elastic · tsullivan · Jan 24, 2025 · Jan 24, 2025 · Jan 24, 2025 · Jan 24, 2025
@@ -32,6 +32,13 @@ to enable the {kib} server to have screenshotting capabilities.
 * <<install-reporting-packages>>
 * <<set-reporting-server-host>>
 
+[float]
+[[reporting-elasticsearch-configuration]]
+=== Elasticsearch configuration
+Reporting relies on Elasticsearch to install a mapping template for the data stream that stores reports. Ensure that Elasticsearch allows built-in
+templates to be installed by keeping the `stack.templates.enabled` setting at the default value of `true`. For more information, see
+{ref}/index-management-settings.html#stack-templates-enabled[Index management settings].
+
 [float]
 [[grant-user-access]]
 === Grant users access to reporting

@@ -88,5 +88,14 @@ image::https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4758e67aa
 [[reporting-troubleshooting-csv-token-expired]]
 === Token expiration
 
-To avoid token expirations, use a type of authentication that doesn't expire (such as Basic auth) or run the export using scripts that query Elasticsearch directly.
-In a custom script, you have the ability to refresh the auth token as needed, such as once before each query.
+A relatively common type of error seen for CSV exports is: `security_exception Root causes: security_exception: token expired`.
+
+These happen in deployments that use token-based authentication (SAML tokens) when creating the CSV report takes longer than time allows with the authentication that is cached in report job details.
+
+The thing to note about this type of error is that the deployment is stable, it's just the size of a requested report is too large to complete within the time allowed by the authentication token available to the Reporting task.
+
+==== Avoiding token expiration
+
+* You can work around this error by creating smaller reports: instead of one report covering a large time range, create multiple reports that cover segmented time ranges.
+* Another workaround would be to increase `xpack.security.authc.token.timeout`, which is set to `20m` by default.
+* To avoid token expirations completely, use a type of authentication that doesn't expire (such as Basic auth) or run the export using scripts that query Elasticsearch directly.