Accessing elastic search from a network

I configured Elasticsearch and kibana 7.5.1 in windows server 2016 and working successfully.

I need to access elasticsearch from the network but I couldn't please any one have some idea.
kibana is accessible from the network

Elasticsearch.yml

bootstrap.memory_lock: false
cluster.name: elasticsearch
http.port: 9200
node.data: true
node.ingest: true
node.master: true
node.max_local_storage_nodes: 1
node.name: Test-Elastic
path.data: C:\ProgramData\Elastic\Elasticsearch\data
path.logs: C:\ProgramData\Elastic\Elasticsearch\logs
transport.tcp.port: 9300
xpack.license.self_generated.type: trial
xpack.security.enabled: true

Take a look at the network settings, as Elasticsearch binds to localhost by default, see https://www.elastic.co/guide/en/elasticsearch/reference/7.5/modules-network.html

thank you for your replay

network.host: 0.0.0.0

when i set the network.host as above the elastic search service is not starting, sorry I am new to ELK.

Hi there,

Can you please provide elasticsearch log ?

I dont know much of networking on windows and port openning can sometimes be tricky.

You should try to bind network.host : [SERVER-IP] and restart elasticsearch.

Once you have the logs, please read https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html

Please look at the Elasticsearch log below after setting network.host setting and restarting the services.

To forward eventlog to elastic search from different windows server Elasticsearch should be accessable from the network right ??

