Kibana - Request Timeout after 30000ms
Max S.
I have restarted Kibana, ES, etc... but still receiving this error message after every search query attempts made in Kibana.
Please see attached screenshot for more details.
Thanks in anticipation.
-Max
Wes Lambert
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Max S.
I don't have an entry for elasticsearch.requestTimeout in my SecurityOnion's kibana.yml file. So would you recommend adding it and what's the full syntax for the requestTimeout?
Below is the content of my kibana.yml file.
# Default Kibana configuration from kibana-docker.
server.name: kibana
server.host: "0"
elasticsearch.url: http://elasticsearch:9200
#elasticsearch.username: elastic
#elasticsearch.password: changeme
#xpack.monitoring.ui.container.elasticsearch.enabled: true
logging.dest: /var/log/kibana/kibana.log
Wes Lambert
A Abs
I am facing too many performance issues with Elastic stack.Honestly i like ELSA much more than Elastic Stack as it was really light weight and simple to maintenance and adjustment.on ELSA i archived 5 Billion logs and had no problem at all . but on ELK too many timeout , slow response (on small amounts of logs) and poor documentation.
for example the ELK Docs guide you for searching "destination IP x.x.x.x" with the syntax " dst_ip: x.x.x.x" but is will not work on recent version and i find the correct syntax is destination_ip: x.x.x.x (find by try and error).
i love ELSA but the Doug kill it on SO 16.0 :)
Josh Silvestro
I can understand where you're coming from, but I think that Elastic is much more versatile if correctly sized and configured.
As far as syntax, keep in mind you can always rename the fields such as dst_ip, so it's not that docs are incorrect it's just really each uses discretion on how to format their fields. If you want to rename/match to line up with docs (opposed to how SO ships by default) look at making a logstash conf file.
A Abs
Thank you josh,
I agree with you that the ELK need the good sizing and optimization that you need to learn and master it and i am not bashing the ELK.i said it need too much learning curve for people like me that are multi-tasked and not really interested on a full features analytic system like ELK . for me a log management system like ELSA is good enough.
but i don't get it how you know where i came from ???