Kibana Unable to connect to Elasticsearch
45 views
Skip to first unread message
Yabir Canario
Jun 15, 2018, 11:54:27 AM6/15/18
to Search Guard Community Forum
When asking questions, please provide the following information:
* Search Guard and Elasticsearch version
searchguard v6
ES and KI v6.2.1
* Installed and used enterprise modules, if any
* JVM version and operating system version
Ubuntu 16.04 (Docker)
* Search Guard configuration files
I just installed SearchGuard with the demo configuration (and since I'm on a exploratory development, i didn't change any default configuration) but, Kibana is not accesing to ES for some reason....
Elasticsearch logs:
[2018-06-15T15:39:00,341][DEBUG][c.f.s.a.BackendRegistry ] Try to extract auth creds from basic http authenticator
15481 [2018-06-15T15:39:00,406][INFO ][o.e.c.m.MetaDataMappingService] [elastic-node-1] [sg6-auditlog-2018.06.15/7aHWZJ22QI28EOaBHvepPg] update_mapping [auditlog]
15482 [2018-06-15T15:39:03,984][DEBUG][c.f.s.a.BackendRegistry ] Try to extract auth creds from basic http authenticator
15483 [2018-06-15T15:39:03,997][DEBUG][c.f.s.a.BackendRegistry ] admin not cached, return from internal backend directly
15484 [2018-06-15T15:39:04,400][DEBUG][c.f.s.a.BackendRegistry ] User 'User [name=admin, roles=[admin], requestedTenant=null]' is authenticated
15485 [2018-06-15T15:39:04,400][DEBUG][c.f.s.a.BackendRegistry ] sgtenant 'null'
15486 [2018-06-15T15:39:04,403][DEBUG][c.f.s.c.PrivilegesEvaluator] ### evaluate permissions for User [name=admin, roles=[admin], requestedTenant=null] on elastic-node-1
15487 [2018-06-15T15:39:04,403][DEBUG][c.f.s.c.PrivilegesEvaluator] requested cluster:monitor/main from 92.154.26.177:56688
15488 [2018-06-15T15:39:04,403][DEBUG][c.f.s.c.PrivilegesEvaluator] class org.elasticsearch.action.main.MainRequest is not an IndicesRequest
15489 [2018-06-15T15:39:04,404][DEBUG][c.f.s.c.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]]
15490 [2018-06-15T15:39:04,404][DEBUG][c.f.s.c.PrivilegesEvaluator] mapped roles for admin: [sg_all_access, sg_own_index]
15491 [2018-06-15T15:39:04,405][DEBUG][c.f.s.c.PrivilegesInterceptorImpl] raw requestedTenant: 'null'
15492 [2018-06-15T15:39:04,405][DEBUG][c.f.s.c.PrivilegesEvaluator] Result from privileges interceptor: null
15493 [2018-06-15T15:39:04,405][DEBUG][c.f.s.c.PrivilegesEvaluator] ---------- evaluate sg_role: sg_all_access
15494 [2018-06-15T15:39:04,409][DEBUG][c.f.s.c.PrivilegesEvaluator] resolved cluster actions:[*]
15495 [2018-06-15T15:39:04,410][DEBUG][c.f.s.c.PrivilegesEvaluator] found a match for 'sg_all_access' and cluster:monitor/main, skip other roles
also when i connect to Es through my browser , it shows me this warning. Is this normal?
Error in Kibana:
Jochen Kressin
Jun 15, 2018, 1:38:22 PM6/15/18
to Search Guard Community Forum
The browser warning is normal since the certificates that come with the demo installer are self-signed.
Regarding Kibana: Did you change your kibana.yml according to the docs?
If yes, please post the kibana.yml here. I suspect someting is misconfigured, e.g. the kibana server user. Or you try to connect via http instead of https to Elasticsearch.
