Basic Elastic Stack Install Failure

Elastic Stack Elasticsearch
1

I have a basic setup of ELK. I can see data flowing through logstash and into elastisearch. All of the indices are Green and healthy. However when I fire up Kibana 4.5.4 for the first time, and select the logstash-* pattern, select @timestamp as the timefield name kibana becomes unresponsive (for the most part)

I open up chrome developer tools and see this error regardless of what I try to do in Kibana:

commons.bundle.js?v=10000:40136 TypeError: Cannot read property 'fields' of undefined
at ittr (kibana.bundle.js?v=10000:79301)
at commons.bundle.js?v=10000:8563
at baseForOwn (commons.bundle.js?v=10000:7536)
at Function.forOwn (commons.bundle.js?v=10000:8868)
at applyESResp (kibana.bundle.js?v=10000:79299)
at processQueue (commons.bundle.js?v=10000:42404)
at commons.bundle.js?v=10000:42420
at Scope.$eval (commons.bundle.js?v=10000:43648)
at Scope.$digest (commons.bundle.js?v=10000:43459)
at Scope.$apply (commons.bundle.js?v=10000:43756)(anonymous function) @ commons.bundle.js?v=10000:40136(anonymous function) @ commons.bundle.js?v=10000:36905processQueue @ commons.bundle.js?v=10000:42412(anonymous function) @ commons.bundle.js?v=10000:42420$eval @ commons.bundle.js?v=10000:43648$digest @ commons.bundle.js?v=10000:43459$apply @ commons.bundle.js?v=10000:43756done @ commons.bundle.js?v=10000:38205completeRequest @ commons.bundle.js?v=10000:38403requestLoaded @ commons.bundle.js?v=10000:38344

I have tried everything I can think of to resolve this however I cannot figure out where I am going wrong. Any pointers would be helpful.

2

What version of Elasticsearch are you running? Kibana 4.5.x is only compatible with Elasticsearch 2.3.x.

Do you see the error immediately after selecting @timestamp as the timefield, or after clicking the "Create" button? Any plugins installed?

3

Thank you for the reply!

I am running Elasticsearch 2.4

{
"name" : "ra_search_10.199.4.240",
"cluster_name" : "ra_search_cluster",
"version" : {
"number" : "2.4.0",
"build_hash" : "ce9f0c7394dee074091dd1bc4e9469251181fc55",
"build_timestamp" : "2016-08-29T09:14:17Z",
"build_snapshot" : false,
"lucene_version" : "5.5.2"
},
"tagline" : "You Know, for Search"
}

I did just reinstall Kibana as Kibana version 4.6.1 and drop the .kibana index. I still get the same result. I do see this error after clicking the "Create" button.

No plugins installed, right now I am just trying to get the most basic ELK stack running to demo for a client.

4

I went back and dropped all of my indicies in ES. Then recreated the data. This time when I attempted to fire up Kibana 4.6.1 for the first time and create the default index I got this error:

commons.bundle.js?v=10146:40184 Error: Request to Elasticsearch failed: "[document_source_missing_exception] [config][4.6.1]: document source missing, with: {"shard":"0","index":".kibana"}"
at kibana.bundle.js?v=10146:80547
at processQueue (commons.bundle.js?v=10146:42452)
at commons.bundle.js?v=10146:42468
at Scope.$eval (commons.bundle.js?v=10146:43696)
at Scope.$digest (commons.bundle.js?v=10146:43507)
at Scope.$apply (commons.bundle.js?v=10146:43804)
at done (commons.bundle.js?v=10146:38253)
at completeRequest (commons.bundle.js?v=10146:38451)
at XMLHttpRequest.requestLoaded (commons.bundle.js?v=10146:38392)(anonymous function) @ commons.bundle.js?v=10146:40184(anonymous function) @ commons.bundle.js?v=10146:36953processQueue @ commons.bundle.js?v=10146:42460(anonymous function) @ commons.bundle.js?v=10146:42468$eval @ commons.bundle.js?v=10146:43696$digest @ commons.bundle.js?v=10146:43507$apply @ commons.bundle.js?v=10146:43804done @ commons.bundle.js?v=10146:38253completeRequest @ commons.bundle.js?v=10146:38451requestLoaded @ commons.bundle.js?v=10146:38392

5

What platform are you running Kibana and ES on? Any chance you could share a sample document you see the error with? Any detailed steps to reproduce would be helpful.

6

I got it working.

I installed elasticsearch and kibana from downloadable RPM's from their respective pages (which yields version 4.6.1 of Kibana and 2.4.0 of Elasticsearch) - recreated the data and everything seems to be working properly.

Previously we were installing everything from yum repo's, which leads me to believe that the elastic RHEL repo's are providing mismatched versions of the toolset.

7

What URL are you using for the repo? In Kibana 4.6 we switched to minor versions for the url naming scheme, so you'll need to update the repo to https://packages.elastic.co/kibana/4.6/centos

8

For some reason we are pointing to /kibana/4.5/centos - I am honestly not sure why or how that happened.

Are there any plans to create a /kibana /elasticsearch that would just install latest stable?

9

In 5.x we'll most likely switch to major version naming, the code to do so has already been merged: https://github.com/elastic/kibana/issues/6728

That should make upgrades much easier in the future. In 4.x we've stuck with minor version structuring for consistency.

1 Like
10

Interesting enough, this morning I rebuilt the entire cluster using Kiaban 4.6.x and ElasticSearch 2.4.x - I had the same problem for some reason.

ElasticSearch came from this repository:
[elasticsearch-2.x]
name=Elasticsearch repository for 2.x packages
baseurl=https://packages.elastic.co/elasticsearch/2.x/centos
gpgcheck=0
gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1

I downloaded the ElasticSearch rpm from https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/rpm/elasticsearch/2.4.0/elasticsearch-2.4.0.rpm, yum removed the version that installed from the repository and rpm -i this file and it works fine.

They both report as version 2.4.0 - I can't imagine there would be a breaking change between builds?!

11

Just so I understand:

Elasticsearch 2.4.0 installed from the repo didn't work with Kibana 4.6.1.

Elasticsearch 2.4.0 installed directly from rpm worked with Kibana 4.6.1.

Was the Kibana install exactly the same between tests? Did you do anything differently with the repo install? Perhaps there was some config left over from a previous install? I'm not sure what the yum equivalent to apt-get purge is but I would try to ensure you're working with a totally fresh install.

12

You are correct.

These are fresh instances each time we build. So there is nothing left over.

Is the RPM linked from the Downloads page the same exact RPM that is provided from the Yum repository?

13

Sorry, not sure about that, I would assume so. I've moved this topic to the elasticsearch category so that someone more knowledgeable can weigh in.

14

Thanks Matt! I appreciate your help! For now I have written our chef scripts to just pull the rpm package from the download link, not ideal in the long run, but it gets the job done.

15

Scratch everything I said.

The issue is definitely not with the install package. It is something in our chef scripts that is being configured. Whenever I uninstall elasticsearch and reinstall elasticsearch the problem goes away, I think so does the configurations that are coming from chef.

16

Yep. I just rewrote the recipe to do nothing but install elasticsearch and start it, and everything works fine, that is from yum. Sorry for the fire drill. :frowning:

Now... to figure out what is breaking from a configuration standpoint in elasticsearch.