Couldn't configure Elastic Retry or update the kibana.yml file manually

Aditya_Bollam · July 19, 2023, 9:04pm

Hi,
Sorry if I'm not giving information for you. Actually elasticsearch is running.

elasticsearch.service - Elasticsearch
     Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; pr>
     Active: active (running) since Wed 2023-07-19 02:39:03 UTC; 1h 35min ago
       Docs: https://www.elastic.co
   Main PID: 2614 (java)
      Tasks: 73 (limit: 5938)
     Memory: 626.1M
        CPU: 2min 23.590s
     CGroup: /system.slice/elasticsearch.service
             ├─2614 /usr/share/elasticsearch/jdk/bin/java -Xms4m -Xmx64m -XX:+U>
             ├─2670 /usr/share/elasticsearch/jdk/bin/java -Des.networkaddress.c>
             └─2689 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x>

Jul 19 02:37:19 elasticsearch systemd[1]: Starting Elasticsearch...
Jul 19 02:39:03 elasticsearch systemd[1]: Started Elasticsearch.

*   Trying ::1:9200...
* Connected to localhost (::1) port 9200 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Unknown (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Unknown (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=elasticsearch
*  start date: Jul 18 22:49:22 2023 GMT
*  expire date: Jul 17 22:49:22 2025 GMT
*  issuer: CN=Elasticsearch security auto-configuration HTTP CA
*  SSL certificate verify result: self-signed certificate in certificate chain (19), continuing anyway.
* Server auth using Basic with user 'elastic'
* TLSv1.2 (OUT), TLS header, Unknown (23):
> GET / HTTP/1.1
> Host: localhost:9200
> Authorization: Basic ZWxhc3RpYzppV3czRSpKVVU1dFBjc3VDWGNDMA==
> User-Agent: curl/7.76.1
> Accept: */*
>
* TLSv1.2 (IN), TLS header, Unknown (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Unknown (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< X-elastic-product: Elasticsearch
< content-type: application/json
< content-length: 536
<
{
  "name" : "elasticsearch",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "eV4bMbw-QGKClujUCDMEhA",
  "version" : {
    "number" : "8.8.2",
    "build_flavor" : "default",
    "build_type" : "rpm",
    "build_hash" : "98e1271edf932a480e4262a471281f1ee295ce6b",
    "build_date" : "2023-06-26T05:16:16.196344851Z",
    "build_snapshot" : false,
    "lucene_version" : "9.6.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}
* Connection #0 to host localhost left intact

-bash: url: command not found

Please let me know if you need more input from my side.

stephenb · July 19, 2023, 9:06pm

Please show the full actual command you ran not just the output otherwise It is very hard to diagnose your issue.. we need both

Example those curl commands we can not tell what you actually ran...

The more complete and precise you are, the more we can help.

The good part is it looks like the first curl connected so that's good.... But I don't know what you ran.

The second one I don't know what that is... It did not look like you ran the correct command

Do you actually know the IP that these servers are running on?

And again, if you do not show the entire actual command, not some shorthand. We have no clue of what is working and what is not.

We are trying to help but the more precise you are the better We can help.

Aditya_Bollam · July 19, 2023, 9:26pm

I'm sorry actually there was a typo error in

curl -k -v -u elastic https://10.0.2.15:9200
Enter host password for user 'elastic':
*   Trying 10.0.2.15:9200...
* Connected to 10.0.2.15 (10.0.2.15) port 9200 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Unknown (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Unknown (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=elasticsearch
*  start date: Jul 18 22:49:22 2023 GMT
*  expire date: Jul 17 22:49:22 2025 GMT
*  issuer: CN=Elasticsearch security auto-configuration HTTP CA
*  SSL certificate verify result: self-signed certificate in certificate chain (19), continuing anyway.
* Server auth using Basic with user 'elastic'
* TLSv1.2 (OUT), TLS header, Unknown (23):
> GET / HTTP/1.1
> Host: 10.0.2.15:9200
> Authorization: Basic ZWxhc3RpYzppV3czRSpKVVU1dFBjc3VDWGNDMA==
> User-Agent: curl/7.76.1
> Accept: */*
>
* TLSv1.2 (IN), TLS header, Unknown (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Unknown (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< X-elastic-product: Elasticsearch
< content-type: application/json
< content-length: 536
<
{
  "name" : "elasticsearch",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "eV4bMbw-QGKClujUCDMEhA",
  "version" : {
    "number" : "8.8.2",
    "build_flavor" : "default",
    "build_type" : "rpm",
    "build_hash" : "98e1271edf932a480e4262a471281f1ee295ce6b",
    "build_date" : "2023-06-26T05:16:16.196344851Z",
    "build_snapshot" : false,
    "lucene_version" : "9.6.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}
* Connection #0 to host 10.0.2.15 left intact

