Cant access ES data in Kibana generated by Rally benchmarks

So heres my indices:

curl --user elastic:secret -XGET 'localhost:9200/_cat/indices'
yellow open .kibana 0gfdsSymSVWU-5wnzqosXw 1 1 1 0 3.1kb 3.1kb
yellow open rally-2017 z_YMhaElSMu0wlWJoE2vQg 5 1 323411 0 34.3mb 34.3mb

.Kibana works.

rally-2017 does not work, I get: "Unable to fetch mapping. Do you have indices matching the pattern"

Logs show:

{"type":"response","@timestamp":"2017-05-01T12:15:10Z","tags":[],"pid":1481,"method":"get","statusCode":403,"req":{"url":"/elasticsearch/rally-2017/mapping/field/*?=1493640910751&ignore_unavailable=false&allow_no_indices=false&include_defaults=true","method":"get","headers":{"host":"x.x.x.x:5601","connection":"keep-alive","accept":"application/json, text/plain, /","kbn-version":"5.3.2","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36","dnt":"1","referer":"http://52.43.9.171:5601/app/kibana","accept-encoding":"gzip, deflate, sdch","accept-language":"en-GB,en-US;q=0.8,en;q=0.6"},"remoteAddress":"x.x.x.x","userAgent":"x.x.x.x","referer":"http://x.x.x.x:5601/app/kibana"},"res":{"statusCode":403,"responseTime":6,"contentLength":9},"message":"GET /elasticsearch/rally-2017/mapping/field/*?=1493640910751&ignore_unavailable=false&allow_no_indices=false&include_defaults=true 403 6ms - 9.0B"}

But when I query ES for it:

curl --user elastic:secret -XGET 'localhost:9200/rally-2017'
{"rally-2017":{"aliases":{},"mappings":{"races":{"_all":{"enabled":false},"dynamic_templates":[{"strings":{"match":"","match_mapping_type":"string","mapping":{"doc_values":true,"index":"not_analyzed","type":"string"}}}],"properties":{"@timestamp":{"type":"date","format":"epoch_millis"},"car":{"type":"keyword"},"challenge":{"type":"keyword"},"distribution-version":{"type":"keyword"},"environment":{"type":"keyword"},"lap":{"type":"integer"},"laps":{"type":"long"},"name":{"type":"keyword"},"operation":{"type":"keyword"},"operation-type":{"type":"keyword"},"pipeline":{"type":"keyword"},"relative-time":{"type":"long"},"revision":{"type":"keyword"},"sample-type":{"type":"keyword"},"selected-challenge":{"type":"nested","properties":{"name":{"type":"keyword"},"operations":{"type":"keyword"}}},"target-hosts":{"type":"keyword"},"track":{"type":"keyword"},"trial-timestamp":{"type":"date","fields":{"raw":{"type":"keyword"}},"format":"basic_date_time_no_millis"},"unit":{"type":"keyword"},"user-tag":{"type":"keyword"},"value":{"type":"float"}}},"metrics":{"_all":{"enabled":false},"dynamic_templates":[{"strings":{"match":"","match_mapping_type":"string","mapping":{"doc_values":true,"index":"not_analyzed","type":"string"}}}],"properties":{"@timestamp":{"type":"date","format":"epoch_millis"},"car":{"type":"keyword"},"challenge":{"type":"keyword"},"environment":{"type":"keyword"},"lap":{"type":"integer"},"meta":{"properties":{"bulk-size":{"type":"long"},"cpu_logical_cores":{"type":"long"},"distribution_version":{"type":"keyword"},"error-count":{"type":"long"},"host_name":{"type":"keyword"},"jvm_vendor":{"type":"keyword"},"jvm_version":{"type":"keyword"},"node_name":{"type":"keyword"},"os_name":{"type":"keyword"},"os_version":{"type":"keyword"},"source_revision":{"type":"keyword"},"success":{"type":"boolean"},"success-count":{"type":"long"}}},"name":{"type":"keyword"},"operation":{"type":"keyword"},"operation-type":{"type":"keyword"},"relative-time":{"type":"long"},"sample-type":{"type":"keyword"},"selected-challenge":{"type":"nested"},"track":{"type":"keyword"},"trial-timestamp":{"type":"date","fields":{"raw":{"type":"keyword"}},"format":"basic_date_time_no_millis"},"unit":{"type":"keyword"},"value":{"type":"float"}}},"default":{"_all":{"enabled":false},"dynamic_templates":[{"strings":{"match":"*","match_mapping_type":"string","mapping":{"doc_values":true,"index":"not_analyzed","type":"string"}}}],"properties":{"@timestamp":{"type":"date","format":"epoch_millis"},"car":{"type":"keyword"},"challenge":{"type":"keyword"},"environment":{"type":"keyword"},"lap":{"type":"integer"},"name":{"type":"keyword"},"operation":{"type":"keyword"},"operation-type":{"type":"keyword"},"relative-time":{"type":"long"},"sample-type":{"type":"keyword"},"selected-challenge":{"type":"nested"},"track":{"type":"keyword"},"trial-timestamp":{"type":"date","fields":{"raw":{"type":"keyword"}},"format":"basic_date_time_no_millis"},"unit":{"type":"keyword"},"value":{"type":"float"}}}},"settings":{"index":{"refresh_interval":"5s","number_of_shards":"5","provided_name":"rally-2017","creation_date":"1493458838319","number_of_replicas":"1","uuid":"z_YMhaElSMu0wlWJoE2vQg","version":{"created":"5030299"}}}}}

