How to access kibana after installing Searchguard plugin
113 views
Skip to first unread message
Vijay
Mar 15, 2019, 5:01:54 PM3/15/19
to Search Guard Community Forum
Elasticsearch version: 6.5.4
Kibana: 6.5.4
Searchguard for kibana: 6.5.4-18
How can i access kibana Dashboard after installing searchguard plugin on it?
i have elasticsearch running on cluster enabled searchguard on it and service is accessible on port 443:9200
i have another server with only kibana installed on it and enabled searchguard on that server, i have included all the elasticsearch cluster and certs details in it.
Please suggest me how do i access kibana dashboard, thanks.
kibana.yml
xpack.security.enabled: false
xpack.spaces.enabled: false
xpack.monitoring.enabled: false
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.watcher.enabled: false
# BEGIN ANSIBLE MANAGED BLOCK
elasticsearch.url: "https://test-elastic:443"
elasticsearch.ssl.certificateAuthorities: /root/ssl/cacert
elasticsearch.ssl.certificate: /root/ssl/test-elastic-client.pem
elasticsearch.ssl.key: /root/ssl/test-elastic-client.key
#server.basePath: /kibana
# END ANSIBLE MANAGED BLOCK
server.host: "10.10.10.15"
server.name: "kibana73"
SG
Mar 17, 2019, 2:12:32 PM3/17/19
to search...@googlegroups.com
From your config below i assume its
http://10.10.10.15:5601
With regards to your settings:
elasticsearch.ssl.certificate: /root/ssl/test-elastic-client.pem
elasticsearch.ssl.key: /root/ssl/test-elastic-client.key
in kibana.yml pls. refer to https://docs.search-guard.com/latest/kibana-plugin-installation#client-certificates-elasticsearchsslcertificate
because using client certificates is maybe not something you really want.
If you like to encrypt the access to Kibana itself (so that it would be accessible via https://10.10.10.15:5601) then set
server.ssl.enabled: true
server.ssl.certificate: /path/to/cert.pem
server.ssl.key: /path/to/key.pem
...
...
in kibana.yml as documented in https://www.elastic.co/guide/en/kibana/current/settings.html
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/15f83069-d498-47f8-a6d2-2cebdb459bde%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
http://10.10.10.15:5601
With regards to your settings:
elasticsearch.ssl.certificate: /root/ssl/test-elastic-client.pem
elasticsearch.ssl.key: /root/ssl/test-elastic-client.key
in kibana.yml pls. refer to https://docs.search-guard.com/latest/kibana-plugin-installation#client-certificates-elasticsearchsslcertificate
because using client certificates is maybe not something you really want.
If you like to encrypt the access to Kibana itself (so that it would be accessible via https://10.10.10.15:5601) then set
server.ssl.enabled: true
server.ssl.certificate: /path/to/cert.pem
server.ssl.key: /path/to/key.pem
...
...
in kibana.yml as documented in https://www.elastic.co/guide/en/kibana/current/settings.html
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/15f83069-d498-47f8-a6d2-2cebdb459bde%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Vijay
Mar 18, 2019, 6:36:25 PM3/18/19
to Search Guard Community Forum
Thanks for the response.
i am able to access kibana Dashboard, but not able to login into it, getting below error, please help me.
