [
    "logging-admin",
    "own_index",
    "all_access",
    "notebooks_full_access"
  ],
  "tenants": {
    "ITD": true,
    "admin_tenant": true,
    "customers": true,
    "global_tenant": true
  },
  "principal": null,
  "peer_certificates": "0",
  "sso_logout_url": null
}

for more information, I saw this in the console:

Update Sample Notebook error{"error":{"root_cause":[{"type":"strict_dynamic_mapping_exception","reason":"mapping set to strict, dynamic introduction of [observability-notebook] within [_doc] is not allowed"}],"type":"strict_dynamic_mapping_exception","reason":"mapping set to strict, dynamic introduction of [observability-notebook] within [_doc] is not allowed"},"status":400}
4

Hi,

I found the solution.

Based on this error, {“error”:{“root_cause”:[{“type”:“strict_dynamic_mapping_exception”,“reason”:“mapping set to strict, dynamic introduction of [observability-notebook] within [_doc] is not allowed”}],“type”:“strict_dynamic_mapping_exception”,“reason”:“mapping set to strict, dynamic introduction of [observability-notebook] within [_doc] is not allowed”},“status”:400}

I checked and updated the mapping of .kibana index:
{
“dynamic”: “true”
}

and now it works.

1 Like
5

@hungtp, thanks for sharing the solution!