[2020-01-15T01:30:01,594][INFO ][o.e.x.m.MlDailyMaintenanceService] [Test-Elastic] triggering scheduled [ML] maintenance tasks
[2020-01-15T01:30:01,594][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [Test-Elastic] Deleting expired data
[2020-01-15T01:30:01,641][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [Test-Elastic] Completed deletion of expired ML data
[2020-01-15T01:30:01,641][INFO ][o.e.x.m.MlDailyMaintenanceService] [Test-Elastic] Successfully completed [ML] maintenance tasks
[2020-01-15T02:30:01,557][INFO ][o.e.x.s.SnapshotRetentionTask] [Test-Elastic] starting SLM retention snapshot cleanup task
[2020-01-15T08:05:38,924][DEBUG][o.e.a.s.m.TransportMasterNodeAction] [Test-Elastic] Get stats for datafeed '_all'
[2020-01-15T08:27:04,704][INFO ][o.e.n.Node ] [Test-Elastic] stopping ...
[2020-01-15T08:27:04,798][ERROR][i.n.u.c.D.rejectedExecution] [Test-Elastic] Failed to submit a listener notification task. Event loop shut down?
java.util.concurrent.RejectedExecutionException: event executor terminated
at io.netty.util.concurrent.SingleThreadEventExecutor.reject(SingleThreadEventExecutor.java:987) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor.offerTask(SingleThreadEventExecutor.java:388) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor.addTask(SingleThreadEventExecutor.java:381) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor.execute(SingleThreadEventExecutor.java:886) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.DefaultPromise.safeExecute(DefaultPromise.java:841) [netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:498) [netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:615) [netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.DefaultPromise.setFailure0(DefaultPromise.java:608) [netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.DefaultPromise.setFailure(DefaultPromise.java:109) [netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.channel.DefaultChannelPromise.setFailure(DefaultChannelPromise.java:89) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
at io.netty.channel.AbstractChannelHandlerContext.safeExecute(AbstractChannelHandlerContext.java:1015) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:800) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
at io.netty.channel.AbstractChannelHandlerContext.writeAndFlush(AbstractChannelHandlerContext.java:757) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
at io.netty.channel.DefaultChannelPipeline.writeAndFlush(DefaultChannelPipeline.java:1032) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
at io.netty.channel.AbstractChannel.writeAndFlush(AbstractChannel.java:298) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
at org.elasticsearch.http.netty4.Netty4HttpChannel.sendResponse(Netty4HttpChannel.java:43) [transport-netty4-client-7.5.1.jar:7.5.1]
at org.elasticsearch.http.DefaultRestChannel.sendResponse(DefaultRestChannel.java:129) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.rest.RestController$ResourceHandlingHttpChannel.sendResponse(RestController.java:482) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.rest.action.RestResponseListener.processResponse(RestResponseListener.java:37) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.rest.action.RestActionListener.onResponse(RestActionListener.java:47) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.TransportAction$1.onResponse(TransportAction.java:70) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.TransportAction$1.onResponse(TransportAction.java:64) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:43) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.core.action.TransportXPackInfoAction.doExecute(TransportXPackInfoAction.java:66) [x-pack-core-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.core.action.TransportXPackInfoAction.doExecute(TransportXPackInfoAction.java:26) [x-pack-core-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:153) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$apply$0(SecurityActionFilter.java:86) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$authorizeRequest$4(SecurityActionFilter.java:172) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.AuthorizationService.lambda$authorizeAction$4(AuthorizationService.java:241) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.AuthorizationService$AuthorizationResultListener.onResponse(AuthorizationService.java:616) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.AuthorizationService$AuthorizationResultListener.onResponse(AuthorizationService.java:591) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:43) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.RBACEngine.authorizeClusterAction(RBACEngine.java:144) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.AuthorizationService.authorizeAction(AuthorizationService.java:243) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.AuthorizationService.maybeAuthorizeRunAs(AuthorizationService.java:227) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.AuthorizationService.lambda$authorize$1(AuthorizationService.java:193) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:43) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.RBACEngine.lambda$resolveAuthorizationInfo$1(RBACEngine.java:117) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.store.CompositeRolesStore.roles(CompositeRolesStore.java:152) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.store.CompositeRolesStore.getRoles(CompositeRolesStore.java:231) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.RBACEngine.getRoles(RBACEngine.java:123) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.RBACEngine.resolveAuthorizationInfo(RBACEngine.java:111) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.AuthorizationService.authorize(AuthorizationService.java:195) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.authorizeRequest(SecurityActionFilter.java:172) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$3(SecurityActionFilter.java:158) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$authenticateAsync$2(AuthenticationService.java:246) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$lookForExistingAuthentication$6(AuthenticationService.java:306) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lookForExistingAuthentication(AuthenticationService.java:317) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.authenticateAsync(AuthenticationService.java:244) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.access$000(AuthenticationService.java:196) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:139) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.applyInternal(SecurityActionFilter.java:155) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.apply(SecurityActionFilter.java:107) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:151) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:129) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:64) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.client.node.NodeClient.executeLocally(NodeClient.java:83) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.client.node.NodeClient.doExecute(NodeClient.java:72) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:396) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:70) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.core.rest.action.RestXPackInfoAction.lambda$doPrepareRequest$0(RestXPackInfoAction.java:44) [x-pack-core-7.5.1.jar:7.5.1]
at org.elasticsearch.rest.BaseRestHandler.handleRequest(BaseRestHandler.java:108) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.rest.SecurityRestFilter.lambda$handleRequest$0(SecurityRestFilter.java:58) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$writeAuthToContext$24(AuthenticationService.java:572) [x-pack-security-7.5.1.jar:7.5.1]

Please don't post unformatted code, logs, or configuration as it's very hard to read.

Instead, paste the text and format it with </> icon or pairs of triple backticks (```), and check the preview window to make sure it's properly formatted before posting it. This makes it more likely that your question will receive a useful answer.

It does not look like logs when you restart the node.
Could you restart the node and share the logs?
If there's no log at all then may be your config file is broken. Yaml could be sensible. :grimacing:

[2020-01-15T01:30:01,594][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [Test-Elastic] Deleting expired data
[2020-01-15T01:30:01,641][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [Test-Elastic] Completed deletion of expired ML data
[2020-01-15T01:30:01,641][INFO ][o.e.x.m.MlDailyMaintenanceService] [Test-Elastic] Successfully completed [ML] maintenance tasks
[2020-01-15T02:30:01,557][INFO ][o.e.x.s.SnapshotRetentionTask] [Test-Elastic] starting SLM retention snapshot cleanup task
[2020-01-15T08:05:38,924][DEBUG][o.e.a.s.m.TransportMasterNodeAction] [Test-Elastic] Get stats for datafeed '_all'
[2020-01-15T08:27:04,704][INFO ][o.e.n.Node               ] [Test-Elastic] stopping ...
[2020-01-15T08:27:04,798][ERROR][i.n.u.c.D.rejectedExecution] [Test-Elastic] Failed to submit a listener notification task. Event loop shut down?
java.util.concurrent.RejectedExecutionException: event executor terminated
	at io.netty.util.concurrent.SingleThreadEventExecutor.reject(SingleThreadEventExecutor.java:987) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.SingleThreadEventExecutor.offerTask(SingleThreadEventExecutor.java:388) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.SingleThreadEventExecutor.addTask(SingleThreadEventExecutor.java:381) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.SingleThreadEventExecutor.execute(SingleThreadEventExecutor.java:886) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.DefaultPromise.safeExecute(DefaultPromise.java:841) [netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:498) [netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:615) [netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.DefaultPromise.setFailure0(DefaultPromise.java:608) [netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.DefaultPromise.setFailure(DefaultPromise.java:109) [netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.channel.DefaultChannelPromise.setFailure(DefaultChannelPromise.java:89) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.channel.AbstractChannelHandlerContext.safeExecute(AbstractChannelHandlerContext.java:1015) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:800) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.channel.AbstractChannelHandlerContext.writeAndFlush(AbstractChannelHandlerContext.java:757) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.channel.DefaultChannelPipeline.writeAndFlush(DefaultChannelPipeline.java:1032) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.channel.AbstractChannel.writeAndFlush(AbstractChannel.java:298) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
	at org.elasticsearch.http.netty4.Netty4HttpChannel.sendResponse(Netty4HttpChannel.java:43) [transport-netty4-client-7.5.1.jar:7.5.1]
	at org.elasticsearch.http.DefaultRestChannel.sendResponse(DefaultRestChannel.java:129) [elasticsearch-7.5.1.jar:7.5.1]
	at org.elasticsearch.rest.RestController$ResourceHandlingHttpChannel.sendResponse(RestController.java:482) [elasticsearch-7.5.1.jar:7.5.1]
	at org.elasticsearch.rest.action.RestResponseListener.processResponse(RestResponseListener.java:37) [elasticsearch-7.5.1.jar:7.5.1]
	at org.elasticsearch.rest.action.RestActionListener.onResponse(RestActionListener.java:47) [elasticsearch-7.5.1.jar:7.5.1]
	at org.elasticsearch.action.support.TransportAction$1.onResponse(TransportAction.java:70) [elasticsearch-7.5.1.jar:7.5.1]
	at org.elasticsearch.action.support.TransportAction$1.onResponse(TransportAction.java:64) [elasticsearch-7.5.1.jar:7.5.1]```

sorry for the inconvenience this is the log that I found in C:\ProgramData\Elastic\Elasticsearch\logs after restarting the services not the node.

Is that all the logs you have ?

Can you provide more logs and elasticsearch.yml ( current version ) & also try to fully restart your server ?

This looks like a port binding error

cluster.name: elasticsearch
http.port: 9200
node.data: true
node.ingest: true
node.master: true
node.max_local_storage_nodes: 1
node.name: Test-Elastic
path.data: C:\ProgramData\Elastic\Elasticsearch\data
path.logs: C:\ProgramData\Elastic\Elasticsearch\logs
transport.tcp.port: 9300
xpack.license.self_generated.type: trial
xpack.security.enabled: true
network.host: 0.0.0.0
#server.host: "Test-Elastic"

this is elasticsearch yml

try changing 0.0.0.0 by the actual IP of the server also add :

transport.host: localhost

Hi grumo35

thank you, the problem is solved!!! as per your instruction

one more information I need is, can I collect event log of linux machine and check point firewalls while my elasticsearch and kibana is running on windows server???