{"type":"log","@timestamp":"2019-03-18T22:00:40Z","tags":["status","plugin:kib...@6.5.4","info"],"pid":14882,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:40Z","tags":["status","plugin:elasti...@6.5.4","info"],"pid":14882,"state":"yellow","message":"Status changed from uninitialized to yellow - Waiting for Elasticsearch","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:40Z","tags":["status","plugin:xpack...@6.5.4","info"],"pid":14882,"state":"yellow","message":"Status changed from uninitialized to yellow - Waiting for Elasticsearch","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:40Z","tags":["status","plugin:searchp...@6.5.4","info"],"pid":14882,"state":"yellow","message":"Status changed from uninitialized to yellow - Waiting for Elasticsearch","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:40Z","tags":["status","plugin:til...@6.5.4","info"],"pid":14882,"state":"yellow","message":"Status changed from uninitialized to yellow - Waiting for Elasticsearch","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:40Z","tags":["status","plugin:license_m...@6.5.4","info"],"pid":14882,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:40Z","tags":["status","plugin:index_ma...@6.5.4","info"],"pid":14882,"state":"yellow","message":"Status changed from uninitialized to yellow - Waiting for Elasticsearch","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:rol...@6.5.4","info"],"pid":14882,"state":"yellow","message":"Status changed from uninitialized to yellow - Waiting for Elasticsearch","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:time...@6.5.4","info"],"pid":14882,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:grokde...@6.5.4","info"],"pid":14882,"state":"yellow","message":"Status changed from uninitialized to yellow - Waiting for Elasticsearch","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:dashboa...@6.5.4","info"],"pid":14882,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:logs...@6.5.4","info"],"pid":14882,"state":"yellow","message":"Status changed from uninitialized to yellow - Waiting for Elasticsearch","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:beats_ma...@6.5.4","info"],"pid":14882,"state":"yellow","message":"Status changed from uninitialized to yellow - Waiting for Elasticsearch","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:a...@6.5.4","info"],"pid":14882,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:can...@6.5.4","info"],"pid":14882,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:con...@6.5.4","info"],"pid":14882,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:console_e...@6.5.4","info"],"pid":14882,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:notifi...@6.5.4","info"],"pid":14882,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:in...@6.5.4","info"],"pid":14882,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:searc...@6.5.4-18","info"],"pid":14882,"state":"yellow","message":"Status changed from uninitialized to yellow - Initialising Search Guard authentication plugin.","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:searc...@6.5.4-18","info"],"pid":14882,"state":"yellow","message":"Status changed from yellow to yellow - Default cookie password detected, please set a password in kibana.yml by setting 'searchguard.cookie.password' (min. 32 characters).","prevState":"yellow","prevMsg":"Initialising Search Guard authentication plugin."}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:searc...@6.5.4-18","info"],"pid":14882,"state":"yellow","message":"Status changed from yellow to yellow - 'searchguard.cookie.secure' is set to false, cookies are transmitted over unsecure HTTP connection. Consider using HTTPS and set this key to 'true'","prevState":"yellow","prevMsg":"Default cookie password detected, please set a password in kibana.yml by setting 'searchguard.cookie.password' (min. 32 characters)."}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:searc...@6.5.4-18","info"],"pid":14882,"state":"yellow","message":"Status changed from yellow to yellow - Search Guard session management enabled.","prevState":"yellow","prevMsg":"'searchguard.cookie.secure' is set to false, cookies are transmitted over unsecure HTTP connection. Consider using HTTPS and set this key to 'true'"}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:searc...@6.5.4-18","info"],"pid":14882,"state":"yellow","message":"Status changed from yellow to yellow - Search Guard copy JWT params disabled","prevState":"yellow","prevMsg":"Search Guard session management enabled."}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:searc...@6.5.4-18","info"],"pid":14882,"state":"yellow","message":"Status changed from yellow to yellow - Search Guard multitenancy disabled","prevState":"yellow","prevMsg":"Search Guard copy JWT params disabled"}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:searc...