Cannot connect to Sense in spite of http.cors.enabled = true

Hey folks,

I have a six node Elasticsearch cluster with Kibana and Sense installed. Latest versions of everything, cluster initialized today.

The cluster is in Amazon EC2 and I'm accessing Kibana and Elasticsearch via ssh tunnels. I have a load balancer in front of the Elasticsearch cluster and am tunnelling through a host in the same virtual private cloud, so there's no issue with network ACLs or access privileges.

I've researched trying to get Sense to work and have found the http.cors settings. These are set in my elasticsearch.yml file:

http.cors.enabled: true
http.cors.allow-origin: /.*/
http.cors.allow-credentials: true

Kibana is remapped to localhost:5601
Elasticsearch is remapped to localhost:9200

I have Marvel, Timelion and Sense plugins installed. Marvel is operational and gathering stats.

Here's what works:

I can open and use Kibana on localhost:5601 just fine.
I can use Marvel.
I can load Timelion but I haven't actually tried to use it, because I don't really know how yet.
I can load Sense and it supports typeahead.

Here's what doesn't work:

Any query in Sense against the server http://localhost:9200 fails with this error message:

Error connecting to 'http://localhost:9200/_cluster/health':
Client request error: connect ECONNREFUSED 127.0.0.1:9200

Direct connection to the IP address is not an option; I have to go through the tunnels. It doesn't matter if the ssh tunnels are established using an IP address or the FQDNs of the hosts.

I can use curl to perform queries directly on localhost:9200. Example:

$ curl -XGET http://localhost:9200/_cluster/health?pretty
{
"cluster_name" : "development-elk-es",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 6,
"number_of_data_nodes" : 6,
"active_primary_shards" : 4,
"active_shards" : 8,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}

I've also tried tunneling directly to ports 9200 and 5601 on one of the elasticsearch nodes instead of the load balancer, but the behavior is exactly the same. I've even ssh'ed directly to the Elasticsearch server and tunneled to its own public interface. No dice.

So, I'm at a loss. Any advice would be appreciated.

Hi JeffKirk1,

I don't have a lot of experience with this problem but I found some interesting posts on the topic here;

http://elasticsearch-users.115913.n3.nabble.com/Http-Cors-Setting-tp4066032p4069090.html

One user suggests leaving out http.cors.allow-origin: /.*/ because the default is *.

But I'm also going to check with Kibana and Sense developers to see why Kibana and Marvel would work and Sense wouldn't.

Also, can you tell us what version of Elasticsearch and Kibana you're using?

Thanks,
Lee

@jeffkirk1
You may be running into this issue: https://github.com/elastic/sense/issues/69
See the possible fix linked in that conversation.

I'm using Elasticsearch 2.2.1 and Kibana 4.4.2. Thanks, I will look into your suggestion.

From what I've tested, there is no need to play with http.cors to get Sense work. Plus I think Sense is server-side, so your computer does not need direct access to ES http 9200. Could you try to use http://your_es_server_ip:9200 in the Sense UI?

anhiqn, the security settings for our Amazon VPC forbid direct access to the servers used by our developers. They have to ssh in through a jump host. I'm trying to give them a means of connecting to their development Elasticsearch clusters via ssh tunnels as a result.

Have you tried Elasticsearch Kopf? It offers a somewhat similar features to Sense (exception for request history), and I do like the Index template manager in Kopf.