I've got a self-hosted Elasticsearch + Kibana environment that I'm trying to add Elasticsearch Enterprise/App Search to.
While trying to start up Elasticsearch Enterprise/App Search I'm getting the below error:
Elasticsearch API key service must be enabled. It is enabled automatically when you configure Elasticsearch to use TLS on the HTTP interface.
Alternatively, you can explicitly enable the setting within Elasticsearch by opening config/elasticsearch.yml and adding:
xpack.security.authc.api_key.enabled: true
I have added that setting and am still getting the error upon startup.
Here are the properties I modified in the elasticsearch.yml
xpac.security.enabled true
#xpack.security.audit.logfile.events.emit_request_body: true
discovery.type: single-node
xpack.security.authc.api_key.enabled: true
xpack:
security:
authc:
realms:
native:
native1:
order: 0
Related
I have the following error during the migration of our Elasticsearch instance from version 6.8 to 7.9:
FATAL Error: [config validation of [elasticsearch].url]: definition for this key is missing
The whole configuration is the same.
How to fix this error?
kibana.yml should look like this
server.host: "0.0.0.0"
elasticsearch.url: http://127.0.0.1:9200
kibana.index: ".kibana"
and also you can pass as an environment variable
SERVER_NAME: kibana
ELASTICSEARCH_URL: http://127.0.0.1:9200
Here's a link
for more kibana config options.
Enable elasticsearch.hosts in config/kibana.yml,
elasticsearch.hosts: ["http://localhost:9200/"]
That should solve your problem.
I recently got to manage an opensource-based infrastructure composed by multiple Debian servers. On some of them, the ELK stack is installed.
I am verifying verify the presence of any integration between ELK and LDAP or other IAMs. On the dedicated monitoring node, I looked for IAM-related info into the following configuration files:
/etc/elasticsearch/elasticsearch.yaml
/etc/kibana/kibana.yml
/etc/logstash/logstash.yml
but the only login/account credentials I have been able to find are in the kibana.yml file:
elasticsearch.username: "username"
elasticsearch.password: "password"
In /etc/kibana/kibana.yml and /etc/elasticsearch/elasticsearch.yml I find the following:
xpack.security.enabled: false
which leads me think to the presence of a "xpack" plugin in somehow related to ldap. Where should I look for LDAP integration ?
Thanks to #Wonka for suggesting the presence of ReadOnlyRest. I found a readonlyrest.yml in /etc/elasticsearch. There, the following was present:
ldaps:
- name: ldap1
host: "ourldapserver.ourdomain"
[...]
Here is where LDAP integration occured.
I just setup my xpack in elasticsearch 7.1.0
as below in elasticsearch.yml:
xpack.security.enabled: true
discovery.type: single-node
in my elasticsearch.yml
Then, i ran
>elasticsearch-setup-passwords interactive
and changed all my built-in user passwords.
this is the change i made in Kibana.yml
xpack.security.enabled: true
elasticsearch.username: "kibana"
elasticsearch.password: "password#123"
When i restarted Kibana,
i ws prompted with a username password page, where i gave
kibana/password#123 that i had set in my yml.
Im getting the below response:
{"statusCode":403,"error":"Forbidden","message":"Forbidden"}
Please help me out.
Resolution:
using "elastic" user account instead of kibana fixed this issue.
Configuring security in Kibana
To use Kibana with X-Pack security:
Update the following settings in the kibana.yml configuration file:
elasticsearch.username: "kibana"
elasticsearch.password: "kibanapassword"
Set the xpack.security.encryptionKey property in the kibana.yml configuration file.
xpack.security.encryptionKey: "something_at_least_32_characters"
Optional: Change the default session duration.
xpack.security.sessionTimeout: 600000
Restart Kibana.
Please follow this link using-kibana-with-security
I'm trying to set Centralized pipeline management but it is still not working.
I'm using Elastic Cloud trial version and Logstash running on a local vm
my logstash.yml looks like:
xpack.management.elasticsearch.url: "https://xxx.eu-central-1.aws.cloud.es.io:xxx/"
xpack.management.enabled: true
xpack.management.elasticsearch.username: elastic
xpack.management.elasticsearch.password: password
xpack.management.logstash.poll_interval: 5s
xpack.management.pipeline.id: ["apache", "cloudwatch_logs"]
cloud.auth: "elastic:xxxx"
cloud.id: "yyyy=="
path.data: /var/lib/logstash
path.logs: /var/log/logstash
I followed instructions from https://www.elastic.co/guide/en/logstash/6.x/logstash-centralized-pipeline-management.html#logstash-centralized-pipeline-management and https://www.elastic.co/guide/en/logstash/6.x/configuring-centralized-pipelines.html
But Logstash isn't shipping anything to Elastic if I set manually a conf file and pipeline on logstash vm (whereas these were working fine on hosted trial) and If I create new pipeline in from Kibana UI...nothing else happen than having my pipeline saved under logstash pipeline management
Any tip? Did I miss some steps?
After installing Elasticsearch 5.6.3 and setting Nodename to the server name. I tried to browse to Elasticsearch using IP:9200 but it didn't work. If I browse to localhost:9200 it works. Where do I go to change th default behaviour of Localhost. Since I want to open this up to other external servers so the loop back address of localhost isn't any good.
After installing Kibana 5.6.3, the same is obviously true here as well. Starting the kibana server with the ip fails, but with localhost doesn't.
At this point I have no indexes, I just want to prove Elasticsearch can be reached beyond localhost.
Thanks
Bill
You can configure your IP with the "network.host" setting in 'elasticsearch.yml' and 'kibana.yml' in your config directory.
Here is some link to the Elasticsearch doc to config yours :)
Configuring Elasticsearch
Important Settings
For a quick start development configuration the following settings can be placed into 'elasticsearch.yml':
network.host e.g.
network.host: 192.168.178.49
cluster.initial_master_nodes e.g.
cluster.initial_master_nodes: ["node_1"]
You can also define a cluster name:
cluster.name: my-application
Start it with the node name (example for Windows)
C:\InstallFolder\elasticsearch-7.10.0>C:\InstallFolder\elasticsearch-7.10.0\bin\elasticsearch.bat -Enode.name=node_1
Go to your browser and open http://192.168.178.49:9200 (replace with your IP). It shows a JSON result. The localhost:9200 will no longer work.
This config should not be used for production environments. See the official docs.
In general when starting from a command prompt it shows any errors when something fails. These are very helpful.