I am tring to configure kibana but I get flowing error
Couldn't configure Elastic Retry or update the kibana.yml file manually.
this is my /etc/kibana/kibana.yml
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601
server.host: '127.0.0.1'
kibana.index: ".kibana"
elasticsearch.username: "user"
#elasticsearch.password: "pass"
xpack.encryptedSavedObjects.encryptionKey: 706c88e045c127e21b81c902425cdb54
xpack.reporting.encryptionKey: d67296d7d4958bdd1594e965e6b97ab9
xpack.security.encryptionKey: d496d7cb6a5983c213f7902767069744
xpack.encryptedSavedObjects.encryptionKey: 706c88e045c127e21b81c902425cdb54
xpack.reporting.encryptionKey: d67296d7d4958bdd1594e965e6b97ab9
xpack.security.encryptionKey: d496d7cb6a5983c213f7902767069744
how can I fix this error???
pleas help me!!!!
I'm tried to follow this guideline for installing ELK on Centos 8 (on top of one AWS cluster).
After installing elastic and kibana, the kibana startup failed with:
*"message":"License information could not be obtained from Elasticsearch
I googled it, and realized I should use OSS version (latest is 7.10.2)
so make sure to install only OSS version. you can use this guideline
after that, I got new error from kibana.log
-08T07:19:32Z","tags":["error","savedobjects-service"],"pid":62767,"message":"Unable to retrieve version information from Elasticsearch nodes."}
I tried to google it, but no solution worked for me.
my kibana.yaml:
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: "[my public AWS instance ip:9200]"
my elasticsearch.yaml:
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: "[my private AWS instance ip]"
cluster.initial_master_nodes: "[my private AWS instance ip]"
Update:
If I'm changing this line in kibana.yaml file to:
elasticsearch.hosts: "http://localhost:9200"
Then it works. what is the root cause? why it can't access elastic public IP but only local?
Per #leandrojmp comment, the issue was indeed with the public IP in elasticsearch.hosts. Once I replaced it to my private ip, it works
also:
When installing the Elastic Stack, you must use the same version across the entire stack. For example, if you are using Elasticsearch 7.9.3, you install Beats 7.9.3, APM Server 7.9.3, Elasticsearch Hadoop 7.9.3, Kibana 7.9.3, and Logstash 7.9.3.
Using docker, I had to specify the elasticsearch.hosts as an environment variable: -e "ELASTICSEARCH_HOSTS=http://localhost:9200", so:
docker run -p 5601:5601 -e "ELASTICSEARCH_HOSTS=http://localhost:9200" arm64v8/kibana:7.16.3
Set elasticsearch.hosts ipaddress as local system's host ipaddress in kibana.yml file. Also you need to mount local kibana.yml file while running docker container.
docker run -d --name kibana -p 5601:5601 -v /home/users/mySystemUserName/config/kibana.yml:/opt/kibana/config/kibana.yml kibana:7.16.3
Add the below configs in
kibana.yml
server.name: kibana
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: [ "http://192.168.0.102:9200" ]
I've got a self-hosted Elasticsearch + Kibana environment that I'm trying to add Elasticsearch Enterprise/App Search to.
While trying to start up Elasticsearch Enterprise/App Search I'm getting the below error:
Elasticsearch API key service must be enabled. It is enabled automatically when you configure Elasticsearch to use TLS on the HTTP interface.
Alternatively, you can explicitly enable the setting within Elasticsearch by opening config/elasticsearch.yml and adding:
xpack.security.authc.api_key.enabled: true
I have added that setting and am still getting the error upon startup.
Here are the properties I modified in the elasticsearch.yml
xpac.security.enabled true
#xpack.security.audit.logfile.events.emit_request_body: true
discovery.type: single-node
xpack.security.authc.api_key.enabled: true
xpack:
security:
authc:
realms:
native:
native1:
order: 0
I just setup my xpack in elasticsearch 7.1.0
as below in elasticsearch.yml:
xpack.security.enabled: true
discovery.type: single-node
in my elasticsearch.yml
Then, i ran
>elasticsearch-setup-passwords interactive
and changed all my built-in user passwords.
this is the change i made in Kibana.yml
xpack.security.enabled: true
elasticsearch.username: "kibana"
elasticsearch.password: "password#123"
When i restarted Kibana,
i ws prompted with a username password page, where i gave
kibana/password#123 that i had set in my yml.
Im getting the below response:
{"statusCode":403,"error":"Forbidden","message":"Forbidden"}
Please help me out.
Resolution:
using "elastic" user account instead of kibana fixed this issue.
Configuring security in Kibana
To use Kibana with X-Pack security:
Update the following settings in the kibana.yml configuration file:
elasticsearch.username: "kibana"
elasticsearch.password: "kibanapassword"
Set the xpack.security.encryptionKey property in the kibana.yml configuration file.
xpack.security.encryptionKey: "something_at_least_32_characters"
Optional: Change the default session duration.
xpack.security.sessionTimeout: 600000
Restart Kibana.
Please follow this link using-kibana-with-security
I have elasticsearch server running having indexes, say server XX.XXX.XXX.XXX:9200.
I have index in the server ES cluster XX.XXX.XXX.XXX:9200 for which I am trying to create dashboards in my localhost:5601 (Kibana)
In my kibana.yml I have this configuration:
server.port: 5601
server.host: "localhost"
# The URL of the Elasticsearch instance to use for all your queries.
elasticsearch.url: "http://XX.XXX.XXX.XXX:9200"
In Elasticsearch.yml I have this config:
network.host: 0.0.0.0 (to accept all the IPs)
http.port: 9200
But I am getting this error when running kibana.yml :
connect ECONNREFUSED http://XX.XXX.XXX.XXX:9200
Unable to connect to ElasticSearch at http://XX.XXX.XXX.XXX:9200
Can anyone tell me where am I doing wrong here to get the kibana up and running with the server index of ES?
In your kibana.yml put this configuration:
server.port: 5601
server.host: "0.0.0.0"