Good afternoon community,
I have the following problem, which will surely be silly, but I do not give with the key. I have a Debian 9 machine where I have ELK installed (Elasticsearch, Logstash and Kibana). It has been configured as it comes in the documentation. The installation versions correspond to the 6.x.
The services start correctly each and every one of them, the problem is when accessing the Kibana console through port 5601, when I access the browser and enter the url : 5601, I get a message that tells me the following "Kibana server is not ready yet"
I have not configured much more than what the official documentation says, so I do not understand why I do not lift the console to start configuring it.
Thanks in advance.
Related
I have reviewed this post but it is not helping:
Installing Nifi on Google Cloud Compute Engine
Here is what I have already done:
installed java 11 on ubuntu lts
installed nifi on ubuntu lts
This is what i have when i start the nifi.sh :
Java home: /usr/lib/jvm/java-1.11.0-openjdk-amd64
NiFi home: /usr/lib/nifi
Bootstrap Config File: /usr/lib/nifi/conf/bootstrap.conf
I have even tried to edit the nifi.properties by editing nifi.web.http.host and nifi.web.port
nifi.web.host=MY external ip from GCE
nifi.web.port=8080
I have even adjusted the Firewall settings and added port 8080(tcp) any my ip in IPRanges.
When I try to start the NIFI GUI it just does NOT load.
Can you please help me with that?
As per this doc can you cross check whether it is installed properly . Seems to be the default port for nifi is 8443. As you said changed to 8080, make sure that this port is not running in any other service and also there is no firewall blocking for this port.
open a web browser and navigate to https://localhost:8443/nifi or replace the port that you have changed and give it a try.
As per this SO, cross check whether the logs are listening or not by using logs/nifi-app.log. Share the screenshot if you are getting any errors.
Refer to this similar kind of issue : link1, link2, link3
I'm trying to set up an ELK stack on a remote Oracle Cloud server, but I can't access kibana from a browser. Installation using deb package. The version of elasticsearch and kibana I'm installing is 8.2 (in this version, security settings are already enabled by default, including settings and generation of security certificates) - the latest version for now. I perform the installation according to the instructions from the official site, but nothing is said there about the remote access settings.
I tried to change the settings in the kibana.yaml file, uncommented the "server.port: 5601" field and edited server.host: "my ip" (I also tried server.host: "0.0.0.0"), but this does not help .
I also tried to access from the network directly to elasticsearch. I edited its configuration in a similar way, but it did not help. In my case, access to elasticsearch from the network is not essential, but I would also like to get it.
I know that Oracle servers by default have restrictions on the forwarded traffic, so I unblocked the elastic and kibana ports (9200 and 5601) in the Oracle control panel.
I also allowed ports 9200 and 5601 through ipitables. The UFW firewall is by default in the "inactive" status. When checked through nmap, both ports return a "filtered" status.
Please help fix the issue. I'm just doing a standard installation according to the instructions and I don't understand what the problem is.
I solved the problem by setting up a reverse proxy nginx so that it redirects requests coming to the server to localhost:5601. These two articles helped me, I hope it helps someone else:
https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04
https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elastic-stack-on-ubuntu-20-04-ru (step 2)
I am trying to build familiarity with SIEM systems in general and decided to set up an Elastic Stack via Digital Ocean. Everything was successful and my server as localhost is producing logs. It's been interesting to tinker with visualizations and that good stuff.
Obviously my interest isn't in logs from this remote server, though. I would like to configure some devices on my home network to send logs.
Current setup on server: filebeat > logstash > elasticsearch > kibana.
When I install filebeat onto, say, my laptop and configure the .yml file in a similar way to the server (comment out elastic output, uncomment logstash output) it is not able to connect. Basically I just set the hosts to serverip:logstash port and enabled filebeat on the system. Running the setup commands leads to a "couldn't connect to any configured elasticsearch hosts".
Instead of a direct answer, can someone explain for me generally what I need to be considering for this process? What is happening when connecting outside of the server LAN? and how do I handle authentication to the server, if needed?
Thank you, really. I know that the information is out there but I am deep in a rabbit hole and having a hard time finding what I need.
By default, the HTTP API is bound to only the host's local loopback interface,
ensuring that it is not accessible to the rest of the network. Because the API
includes neither authentication nor authorization and has not been hardened or
tested for use as a publicly-reachable API, binding to publicly accessible IPs
should be avoided where possible.
Even you set "http.host: 0.0.0.0" - you need to open port for your laptop (better if you already have public IP and open it only for your laptop)
For authentication - you have to investigate xpack - security features .
BR Alexey.
Elastic-search: Installed on windows server 2012 running windows 10
I have been working with elasticsearch on localhost as I get familiar with it. Now, that I am familiar with it I have started up a Windows Server and installed elastic search on that machine.But, now I can't find documentation to access Elatic-search without using localhost.If somebody can point me in the right direction it would be highly appreciated.
I think this is the page you are after. Dont forget the security implications of having an ES server accessible from outside your network as there is no access controls for ES.
I have an elasticsearch server with host h1 running at port 9200. And i have a separate kibana server with host h2 running on port 5601. I have configured both of them properly and then tried to see the GUI of kibana.
It says Status:Red and in the error i see "Unable to connect to Elasticsearch at h1:9200"
I ran the basic troubleshoot mentioned in the elk documentation i.e. to check whether kibana.yml's elasticsearch.url field is properly referring to h1:9200 or not and vice versa for elasticsearch.yml's fields. Everything seems to be fine. What could be any other reason for this error? How to fix the same?
Could be for a number of reasons, connectivity/network configuration usually the prime suspect - check out this troubleshooting article for possible solutions