Accessing elastic search from a network

Elastic Stack Elasticsearch
1

I configured Elasticsearch and kibana 7.5.1 in windows server 2016 and working successfully.

I need to access elasticsearch from the network but I couldn't please any one have some idea.
kibana is accessible from the network

Elasticsearch.yml

bootstrap.memory_lock: false
cluster.name: elasticsearch
http.port: 9200
node.data: true
node.ingest: true
node.master: true
node.max_local_storage_nodes: 1
node.name: Test-Elastic
path.data: C:\ProgramData\Elastic\Elasticsearch\data
path.logs: C:\ProgramData\Elastic\Elasticsearch\logs
transport.tcp.port: 9300
xpack.license.self_generated.type: trial
xpack.security.enabled: true

2

Take a look at the network settings, as Elasticsearch binds to localhost by default, see https://www.elastic.co/guide/en/elasticsearch/reference/7.5/modules-network.html

3

thank you for your replay

network.host: 0.0.0.0

when i set the network.host as above the elastic search service is not starting, sorry I am new to ELK.

4

Hi there,

Can you please provide elasticsearch log ?

I dont know much of networking on windows and port openning can sometimes be tricky.

You should try to bind network.host : [SERVER-IP] and restart elasticsearch.

5

Once you have the logs, please read https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html

6

Please look at the Elasticsearch log below after setting network.host setting and restarting the services.

To forward eventlog to elastic search from different windows server Elasticsearch should be accessable from the network right ??