Does the account you're logged in have access to the rally-2017 index/what are you using for auth? In Kibana if the authenticated user doesn't have access it'll show up as not existing.

Hey, I was using the elastic superuser but tried creating a specific user with explicit access:

curl --user elastic -XPOST 'localhost:9200/_xpack/security/user/rally_user?pretty' -H 'Content-Type: application/json' -d'
{
"password" : "haggis",
"roles" : [ "rally", "superuser" ],
"full_name" : "Elasticband",
"email" : "xxxxxxxxxxxxxxx"
}'

curl -XPOST -u elastic 'localhost:9200/_xpack/security/role/rally' -H "Content-Type: application/json" -d '{
"indices": [{
"names": "rally-2017",
"privileges": ["all"]
}]}'

Kibana still shows (tried rally-2017 and rally-*):

{"type":"response","@timestamp":"2017-05-01T22:55:54Z","tags":[],"pid":2267,"method":"get","statusCode":404,"req":{"url":"/elasticsearch/rally-/_mapping/field/?=1493679355502&ignore_unavailable=false&allow_no_indices=false&include_defaults=true","method":"get","headers":{"host":"x.x.x.x:5601","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","accept":"application/json, text/plain, /","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate","dnt":"1","kbn-version":"5.3.2","referer":"http://x.x.x.x:5601/app/kibana","connection":"keep-alive"},"remoteAddress":"x.x.x.x","userAgent":"x.x.x.x","referer":"http://x.x.x.x:5601/app/kibana"},"res":{"statusCode":404,"responseTime":10,"contentLength":9},"message":"GET /elasticsearch/rally-/_mapping/field/?=1493679355502&ignore_unavailable=false&allow_no_indices=false&include_defaults=true 404 10ms - 9.0B"}

Heres the config file:

elasticsearch.username: "rally_user"
elasticsearch.password: "haggis" < this is a simple word definitely correct.