Message has been deleted
Yabir Canario
Jun 18, 2018, 4:34:53 AM6/18/18
to Search Guard Community Forum
Yes, I think I changed it according to the documentation. I replaced http by https in the elasticsearch.url and I added the username, password and ssl.verificationMode: none. I'm I missing something?. Here's my kibana configuration:
# Default Kibana configuration from kibana-docker.
server.name: kibana
server.host: "0"
elasticsearch.url: "https://XXXX.com:9200"
elasticsearch.requestTimeout: 120000
elasticsearch.username: "kibanaserver"
elasticsearch.password: "kibanaserver"
#Logging configuration
logging.dest: config/logkibana.txt
logging.useUTC: false
searchguard.basicauth.enabled: true
elasticsearch.ssl.verificationMode: none
#elasticsearch.requestHeadersWhitelist: [ "Authorization", "sgtenant" ]
#searchguard.cookie.password: "qwertyuiop"
#searchguard.cookie.secure: falseYabir Canario
Jun 18, 2018, 8:17:38 AM6/18/18
to Search Guard Community Forum
self resolved. The sever.host has to be the same as the network.host setted in the elasticsearch.yml.
Oumeyma JELLALI
Jun 18, 2018, 9:44:09 AM6/18/18
to search...@googlegroups.com
i have a problem who can help me 
--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/5c973208-f873-4780-8fcb-c9caad369669%40googlegroups.com.
Yabir Canario
Jun 18, 2018, 10:08:34 AM6/18/18
to Search Guard Community Forum
Can you upload your configurations files: kibana.yml, elasticsearch.yml ? logs?
Le lundi 18 juin 2018 15:44:09 UTC+2, Oumeyma JELLALI a écrit :
i have a problem who can help me
On Mon, Jun 18, 2018 at 1:17 PM, Yabir Canario <yabircanar...@gmail.com> wrote:
self resolved. The sever.host has to be the same as the network.host setted in the elasticsearch.yml.
Le lundi 18 juin 2018 10:34:53 UTC+2, Yabir Canario a écrit :Yes, I think I changed it according to the documentation. I replaced http by https in the elasticsearch.url and I added the username, password and ssl.verificationMode: none. I'm I missing something?. Here's my kibana configuration:
server.name: kibana
server.host: "0"
elasticsearch.url: "https://XXXX.com:9200"
elasticsearch.requestTimeout: 120000
elasticsearch.username: "kibanaserver"
elasticsearch.password: "kibanaserver"
#Logging configuration
logging.dest: config/logkibana.txt
logging.useUTC: false
searchguard.basicauth.enabled: true
elasticsearch.ssl.verificationMode: none
#elasticsearch.requestHeadersWhitelist: [ "Authorization", "sgtenant" ]
#searchguard.cookie.password: "qwertyuiop"
#searchguard.cookie.secure: false
--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
Oumeyma JELLALI
Jun 18, 2018, 11:11:48 AM6/18/18
to search...@googlegroups.com
hi
in this file notepad elasticsearch0yml and kibana.yml
and in aaa logs
thanks
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9b92dd1b-9728-482c-9863-c84d2836b149%40googlegroups.com.
Yabir Canario
Jun 18, 2018, 11:20:08 AM6/18/18
to Search Guard Community Forum
Oumeyma JELLALI
Jun 18, 2018, 4:29:43 PM6/18/18
to search...@googlegroups.com
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/8ac76d30-3291-408b-ab74-991f7a2925bc%40googlegroups.com.
Oumeyma JELLALI
Jun 19, 2018, 5:33:03 AM6/19/18
to search...@googlegroups.com
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/8ac76d30-3291-408b-ab74-991f7a2925bc%40googlegroups.com.
Yabir Canario
Jun 19, 2018, 10:22:31 AM6/19/18
to Search Guard Community Forum
I'm a noob on this too but, the solution that worked for me was set the parameters server.host: "0.0.0.0" in kibana.yml and network.host: 0.0.0.0 in elasticsearch.yml
Reply all
Reply to author
Forward
0 new messages