@6.5.4-18","info"],"pid":14882,"state":"yellow","message":"Status changed from yellow to yellow - Routes for Search Guard configuration GUI registered. This is an Enterprise feature.","prevState":"yellow","prevMsg":"Search Guard multitenancy disabled"}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:searc...@6.5.4-18","info"],"pid":14882,"state":"yellow","message":"Status changed from yellow to yellow - Search Guard system routes registered.","prevState":"yellow","prevMsg":"Routes for Search Guard configuration GUI registered. This is an Enterprise feature."}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:searc...@6.5.4-18","info"],"pid":14882,"state":"green","message":"Status changed from yellow to green - Search Guard plugin version 6.5.4-18 initialised.","prevState":"yellow","prevMsg":"Search Guard system routes registered."}
{"type":"log","@timestamp":"2019-03-18T22:00:41Z","tags":["status","plugin:met...@6.5.4","info"],"pid":14882,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:42Z","tags":["reporting","warning"],"pid":14882,"message":"Generating a random key for xpack.reporting.encryptionKey. To prevent pending reports from failing on restart, please set xpack.reporting.encryptionKey in kibana.yml"}
{"type":"log","@timestamp":"2019-03-18T22:00:42Z","tags":["status","plugin:repo...@6.5.4","info"],"pid":14882,"state":"yellow","message":"Status changed from uninitialized to yellow - Waiting for Elasticsearch","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-03-18T22:00:42Z","tags":["status","plugin:elasti...@6.5.4","info"],"pid":14882,"state":"green","message":"Status changed from yellow to green - Ready","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2019-03-18T22:00:42Z","tags":["license","info","xpack"],"pid":14882,"message":"Imported license information from Elasticsearch for the [data] cluster: mode: basic | status: active"}
{"type":"log","@timestamp":"2019-03-18T22:00:42Z","tags":["status","plugin:xpack...@6.5.4","info"],"pid":14882,"state":"green","message":"Status changed from yellow to green - Ready","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2019-03-18T22:00:42Z","tags":["status","plugin:searchp...@6.5.4","info"],"pid":14882,"state":"green","message":"Status changed from yellow to green - Ready","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2019-03-18T22:00:42Z","tags":["status","plugin:til...@6.5.4","info"],"pid":14882,"state":"green","message":"Status changed from yellow to green - Ready","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2019-03-18T22:00:42Z","tags":["status","plugin:index_ma...@6.5.4","info"],"pid":14882,"state":"green","message":"Status changed from yellow to green - Ready","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2019-03-18T22:00:42Z","tags":["status","plugin:rol...@6.5.4","info"],"pid":14882,"state":"green","message":"Status changed from yellow to green - Ready","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2019-03-18T22:00:42Z","tags":["status","plugin:grokde...@6.5.4","info"],"pid":14882,"state":"green","message":"Status changed from yellow to green - Ready","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2019-03-18T22:00:42Z","tags":["status","plugin:logs...@6.5.4","info"],"pid":14882,"state":"green","message":"Status changed from yellow to green - Ready","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2019-03-18T22:00:42Z","tags":["status","plugin:beats_ma...@6.5.4","info"],"pid":14882,"state":"green","message":"Status changed from yellow to green - Ready","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2019-03-18T22:00:42Z","tags":["status","plugin:repo...@6.5.4","info"],"pid":14882,"state":"green","message":"Status changed from yellow to green - Ready","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2019-03-18T22:00:42Z","tags":["reporting","warning"],"pid":14882,"message":"Enabling the Chromium sandbox provides an additional layer of protection."}
{"type":"log","@timestamp":"2019-03-18T22:00:43Z","tags":["listening","info"],"pid":14882,"message":"Server running at https://10.10.10.15:5601"}
{"type":"error","@timestamp":"2019-03-18T22:00:45Z","tags":["connection","client","error"],"pid":14882,"level":"error","error":{"message":"socket hang up","name":"Error","stack":"Error: socket hang up\n at TLSSocket.<anonymous> (_tls_wrap.js:890:25)\n at emitOne (events.js:121:20)\n at TLSSocket.emit (events.js:211:7)\n at _handle.close (net.js:561:12)\n at Socket.done (_tls_wrap.js:360:7)\n at Object.onceWrapper (events.js:315:30)\n at emitOne (events.js:116:13)\n at Socket.emit (events.js:211:7)\n at TCP._handle.close [as _onclose] (net.js:561:12)","code":"ECONNRESET"},"message":"socket hang up"}
When i started kibana service it has created index (.kibana_1) on elasticsearch.
While i hit url(https://test-kibana.example.com:443) to login to dashboard getting all these logs in kibana.stdout, moreover it's not allow me login using some basic credentials.
