I am new to elasticsearch, logstash and kibana .
I am using Windows
i recently install x-pack plugin by folowing this tutorial :
https://www.elastic.co/guide/en/x-pack/5.1/installing-xpack.html
the main point is :
Go to ES_PATH
elasticsearch-plugin install x-pack
Go to Kibana PATH
kibana-plugin install x-pack
everything goes well, until i try to verify my x-pack instalation.
i go to kibana url. http://localhost:5601/
if everything is right, based on documentation, i should be prompted to login to kibana.
but, all i got is this message:https://stackoverflow.com/questions/ask
Related
Good day:
I've installed ElasticSearch (on Azure) and I"m trying to get my Kibana (local instance) connecting to my remote elastic instance however, I"m getting the following issue:
[06:26:19.214] [warning][license][xpack] License information from the X-Pack plugin could not be obtained from Elasticsearch for the [data] cluster. [invalid_index_name_exception] Invalid index name [_xpack], must not start with '_'., with { index_uuid="_na_" & index="_xpack" } :: {"path":"/_xpack","statusCode":400,"response":"{\"error\":{\"root_cause\":[{\"type\":\"invalid_index_name_exception\",\"reason\":\"Invalid index name [_xpack], must not start with '_'.\",\"index_uuid\":\"_na_\",\"index\":\"_xpack\"}],\"type\":\"invalid_index_name_exception\",\"reason\":\"Invalid index name [_xpack], must not start with '_'.\",\"index_uuid\":\"_na_\",\"index\":\"_xpack\"},\"status\":400}"}
Thoughts?
It looks like XPack is not installed on your ES server, while it is on your local Kibana instance.
You can either install XPack on ES
bin/elasticsearch-plugin install x-pack
or remove it from Kibana
bin/kibana-plugin remove x-pack
Every day I get a new log file from Jboss Fuse. Examples:
fuse.log.2018-02-28
fuse.log.2018-03-01
fuse.log.2018-03-03
etc..
I want to load a log file into Kibana every day.
Now this is what I have done so far:
Installed Elasticsearch
Installed ingest-geoip
Installed Kibana on http://localhost:9200
Installed Filebeat
Installed logstash
What do I do from here? When I go to Kibana I only see the default dashboard screen "Add Data to Kibana":
Kibana dashboard
Thanks for any help.
I had installed x-pack earlier and used it, and hosted Kibana through Nginx.
I yesterday uninstalled x-pack from both elasticsearch and kibana, via
sudo bin/elasticsearch-plugin remove x-pack
and
sudo bin/kibana-plugin remove x-pack
Now, when I try to start elastic, elastic is started, but Kibana does not start when I start kibana.
The Kibana.stdout log says,
{"type":"log","#timestamp":"2017-04-27T06:23:39Z","tags":["info","optimize"],"pid":49497,"message":"Optimizing and caching bundles for kibana, timelion and status_page. This may take a few minutes"}
And Kibana is never started.
The sudo service kibana status says it is running, but sudo netstat -ntlp, I can not find the port 5601.
It is never started. Why so ?
What can be the possible issue ?
Try deleting the kibana/optimize/bundles directory as well as the kibana/optimize/.babel-cache.json file and restarting Kibana. That will trigger a completely fresh rebuild of the Kibana source without x-pack.
Note: If you're using kibana as a system daemon, run the kibana process through the command line once to re-compile the optimize bundle before starting the daemon.
./usr/share/kibana/bin/kibana
In order to use sense plugin, I have some problems when integrating kibana with elastic search. Everyting goes well. Elastic search and kibana installed properly in my machine.
When I run this command :
cd elasticsearch/bin/elasticsearch.bat
and then I go to http://localhost:9200/,
I got success message.
When I run this command :
cd kibana/bin/kibana.bat
and then I go to http://localhost:5601/app/sense
I got notification that
plugin:elasticsearch is not available.
this is prove that my elastic already running
this is my kibana.yml
this is my elastic.yml
What's going wrong?
I'm trying to setup Shield for Elasticsearch, but had some trouble
When I try to start Elasticsearch like:
/usr/share/elasticsearch/bin/elasticsearch
all work as expected, but when I'm trying to start/restart Elasticsearch like:
/etc/init.d/elasticsearch srart
I've got error described below
[2015-02-17 21:44:09,662][ERROR][shield.audit.logfile ] [Tusk] [rest] [authentication_failed] origin_address=[/192.168.88.17:58291], principal=[es_admin], uri=[/_aliases?pretty=true]
OS: Ubuntu 12.04
Elasticsearch: 1.4.3
Shield: 1.0.1
Elasticsearch and Shield were running with default settings
If your elasticsearch configs are not in /usr/share/elasticsearch but lets say at /etc/elasticsearch
Then just move the usr/share/elasticsearch/config/shield to /etc/elasticseach
Take care that if you start elasticsearch with the user elasticsearch that the new /etc/elasticsearch/shield folder belongs to the user elasticsearch.
If that doesn't make it, then also see this
http://www.elasticsearch.org/guide/en/shield/current/getting-started.html#_configuring_your_environment
Same thing happened with me when i tried to add shield to our elasticsearch cluster to add auth based access to elasticsearch data.
I was on ubuntu 14.04 machine and elasticsearch was installed using a .deb package from elastic-download-link.
Elasticsearch was using a service startup script from
/etc/init.d/elasticsearch
in which the configuration was mentioned as:
# Elasticsearch configuration directory
CONF_DIR=/etc/$NAME
But when i tried to install shield plugin on elasticsearch from this-link
and tried to add user on shield by following es-docs using this command.
sudo bin/shield/esusers useradd es_admin -r admin
shield configuration was being updated in
/usr/share/elasticsearch/config/shield/
but elasticsearch server was expecting configuration files to be in
/etc/elasticsearch/shield/
due to this mismatch in read configuration file for shield and new updated file with newly added users on shield causing this authentication failure.
This can be solved either by moving
/usr/share/elasticsearch/config/shield/
to
/etc/elasticsearch/shield/
or by changing conf file location in
/etc/init.d/elasticsearch
as
# Elasticsearch configuration directory
CONF_DIR=/usr/share/elasticsearch/config/