[2020-01-15T01:30:01,594][INFO ][o.e.x.m.MlDailyMaintenanceService] [Test-Elastic] triggering scheduled [ML] maintenance tasks
[2020-01-15T01:30:01,594][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [Test-Elastic] Deleting expired data
[2020-01-15T01:30:01,641][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [Test-Elastic] Completed deletion of expired ML data
[2020-01-15T01:30:01,641][INFO ][o.e.x.m.MlDailyMaintenanceService] [Test-Elastic] Successfully completed [ML] maintenance tasks
[2020-01-15T02:30:01,557][INFO ][o.e.x.s.SnapshotRetentionTask] [Test-Elastic] starting SLM retention snapshot cleanup task
[2020-01-15T08:05:38,924][DEBUG][o.e.a.s.m.TransportMasterNodeAction] [Test-Elastic] Get stats for datafeed '_all'
[2020-01-15T08:27:04,704][INFO ][o.e.n.Node ] [Test-Elastic] stopping ...
[2020-01-15T08:27:04,798][ERROR][i.n.u.c.D.rejectedExecution] [Test-Elastic] Failed to submit a listener notification task. Event loop shut down?
java.util.concurrent.RejectedExecutionException: event executor terminated
at io.netty.util.concurrent.SingleThreadEventExecutor.reject(SingleThreadEventExecutor.java:987) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor.offerTask(SingleThreadEventExecutor.java:388) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor.addTask(SingleThreadEventExecutor.java:381) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor.execute(SingleThreadEventExecutor.java:886) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.DefaultPromise.safeExecute(DefaultPromise.java:841) [netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:498) [netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:615) [netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.DefaultPromise.setFailure0(DefaultPromise.java:608) [netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.util.concurrent.DefaultPromise.setFailure(DefaultPromise.java:109) [netty-common-4.1.43.Final.jar:4.1.43.Final]
at io.netty.channel.DefaultChannelPromise.setFailure(DefaultChannelPromise.java:89) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
at io.netty.channel.AbstractChannelHandlerContext.safeExecute(AbstractChannelHandlerContext.java:1015) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:800) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
at io.netty.channel.AbstractChannelHandlerContext.writeAndFlush(AbstractChannelHandlerContext.java:757) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
at io.netty.channel.DefaultChannelPipeline.writeAndFlush(DefaultChannelPipeline.java:1032) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
at io.netty.channel.AbstractChannel.writeAndFlush(AbstractChannel.java:298) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
at org.elasticsearch.http.netty4.Netty4HttpChannel.sendResponse(Netty4HttpChannel.java:43) [transport-netty4-client-7.5.1.jar:7.5.1]
at org.elasticsearch.http.DefaultRestChannel.sendResponse(DefaultRestChannel.java:129) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.rest.RestController$ResourceHandlingHttpChannel.sendResponse(RestController.java:482) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.rest.action.RestResponseListener.processResponse(RestResponseListener.java:37) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.rest.action.RestActionListener.onResponse(RestActionListener.java:47) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.TransportAction$1.onResponse(TransportAction.java:70) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.TransportAction$1.onResponse(TransportAction.java:64) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:43) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.core.action.TransportXPackInfoAction.doExecute(TransportXPackInfoAction.java:66) [x-pack-core-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.core.action.TransportXPackInfoAction.doExecute(TransportXPackInfoAction.java:26) [x-pack-core-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:153) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$apply$0(SecurityActionFilter.java:86) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$authorizeRequest$4(SecurityActionFilter.java:172) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.AuthorizationService.lambda$authorizeAction$4(AuthorizationService.java:241) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.AuthorizationService$AuthorizationResultListener.onResponse(AuthorizationService.java:616) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.AuthorizationService$AuthorizationResultListener.onResponse(AuthorizationService.java:591) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:43) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.RBACEngine.authorizeClusterAction(RBACEngine.java:144) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.AuthorizationService.authorizeAction(AuthorizationService.java:243) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.AuthorizationService.maybeAuthorizeRunAs(AuthorizationService.java:227) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.AuthorizationService.lambda$authorize$1(AuthorizationService.java:193) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:43) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.RBACEngine.lambda$resolveAuthorizationInfo$1(RBACEngine.java:117) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.store.CompositeRolesStore.roles(CompositeRolesStore.java:152) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.store.CompositeRolesStore.getRoles(CompositeRolesStore.java:231) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.RBACEngine.getRoles(RBACEngine.java:123) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.RBACEngine.resolveAuthorizationInfo(RBACEngine.java:111) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authz.AuthorizationService.authorize(AuthorizationService.java:195) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.authorizeRequest(SecurityActionFilter.java:172) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$3(SecurityActionFilter.java:158) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$authenticateAsync$2(AuthenticationService.java:246) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$lookForExistingAuthentication$6(AuthenticationService.java:306) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lookForExistingAuthentication(AuthenticationService.java:317) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.authenticateAsync(AuthenticationService.java:244) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.access$000(AuthenticationService.java:196) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:139) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.applyInternal(SecurityActionFilter.java:155) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.apply(SecurityActionFilter.java:107) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:151) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:129) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:64) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.client.node.NodeClient.executeLocally(NodeClient.java:83) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.client.node.NodeClient.doExecute(NodeClient.java:72) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:396) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:70) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.core.rest.action.RestXPackInfoAction.lambda$doPrepareRequest$0(RestXPackInfoAction.java:44) [x-pack-core-7.5.1.jar:7.5.1]
at org.elasticsearch.rest.BaseRestHandler.handleRequest(BaseRestHandler.java:108) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.rest.SecurityRestFilter.lambda$handleRequest$0(SecurityRestFilter.java:58) [x-pack-security-7.5.1.jar:7.5.1]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$writeAuthToContext$24(AuthenticationService.java:572) [x-pack-security-7.5.1.jar:7.5.1]

7

Please don't post unformatted code, logs, or configuration as it's very hard to read.

Instead, paste the text and format it with </> icon or pairs of triple backticks (```), and check the preview window to make sure it's properly formatted before posting it. This makes it more likely that your question will receive a useful answer.

It does not look like logs when you restart the node.
Could you restart the node and share the logs?
If there's no log at all then may be your config file is broken. Yaml could be sensible. :grimacing:

8 
[2020-01-15T01:30:01,594][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [Test-Elastic] Deleting expired data
[2020-01-15T01:30:01,641][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [Test-Elastic] Completed deletion of expired ML data
[2020-01-15T01:30:01,641][INFO ][o.e.x.m.MlDailyMaintenanceService] [Test-Elastic] Successfully completed [ML] maintenance tasks
[2020-01-15T02:30:01,557][INFO ][o.e.x.s.SnapshotRetentionTask] [Test-Elastic] starting SLM retention snapshot cleanup task
[2020-01-15T08:05:38,924][DEBUG][o.e.a.s.m.TransportMasterNodeAction] [Test-Elastic] Get stats for datafeed '_all'
[2020-01-15T08:27:04,704][INFO ][o.e.n.Node               ] [Test-Elastic] stopping ...
[2020-01-15T08:27:04,798][ERROR][i.n.u.c.D.rejectedExecution] [Test-Elastic] Failed to submit a listener notification task. Event loop shut down?
java.util.concurrent.RejectedExecutionException: event executor terminated
	at io.netty.util.concurrent.SingleThreadEventExecutor.reject(SingleThreadEventExecutor.java:987) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.SingleThreadEventExecutor.offerTask(SingleThreadEventExecutor.java:388) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.SingleThreadEventExecutor.addTask(SingleThreadEventExecutor.java:381) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.SingleThreadEventExecutor.execute(SingleThreadEventExecutor.java:886) ~[netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.DefaultPromise.safeExecute(DefaultPromise.java:841) [netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:498) [netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:615) [netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.DefaultPromise.setFailure0(DefaultPromise.java:608) [netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.util.concurrent.DefaultPromise.setFailure(DefaultPromise.java:109) [netty-common-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.channel.DefaultChannelPromise.setFailure(DefaultChannelPromise.java:89) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.channel.AbstractChannelHandlerContext.safeExecute(AbstractChannelHandlerContext.java:1015) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:800) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.channel.AbstractChannelHandlerContext.writeAndFlush(AbstractChannelHandlerContext.java:757) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.channel.DefaultChannelPipeline.writeAndFlush(DefaultChannelPipeline.java:1032) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
	at io.netty.channel.AbstractChannel.writeAndFlush(AbstractChannel.java:298) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
	at org.elasticsearch.http.netty4.Netty4HttpChannel.sendResponse(Netty4HttpChannel.java:43) [transport-netty4-client-7.5.1.jar:7.5.1]
	at org.elasticsearch.http.DefaultRestChannel.sendResponse(DefaultRestChannel.java:129) [elasticsearch-7.5.1.jar:7.5.1]
	at org.elasticsearch.rest.RestController$ResourceHandlingHttpChannel.sendResponse(RestController.java:482) [elasticsearch-7.5.1.jar:7.5.1]
	at org.elasticsearch.rest.action.RestResponseListener.processResponse(RestResponseListener.java:37) [elasticsearch-7.5.1.jar:7.5.1]
	at org.elasticsearch.rest.action.RestActionListener.onResponse(RestActionListener.java:47) [elasticsearch-7.5.1.jar:7.5.1]
	at org.elasticsearch.action.support.TransportAction$1.onResponse(TransportAction.java:70) [elasticsearch-7.5.1.jar:7.5.1]
	at org.elasticsearch.action.support.TransportAction$1.onResponse(TransportAction.java:64) [elasticsearch-7.5.1.jar:7.5.1]```
9

sorry for the inconvenience this is the log that I found in C:\ProgramData\Elastic\Elasticsearch\logs after restarting the services not the node.

10

Is that all the logs you have ?

Can you provide more logs and elasticsearch.yml ( current version ) & also try to fully restart your server ?

This looks like a port binding error

11 
cluster.name: elasticsearch
http.port: 9200
node.data: true
node.ingest: true
node.master: true
node.max_local_storage_nodes: 1
node.name: Test-Elastic
path.data: C:\ProgramData\Elastic\Elasticsearch\data
path.logs: C:\ProgramData\Elastic\Elasticsearch\logs
transport.tcp.port: 9300
xpack.license.self_generated.type: trial
xpack.security.enabled: true
network.host: 0.0.0.0
#server.host: "Test-Elastic"

this is elasticsearch yml
12

try changing 0.0.0.0 by the actual IP of the server also add :

transport.host: localhost
13

Hi grumo35

thank you, the problem is solved!!! as per your instruction

one more information I need is, can I collect event log of linux machine and check point firewalls while my elasticsearch and kibana is running on windows server???

14

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.