{"type":"response","@timestamp":"2019-03-18T22:19:24Z","tags":[],"pid":17460,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10"},"res":{"statusCode":302,"responseTime":3,"contentLength":9},"message":"GET / 302 3ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:24Z","tags":[],"pid":17460,"method":"get","statusCode":200,"req":{"url":"/login?nextUrl=%2F","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10"},"res":{"statusCode":200,"responseTime":8,"contentLength":9},"message":"GET /login?nextUrl=%2F 200 8ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:24Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/bundles/app/searchguard-login/bootstrap.js","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"*/*","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"c543687fc02fbf3744b6b36cc12f4908a9b2604d-gzip\""},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":7,"contentLength":9},"message":"GET /bundles/app/searchguard-login/bootstrap.js 304 7ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:24Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/bundles/vendors.style.css","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/css,*/*;q=0.1","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"3c5c2110a1de487057185bd475a79d4c1082d31c-/bundles/-gzip\""},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":2,"contentLength":9},"message":"GET /bundles/vendors.style.css 304 2ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:24Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/bundles/commons.style.css","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/css,*/*;q=0.1","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"9e4e3f987f8362ad547a3e785e6598fbe474d322-/bundles/-gzip\""},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":1,"contentLength":9},"message":"GET /bundles/commons.style.css 304 1ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:24Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/vega/index.css","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/css,*/*;q=0.1","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"00d4c2d774dd65a55fc1e7f63ee3cba86dd8ae14-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":2,"contentLength":9},"message":"GET /plugins/vega/index.css 304 2ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:24Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/bundles/searchguard-login.style.css","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/css,*/*;q=0.1","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"04a982f2ffc1681c3ff0da90b3f7d41736864cd5-/bundles/-gzip\""},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":5,"contentLength":9},"message":"GET /bundles/searchguard-login.style.css 304 5ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:24Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/kibana/index.css","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/css,*/*;q=0.1","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"edbe6533dfdaaaa779819137c70d2cf12d628934-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":4,"contentLength":9},"message":"GET /plugins/kibana/index.css 304 4ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:24Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/console/index.css","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/css,*/*;q=0.1","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"90cd62eb95bbc2eb75143c3e879287c770359f20-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":4,"contentLength":9},"message":"GET /plugins/console/index.css 304 4ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:24Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/canvas/style/index.css","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/css,*/*;q=0.1","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"a50954176de5b839059382ac8b49f5a8cc0b3b97-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":2,"contentLength":9},"message":"GET /plugins/canvas/style/index.css 304 2ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:24Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/timelion/index.css","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/css,*/*;q=0.1","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"426fb451292b92189019f5072050b7568ddc04ab-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":2,"contentLength":9},"message":"GET /plugins/timelion/index.css 304 2ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:24Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/tile_map/index.css","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/css,*/*;q=0.1","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"2ef9007d20c88445828bd0ee76b2a0fac494d742-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":1,"contentLength":9},"message":"GET /plugins/tile_map/index.css 304 1ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:24Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/tagcloud/index.css","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/css,*/*;q=0.1","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"49198202c1346338d8d111ed5e6a042f36e03293-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":5,"contentLength":9},"message":"GET /plugins/tagcloud/index.css 304 5ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:24Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/table_vis/index.css","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/css,*/*;q=0.1","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"74915553c7fe89d9f907bb256d84ed185d820764-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":5,"contentLength":9},"message":"GET /plugins/table_vis/index.css 304 5ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:24Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/status_page/index.css","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/css,*/*;q=0.1","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"655ac781c20c2c5cef0ae555a94c59df29b8e001-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":6,"contentLength":9},"message":"GET /plugins/status_page/index.css 304 6ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:25Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/metric_vis/index.css","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/css,*/*;q=0.1","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"ea491163abd9620319395dfe56b78b7abe712731-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":2,"contentLength":9},"message":"GET /plugins/metric_vis/index.css 304 2ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:25Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/region_map/index.css","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/css,*/*;q=0.1","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"da8bf17c724f2310eb402ee445c30e0815bdf861-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":2,"contentLength":9},"message":"GET /plugins/region_map/index.css 304 2ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:25Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/markdown_vis/index.css","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/css,*/*;q=0.1","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"27861bb9ed5c08248103739bf5a3583c2052dfb7-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":1,"contentLength":9},"message":"GET /plugins/markdown_vis/index.css 304 1ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:25Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/inspector_views/index.css","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/css,*/*;q=0.1","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"d1cb1233a2936f380cb6aadd95713e3bfcc909e5-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":2,"contentLength":9},"message":"GET /plugins/inspector_views/index.css 304 2ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:25Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/rollup/index.css","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/css,*/*;q=0.1","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"165837cc0fb48b6ad17a5e5ace2f752ba45dc0ba-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":1,"contentLength":9},"message":"GET /plugins/rollup/index.css 304 1ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:25Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/input_control_vis/index.css","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/css,*/*;q=0.1","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"99f0910a430c98d657e8e0b4aadf260170b7b745-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":2,"contentLength":9},"message":"GET /plugins/input_control_vis/index.css 304 2ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:25Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/index_management/index.css","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/css,*/*;q=0.1","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"d1aa520f78ab54a9f740b8a50ee8735a1805898f-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":2,"contentLength":9},"message":"GET /plugins/index_management/index.css 304 2ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:25Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/searchprofiler/index.css","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/css,*/*;q=0.1","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"fdd633559f0864ace51268c661d47f7510746b6b-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":3,"contentLength":9},"message":"GET /plugins/searchprofiler/index.css 304 3ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:25Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/license_management/index.css","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"text/css,*/*;q=0.1","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"6c45dade0714ad364f9a667835df86a27c293bff-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":1,"contentLength":9},"message":"GET /plugins/license_management/index.css 304 1ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:25Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/bundles/vendors.bundle.js","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"*/*","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"224319971212a637f7ced9ac7fae25c6daac20ed-/bundles/-gzip\""},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":2,"contentLength":9},"message":"GET /bundles/vendors.bundle.js 304 2ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:25Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/bundles/commons.bundle.js","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"*/*","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"5ac308cb01a978046fab92de30a1252acbec181f-/bundles/-gzip\""},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":1,"contentLength":9},"message":"GET /bundles/commons.bundle.js 304 1ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:26Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/bundles/searchguard-login.bundle.js","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"*/*","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"3810df8212beb600d74d52c8c357f170fa1f04d4-/bundles/-gzip\""},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":2,"contentLength":9},"message":"GET /bundles/searchguard-login.bundle.js 304 2ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:27Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/ui/fonts/open_sans/open_sans_v15_latin_regular.woff2","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","origin":"https://test-kibana.example.com","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"*/*","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"2c07a9656f1e38da408f20f1cf11581a15cbd7a2\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":3,"contentLength":9},"message":"GET /ui/fonts/open_sans/open_sans_v15_latin_regular.woff2 304 3ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:27Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/bundles/4b5a84aaf1c9485e060c503a0ff8cadb.woff2","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","origin":"https://test-kibana.example.com","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"*/*","referer":"https://test-kibana.example.com/bundles/commons.style.css","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"574ea2698c03ae9477db2ea3baf460ee32f1a7ea\"","if-modified-since":"Mon, 18 Mar 2019 20:04:12 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/bundles/commons.style.css"},"res":{"statusCode":304,"responseTime":1,"contentLength":9},"message":"GET /bundles/4b5a84aaf1c9485e060c503a0ff8cadb.woff2 304 1ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:27Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/ui/fonts/open_sans/open_sans_v15_latin_700.woff2","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","origin":"https://test-kibana.example.com","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"*/*","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"5a6a45d6f98752b11ccb7c4f0f6fd7faf18ad1a7\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":4,"contentLength":9},"message":"GET /ui/fonts/open_sans/open_sans_v15_latin_700.woff2 304 4ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:27Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/searchguard/assets/searchguard_logo.svg","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"image/webp,image/apng,image/*,*/*;q=0.8","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"2c06bacc5016ab96536cf64e689f3819ba9646fa-gzip\"","if-modified-since":"Mon, 18 Mar 2019 19:35:07 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":1,"contentLength":9},"message":"GET /plugins/searchguard/assets/searchguard_logo.svg 304 1ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:27Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/kibana/assets/discover.svg","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"image/webp,image/apng,image/*,*/*;q=0.8","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"c4035451a8e776d0f0cd354a825ec432ad06884e-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":2,"contentLength":9},"message":"GET /plugins/kibana/assets/discover.svg 304 2ms - 9.0B"}