curl -k -v -u elastic https://localhost:9200
Enter host password for user 'elastic':
*   Trying ::1:9200...
* Connected to localhost (::1) port 9200 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Unknown (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Unknown (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=elasticsearch
*  start date: Jul 18 22:49:22 2023 GMT
*  expire date: Jul 17 22:49:22 2025 GMT
*  issuer: CN=Elasticsearch security auto-configuration HTTP CA
*  SSL certificate verify result: self-signed certificate in certificate chain (19), continuing anyway.
* Server auth using Basic with user 'elastic'
* TLSv1.2 (OUT), TLS header, Unknown (23):
> GET / HTTP/1.1
> Host: localhost:9200
> Authorization: Basic ZWxhc3RpYzppV3czRSpKVVU1dFBjc3VDWGNDMA==
> User-Agent: curl/7.76.1
> Accept: */*
>
* TLSv1.2 (IN), TLS header, Unknown (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Unknown (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< X-elastic-product: Elasticsearch
< content-type: application/json
< content-length: 536
<
{
  "name" : "elasticsearch",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "eV4bMbw-QGKClujUCDMEhA",
  "version" : {
    "number" : "8.8.2",
    "build_flavor" : "default",
    "build_type" : "rpm",
    "build_hash" : "98e1271edf932a480e4262a471281f1ee295ce6b",
    "build_date" : "2023-06-26T05:16:16.196344851Z",
    "build_snapshot" : false,
    "lucene_version" : "9.6.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}
* Connection #0 to host localhost left intact

 systemctl status elasticsearch
● elasticsearch.service - Elasticsearch
     Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; pr>
     Active: active (running) since Wed 2023-07-19 02:39:03 UTC; 1h 35min ago
       Docs: https://www.elastic.co
   Main PID: 2614 (java)
      Tasks: 73 (limit: 5938)
     Memory: 626.1M
        CPU: 2min 23.590s
     CGroup: /system.slice/elasticsearch.service
             ├─2614 /usr/share/elasticsearch/jdk/bin/java -Xms4m -Xmx64m -XX:+U>
             ├─2670 /usr/share/elasticsearch/jdk/bin/java -Des.networkaddress.c>
             └─2689 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x>

Jul 19 02:37:19 elasticsearch systemd[1]: Starting Elasticsearch...
Jul 19 02:39:03 elasticsearch systemd[1]: Started Elasticsearch.

stephenb · July 19, 2023, 10:42pm

OK Better!!!

So Elastisearch IS working! That is good ...

I would do manual configuration of kibana.yml

go to the elasticsearch directory

cd /usr/share/elasticsearch

reset the kibana_system password see here

bin/elasticsearch-reset-password -u kibana_system

Then stop kibana go edit the kibana.yml and put in the following and then restart kibana

# =================== System: Elasticsearch ===================
# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["https://localhost:9200"]

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "kibana_system"
elasticsearch.password: "password"  <!--- The password you just got from the previous command
elasticsearch.ssl.verificationMode: "none" <!---- Lets try this first I will explain later / next

Aditya_Bollam · July 19, 2023, 11:04pm

Thank you for that. I did everything as mentioned and now I can see that Kibana server is not ready yet.

If I run the elasticsearch in the browser with https://10.0.2.15:9200 I can't access. But I can access with https://hostname:9200 and in VM I can access with both.

