Accessing elastic search from a network

fekade · January 15, 2020, 10:50am

I configured Elasticsearch and kibana 7.5.1 in windows server 2016 and working successfully.

I need to access elasticsearch from the network but I couldn't please any one have some idea.
kibana is accessible from the network

Elasticsearch.yml

bootstrap.memory_lock: false
cluster.name: elasticsearch
http.port: 9200
node.data: true
node.ingest: true
node.master: true
node.max_local_storage_nodes: 1
node.name: Test-Elastic
path.data: C:\ProgramData\Elastic\Elasticsearch\data
path.logs: C:\ProgramData\Elastic\Elasticsearch\logs
transport.tcp.port: 9300
xpack.license.self_generated.type: trial
xpack.security.enabled: true

spinscale · January 15, 2020, 11:19am

Take a look at the network settings, as Elasticsearch binds to localhost by default, see https://www.elastic.co/guide/en/elasticsearch/reference/7.5/modules-network.html

fekade · January 15, 2020, 1:10pm

thank you for your replay

network.host: 0.0.0.0

when i set the network.host as above the elastic search service is not starting, sorry I am new to ELK.

grumo35 · January 15, 2020, 1:43pm

Hi there,

Can you please provide elasticsearch log ?

I dont know much of networking on windows and port openning can sometimes be tricky.

You should try to bind network.host : [SERVER-IP] and restart elasticsearch.

dadoonet · January 15, 2020, 1:45pm

Once you have the logs, please read https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html

fekade · January 15, 2020, 2:00pm

Please look at the Elasticsearch log below after setting network.host setting and restarting the services.

To forward eventlog to elastic search from different windows server Elasticsearch should be accessable from the network right ??