I packetsniffed what Kibana does:

curl -XGET -u rally_user 'localhost:9200/rally-2017/_mapping/field/*?ignore_unavailable=false&allow_no_indices=false&include_defaults=true'

And got this response, Which appears to be the data Kibana cant find.:

{
"rally-2017": {
"mappings": {
"races": {
"_ttl": {
"full_name": "_ttl",
"mapping": {
"_ttl": {
"enabled": false,
"default": -1
}
}
},
"_index": {
"full_name": "_index",
"mapping": {}
},
"laps": {
"full_name": "laps",
"mapping": {
"laps": {
"type": "long",
"boost": 1.0,
"index": true,
"store": false,
"doc_values": true,
"term_vector": "no",
"norms": false,
"index_options": "positions",
"eager_global_ordinals": false,
"similarity": "BM25",
"ignore_malformed": false,
"coerce": true,
"null_value": null,
"include_in_all": false
}
}
},
"target-hosts": {
"full_name": "target-hosts",
"mapping": {
"target-hosts": {
"type": "keyword",
"boost": 1.0,
"index": true,
"store": false,
"doc_values": true,
"term_vector": "no",
"norms": false,
"index_options": "docs",
"eager_global_ordinals": false,
"similarity": "BM25",
"null_value": null,
"include_in_all": true,
"ignore_above": 2147483647,
"normalizer": null
}
}
},
"_all": {
"full_name": "_all",
"mapping": {
"_all": {
"enabled": false,
"store": false,
"store_term_vectors": false,
"store_term_vector_offsets": false,
"store_term_vector_positions": false,
"store_term_vector_payloads": false,
"norms": true,
"analyzer": "default",
"search_analyzer": "default",
"search_quote_analyzer": "default",
"similarity": "BM25"
}
}
},
"selected-challenge.name": {
"full_name": "selected-challenge.name",
"mapping": {
"name": {
"type": "keyword",
"boost": 1.0,
"index": true,
"store": false,
"doc_values": true,
"term_vector": "no",
"norms": false,
"index_options": "docs",
"eager_global_ordinals": false,
"similarity": "BM25",
"null_value": null,
"include_in_all": true,
"ignore_above": 2147483647,
"normalizer": null
}
}
},
"_parent": {
"full_name": "_parent",
"mapping": {}
},
"user-tag": {
"full_name": "user-tag",
"mapping": {
"user-tag": {
"type": "keyword",
"boost": 1.0,
"index": true,
"store": false,
"doc_values": true,
"term_vector": "no",
"norms": false,
"index_options": "docs",
"eager_global_ordinals": false,
"similarity": "BM25",
"null_value": null,
"include_in_all": true,
"ignore_above": 2147483647,
"normalizer": null
}
}
},
"car": {
"full_name": "car",
"mapping": {
"car": {
"type": "keyword",
"boost": 1.0,
"index": true,
"store": false,
"doc_values": true,
"term_vector": "no",
"norms": false,
"index_options": "docs",
"eager_global_ordinals": false,
"similarity": "BM25",
"null_value": null,
"include_in_all": true,
"ignore_above": 2147483647,
"normalizer": null
}
}
},
"lap": {
"full_name": "lap",
"mapping": {
"lap": {
"type": "integer",
"boost": 1.0,
.... # Ive cut it off here for brevity.

I think I figured this out, Looks like a bug? Heres the 403'ing request:

GET /rally-2017/_mapping/field/*?ignore_unavailable=false&allow_no_indices=false&include_defaults=true HTTP/1.1
authorization: Basic a2liYW5hOmNoYW5nZW1l
x-forwarded-for: x.x.x.x
x-forwarded-port: 59429
x-forwarded-proto: http
Host: localhost:9200
Connection: close

When I base64 decode that user pass, Its the Kibana UI user/password. Not the one configured in Kibana.yml...

So Kibana is ignoring the configured user/pass and using the UI user pass it seems.

It uses the same for the working .kibana index..

GET /.kibana/_mapping/field/*?ignore_unavailable=false&allow_no_indices=false&include_defaults=true HTTP/1.1
authorization: Basic a2liYW5hOmNoYW5nZW1l

And there is a kibana user which is how its accessing .kibana.

"kibana" : {
"username" : "kibana",
"roles" : [
"kibana_system"
],
"full_name" : null,
"email" : null,
"metadata" : {
"_reserved" : true
},
"enabled" : true
},

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.