{"type":"error","@timestamp":"2019-03-18T22:19:27Z","tags":[],"pid":17460,"level":"error","error":{"message":"No Living connections: No Living connections","name":"Error","stack":"Error: No Living connections\n at sendReqWithConnection (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:226:15)\n at next (/usr/share/kibana/node_modules/elasticsearch/src/lib/connection_pool.js:214:7)\n at _combinedTickCallback (internal/process/next_tick.js:132:7)\n at process._tickDomainCallback (internal/process/next_tick.js:219:9)"},"url":{"protocol":null,"slashes":null,"auth":null,"host":null,"port":null,"hostname":null,"hash":null,"search":"","query":{},"pathname":"/api/v1/systeminfo","path":"/api/v1/systeminfo","href":"/api/v1/systeminfo"},"message":"No Living connections: No Living connections"}
{"type":"response","@timestamp":"2019-03-18T22:19:27Z","tags":[],"pid":17460,"method":"get","statusCode":500,"req":{"url":"/api/v1/systeminfo","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","accept":"application/json, text/plain, */*","kbn-version":"6.5.4","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":500,"responseTime":55,"contentLength":9},"message":"GET /api/v1/systeminfo 500 55ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:27Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/kibana/assets/visualize.svg","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"image/webp,image/apng,image/*,*/*;q=0.8","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"4cc79a4d91bd0380d0c82a6b092f339d185670ef-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":2,"contentLength":9},"message":"GET /plugins/kibana/assets/visualize.svg 304 2ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:27Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/kibana/assets/dashboard.svg","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"image/webp,image/apng,image/*,*/*;q=0.8","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"42c2161fa64691414784868afdd722444460763a-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":3,"contentLength":9},"message":"GET /plugins/kibana/assets/dashboard.svg 304 3ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:27Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/timelion/icon.svg","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"image/webp,image/apng,image/*,*/*;q=0.8","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"cb793d5314d680b7d5ce130f0393a70b51989541-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":5,"contentLength":9},"message":"GET /plugins/timelion/icon.svg 304 5ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:27Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/canvas/icon.svg","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"image/webp,image/apng,image/*,*/*;q=0.8","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"830f37ffc1343d996973d73fe082fa87eb487b6b-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":2,"contentLength":9},"message":"GET /plugins/canvas/icon.svg 304 2ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:27Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/infra/images/infra_mono_white.svg","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"image/webp,image/apng,image/*,*/*;q=0.8","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"16e3f30566fc6d413a9c1a0861755e2c0d385693-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":1,"contentLength":9},"message":"GET /plugins/infra/images/infra_mono_white.svg 304 1ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:27Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/infra/images/logging_mono_white.svg","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"image/webp,image/apng,image/*,*/*;q=0.8","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"6eee95b5aac44dd76fbb99abb60a3a3429d4ada2-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":1,"contentLength":9},"message":"GET /plugins/infra/images/logging_mono_white.svg 304 1ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:27Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/apm/icon.svg","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"image/webp,image/apng,image/*,*/*;q=0.8","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"cdb6515bc1340e806d4f17cbeea6a51eb5f40732-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":1,"contentLength":9},"message":"GET /plugins/apm/icon.svg 304 1ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:27Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/kibana/assets/wrench.svg","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"image/webp,image/apng,image/*,*/*;q=0.8","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"088a9a98c99e406dca2354af14f688ad84826b97-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":2,"contentLength":9},"message":"GET /plugins/kibana/assets/wrench.svg 304 2ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:27Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/kibana/assets/settings.svg","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"image/webp,image/apng,image/*,*/*;q=0.8","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"4f859e27d4917026ff1590805887902b14ce79d5-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":1,"contentLength":9},"message":"GET /plugins/kibana/assets/settings.svg 304 1ms - 9.0B"}
{"type":"response","@timestamp":"2019-03-18T22:19:27Z","tags":[],"pid":17460,"method":"get","statusCode":304,"req":{"url":"/plugins/kibana/assets/play-circle.svg","method":"get","headers":{"host":"test-kibana.example.com","connection":"keep-alive","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","accept":"image/webp,image/apng,image/*,*/*;q=0.8","referer":"https://test-kibana.example.com/login?nextUrl=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"2433ecf38258f7121c835670b6993600e7657717-gzip\"","if-modified-since":"Mon, 17 Dec 2018 21:40:29 GMT"},"remoteAddress":"10.28.10.10","userAgent":"10.28.10.10","referer":"https://test-kibana.example.com/login?nextUrl=%2F"},"res":{"statusCode":304,"responseTime":1,"contentLength":9},"message":"GET /plugins/kibana/assets/play-circle.svg 304 1ms - 9.0B"}
kibana.yml
xpack.security.enabled: false
xpack.spaces.enabled: false
xpack.monitoring.enabled: false
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.watcher.enabled: false
# BEGIN ANSIBLE MANAGED BLOCK
#elasticsearch.ssl.verify: true
#elasticsearch.ssl.verificationMode: none
elasticsearch.url: "https://test-elastic.example.com:443"
elasticsearch.ssl.certificateAuthorities: /root/ssl/cacert
elasticsearch.ssl.certificate: /root/ssl/test-elastic-client.example.com.pem
elasticsearch.ssl.key: /root/ssl/test-elastic-client.example.com.key
elasticsearch.username: "admin"
elasticsearch.password: "admin"
server.ssl.enabled: true
server.ssl.certificateAuthorities: /root/ssl/cacert
server.ssl.certificate: /root/ssl/test-kibana.example.com.pem
server.ssl.key: /root/ssl/test-kibana.example.com.key
Vijay
Mar 19, 2019, 8:55:20 AM3/19/19
to Search Guard Community Forum
Never mind, it's working...
Reply all
Reply to author
Forward
Message has been deleted
0 new messages