[2020-01-15T01:30:01,594][INFO ][o.e.x.m.MlDailyMaintenanceService] [Test-Elastic] triggering scheduled [ML] maintenance tasks
[2020-01-15T01:30:01,594][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [Test-Elastic] Deleting expired data
[2020-01-15T01:30:01,641][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [Test-Elastic] Completed deletion of expired ML data
[2020-01-15T01:30:01,641][INFO ][o.e.x.m.MlDailyMaintenanceService] [Test-Elastic] Successfully completed [ML] maintenance tasks
[2020-01-15T02:30:01,557][INFO ][o.e.x.s.SnapshotRetentionTask] [Test-Elastic] starting SLM retention snapshot cleanup task
[2020-01-15T08:05:38,924][DEBUG][o.e.a.s.m.TransportMasterNodeAction] [Test-Elastic] Get stats for datafeed '_all'
[2020-01-15T08:27:04,704][INFO ][o.e.n.Node ] [Test-Elastic] stopping ...
[2020-01-15T08:27:04,798][ERROR][i.n.u.c.D.rejectedExecution] [Test-Elastic] Failed to submit a listener notification task. Event loop shut down?
java.util.concurrent.RejectedExecutionException: event executor terminated
at io.netty.util.concurrent.SingleThreadEventExecutor.reject(SingleThreadEventExecutor.java:987) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor.offerTask(SingleThreadEventExecutor.java:388) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor.addTask(SingleThreadEventExecutor.java:381) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor.execute(SingleThreadEventExecutor.java:886) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.DefaultPromise.safeExecute(DefaultPromise.java:841) [netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:498) [netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:615) [netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.DefaultPromise.setFailure0(DefaultPromise.java:608) [netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.DefaultPromise.setFailure(DefaultPromise.java:109) [netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.channel.DefaultChannelPromise.setFailure(DefaultChannelPromise.java:89) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
at io.netty.channel.AbstractChannelHandlerContext.safeExecute(AbstractChannelHandlerContext.java:1015) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:800) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
at io.netty.channel.AbstractChannelHandlerContext.writeAndFlush(AbstractChannelHandlerContext.java:757) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
at io.netty.channel.DefaultChannelPipeline.writeAndFlush(DefaultChannelPipeline.java:1032) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
at io.netty.channel.AbstractChannel.writeAndFlush(AbstractChannel.java:298) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
at org.elasticsearch.http.netty4.Netty4HttpChannel.sendResponse(Netty4HttpChannel.java:43) [transport-netty4-client-7.5.1.jar:7.5.1]
at org.elasticsearch.http.DefaultRestChannel.sendResponse(DefaultRestChannel.java:129) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.rest.RestController$ResourceHandlingHttpChannel.sendResponse(RestController.java:482) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.rest.action.RestResponseListener.processResponse(RestResponseListener.java:37) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.rest.action.RestActionListener.onResponse(RestActionListener.java:47) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.TransportAction$1.onResponse(TransportAction.java:70) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.TransportAction$1.onResponse(TransportAction.java:64) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:43) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.core.action.TransportXPackInfoAction.doExecute(TransportXPackInfoAction.java:66) [x-pack-core-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.core.action.TransportXPackInfoAction.doExecute(TransportXPackInfoAction.java:26) [x-pack-core-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:153) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$apply$0(SecurityActionFilter.java:86) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$authorizeRequest$4(SecurityActionFilter.java:172) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.AuthorizationService.lambda$authorizeAction$4(AuthorizationService.java:241) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.AuthorizationService$AuthorizationResultListener.onResponse(AuthorizationService.java:616) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.AuthorizationService$AuthorizationResultListener.onResponse(AuthorizationService.java:591) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:43) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.RBACEngine.authorizeClusterAction(RBACEngine.java:144) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.AuthorizationService.authorizeAction(AuthorizationService.java:243) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.AuthorizationService.maybeAuthorizeRunAs(AuthorizationService.java:227) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.AuthorizationService.lambda$authorize$1(AuthorizationService.java:193) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:43) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.RBACEngine.lambda$resolveAuthorizationInfo$1(RBACEngine.java:117) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.store.CompositeRolesStore.roles(CompositeRolesStore.java:152) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.store.CompositeRolesStore.getRoles(CompositeRolesStore.java:231) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.RBACEngine.getRoles(RBACEngine.java:123) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.RBACEngine.resolveAuthorizationInfo(RBACEngine.java:111) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.AuthorizationService.authorize(AuthorizationService.java:195) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.authorizeRequest(SecurityActionFilter.java:172) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$3(SecurityActionFilter.java:158) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$authenticateAsync$2(AuthenticationService.java:246) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$lookForExistingAuthentication$6(AuthenticationService.java:306) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lookForExistingAuthentication(AuthenticationService.java:317) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.authenticateAsync(AuthenticationService.java:244) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.access$000(AuthenticationService.java:196) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:139) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.applyInternal(SecurityActionFilter.java:155) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.apply(SecurityActionFilter.java:107) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:151) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:129) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:64) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.client.node.NodeClient.executeLocally(NodeClient.java:83) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.client.node.NodeClient.doExecute(NodeClient.java:72) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:396) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:70) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.core.rest.action.RestXPackInfoAction.lambda$doPrepareRequest$0(RestXPackInfoAction.java:44) [x-pack-core-7.5.1.jar:7.5.1]
at org.elasticsearch.rest.BaseRestHandler.handleRequest(BaseRestHandler.java:108) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.rest.SecurityRestFilter.lambda$handleRequest$0(SecurityRestFilter.java:58) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$writeAuthToContext$24(AuthenticationService.java:572) [x-pack-security-7.5.1.jar:7.5.1]

dadoonet · January 15, 2020, 2:30pm

Please don't post unformatted code, logs, or configuration as it's very hard to read.

Instead, paste the text and format it with </> icon or pairs of triple backticks (```), and check the preview window to make sure it's properly formatted before posting it. This makes it more likely that your question will receive a useful answer.

It does not look like logs when you restart the node.
Could you restart the node and share the logs?
If there's no log at all then may be your config file is broken. Yaml could be sensible.

