ServiceEntry not working

We recently implemented Istio 1.4.7 for our logging applications. Our AWS Elasticsearch instance is in a separate vpc. We found out that once we enabled the sidecars, we were unable to communicate with the Elasticsearch service, thus no log entries were being written to Elasticsearch. We ended up creating a ServiceEntry. After creating the ServiceEntry we are seeing logs being written, but using Kiali dashboard, we are not seeing the ServiceEntry on the graph. Instead we see a Passthroughcluster and about a 50/50 output of 200 and 4xx response codes. The ServiceEntry is as follows:

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: kibana
spec:
hosts:
vpc--elasticsearch--f89kxkdzilba.us-east-1.es.amazonaws.com
ports:
number: 443
name: https-port
protocol: HTTPS
resolution: DNS
location: MESH_EXTERNAL

Is there something else I need to setup to get the ServiceEntry to display on the dashboard and eliminate the 4xx errors? Thanks in advance for any help with this issue.

Update: Upgraded Kiali from 1.15.0 to 1.15.2 and now see the ServiceEntry show up on the graph. Would still like to understand why I’m seeing the Passthroughcluster and these 4xx errors.

So still trying to figure out these 4xx errors to the PassthroughCluster. A question that I hope someone can answer for me is the passthrough cluster resource trying to ping the ES vpc endpoint to make sure it is real and healthy? If so that would explain the 4xx (which I believe are 403 access denied errors). Our service uses a plugin to authorize request to the ES vpc endpoint. Not sure why Istio/Kiali is not recognizing that. Any suggestions to help reduce or eliminate these 4xx errors?