fekade · January 15, 2020, 3:40pm

[2020-01-15T01:30:01,594][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [Test-Elastic] Deleting expired data
[2020-01-15T01:30:01,641][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [Test-Elastic] Completed deletion of expired ML data
[2020-01-15T01:30:01,641][INFO ][o.e.x.m.MlDailyMaintenanceService] [Test-Elastic] Successfully completed [ML] maintenance tasks
[2020-01-15T02:30:01,557][INFO ][o.e.x.s.SnapshotRetentionTask] [Test-Elastic] starting SLM retention snapshot cleanup task
[2020-01-15T08:05:38,924][DEBUG][o.e.a.s.m.TransportMasterNodeAction] [Test-Elastic] Get stats for datafeed '_all'
[2020-01-15T08:27:04,704][INFO ][o.e.n.Node               ] [Test-Elastic] stopping ...
[2020-01-15T08:27:04,798][ERROR][i.n.u.c.D.rejectedExecution] [Test-Elastic] Failed to submit a listener notification task. Event loop shut down?
java.util.concurrent.RejectedExecutionException: event executor terminated
	at io.netty.util.concurrent.SingleThreadEventExecutor.reject(SingleThreadEventExecutor.java:987) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.SingleThreadEventExecutor.offerTask(SingleThreadEventExecutor.java:388) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.SingleThreadEventExecutor.addTask(SingleThreadEventExecutor.java:381) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.SingleThreadEventExecutor.execute(SingleThreadEventExecutor.java:886) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.DefaultPromise.safeExecute(DefaultPromise.java:841) [netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:498) [netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:615) [netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.DefaultPromise.setFailure0(DefaultPromise.java:608) [netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.DefaultPromise.setFailure(DefaultPromise.java:109) [netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.channel.DefaultChannelPromise.setFailure(DefaultChannelPromise.java:89) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.channel.AbstractChannelHandlerContext.safeExecute(AbstractChannelHandlerContext.java:1015) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:800) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.channel.AbstractChannelHandlerContext.writeAndFlush(AbstractChannelHandlerContext.java:757) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.channel.DefaultChannelPipeline.writeAndFlush(DefaultChannelPipeline.java:1032) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.channel.AbstractChannel.writeAndFlush(AbstractChannel.java:298) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
	at org.elasticsearch.http.netty4.Netty4HttpChannel.sendResponse(Netty4HttpChannel.java:43) [transport-netty4-client-7.5.1.jar:7.5.1]
	at org.elasticsearch.http.DefaultRestChannel.sendResponse(DefaultRestChannel.java:129) [elasticsearch-7.5.1.jar:7.5.1]
	at org.elasticsearch.rest.RestController$ResourceHandlingHttpChannel.sendResponse(RestController.java:482) [elasticsearch-7.5.1.jar:7.5.1]
	at org.elasticsearch.rest.action.RestResponseListener.processResponse(RestResponseListener.java:37) [elasticsearch-7.5.1.jar:7.5.1]
	at org.elasticsearch.rest.action.RestActionListener.onResponse(RestActionListener.java:47) [elasticsearch-7.5.1.jar:7.5.1]
	at org.elasticsearch.action.support.TransportAction$1.onResponse(TransportAction.java:70) [elasticsearch-7.5.1.jar:7.5.1]
	at org.elasticsearch.action.support.TransportAction$1.onResponse(TransportAction.java:64) [elasticsearch-7.5.1.jar:7.5.1]```

fekade · January 15, 2020, 3:42pm

sorry for the inconvenience this is the log that I found in C:\ProgramData\Elastic\Elasticsearch\logs after restarting the services not the node.

grumo35 · January 15, 2020, 4:19pm

Is that all the logs you have ?

Can you provide more logs and elasticsearch.yml ( current version ) & also try to fully restart your server ?

This looks like a port binding error

fekade · January 15, 2020, 4:36pm

cluster.name: elasticsearch
http.port: 9200
node.data: true
node.ingest: true
node.master: true
node.max_local_storage_nodes: 1
node.name: Test-Elastic
path.data: C:\ProgramData\Elastic\Elasticsearch\data
path.logs: C:\ProgramData\Elastic\Elasticsearch\logs
transport.tcp.port: 9300
xpack.license.self_generated.type: trial
xpack.security.enabled: true
network.host: 0.0.0.0
#server.host: "Test-Elastic"

this is elasticsearch yml

grumo35 · January 15, 2020, 4:40pm

try changing 0.0.0.0 by the actual IP of the server also add :

transport.host: localhost

fekade · January 16, 2020, 7:35am

Hi grumo35

thank you, the problem is solved!!! as per your instruction

one more information I need is, can I collect event log of linux machine and check point firewalls while my elasticsearch and kibana is running on windows server???

system · February 13, 2020, 7:35am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.