The status of kibana is as follows

● kibana.service - Kibana
     Loaded: loaded (/usr/lib/systemd/system/kibana.service; enabled; preset: disabled)
     Active: active (running) since Wed 2023-07-19 06:25:23 UTC; 5min ago
       Docs: https://www.elastic.co
   Main PID: 2750 (node)
      Tasks: 11 (limit: 5938)
     Memory: 434.9M
        CPU: 31.978s
     CGroup: /system.slice/kibana.service
             └─2750 /usr/share/kibana/bin/../node/bin/node /usr/share/kibana/bin/../src/cli/dist

Jul 19 06:25:45 kibana kibana[2750]: [2023-07-19T06:25:45.397+00:00][INFO ][plugins.alerting] Registering resources for context "observability.slo".
Jul 19 06:25:45 kibana kibana[2750]: [2023-07-19T06:25:45.652+00:00][INFO ][plugins.alerting] Registering resources for context "observability.uptime".
Jul 19 06:25:45 kibana kibana[2750]: [2023-07-19T06:25:45.681+00:00][INFO ][plugins.alerting] Registering resources for context "security".
Jul 19 06:25:45 kibana kibana[2750]: [2023-07-19T06:25:45.733+00:00][INFO ][plugins.alerting] Registering resources for context "observability.logs".
Jul 19 06:25:45 kibana kibana[2750]: [2023-07-19T06:25:45.738+00:00][INFO ][plugins.alerting] Registering resources for context "observability.metrics".
Jul 19 06:25:45 kibana kibana[2750]: [2023-07-19T06:25:45.882+00:00][INFO ][plugins.alerting] Registering resources for context "observability.apm".
Jul 19 06:25:45 kibana kibana[2750]: [2023-07-19T06:25:45.884+00:00][INFO ][plugins.assetManager] Asset manager plugin [tech preview] is NOT enabled
Jul 19 06:25:46 kibana kibana[2750]: [2023-07-19T06:25:46.120+00:00][WARN ][plugins.screenshotting.config] Chromium sandbox provides an additional layer of protection,>
Jul 19 06:25:46 kibana kibana[2750]: [2023-07-19T06:25:46.198+00:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. con>
Jul 19 06:25:51 kibana kibana[2750]: [2023-07-19T06:25:51.788+00:00][INFO ][plugins.screenshotting.chromium] Browser executable: /usr/share/kibana/node_modules/@kbn/sc>

Aditya_Bollam · July 19, 2023, 11:16pm

Just to let you know one more error while configuring manually before these changes you just mentioned. I have attached the screenshots below. Please check them as well.

stephenb · July 20, 2023, 12:12am

Try putting the hostname in the Kibana.yml

elasticsearch.hosts: ["https://vmhostname:9200"]

Also you should look at the Kibana Logs not from systemctl but the actual

/var/log/kibana/Kibana.log

You should see You should Kibana trying to connect

Are you sure you have the right password for the kibana_system?

Try this to check you have the right user/password

curl -k -v -u kibana_system https://vmhostname:9200

There is something basic here network or usernames and passwords

stephenb · July 20, 2023, 12:17am

Also make sure there's none of that automatic configuration stuff at the bottom of the kibana.yml because it will overwrite the other settings.

Aditya_Bollam · July 20, 2023, 12:48am

changed to vmhostname

{"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.1"},"@timestamp":"2023-07-19T07:50:41.016+00:00","message":"Asset manager plugin [tech preview] is NOT enabled","log":{"level":"INFO","logger":"plugins.assetManager"},"process":{"pid":2947},"trace":{"id":"d45d4da76a3c60bfac440fe7f71d0a54"},"transaction":{"id":"6ee1315d55fbeabe"}}
{"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.1"},"@timestamp":"2023-07-19T07:50:41.632+00:00","message":"Chromium sandbox provides an additional layer of protection, but is not supported for Linux CentOS 9 OS. Automatically setting 'xpack.screenshotting.browser.chromium.disableSandbox: true'.","log":{"level":"WARN","logger":"plugins.screenshotting.config"},"process":{"pid":2947},"trace":{"id":"d45d4da76a3c60bfac440fe7f71d0a54"},"transaction":{"id":"6ee1315d55fbeabe"}}
{"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.1"},"@timestamp":"2023-07-19T07:50:41.823+00:00","message":"Unable to retrieve version information from Elasticsearch nodes. connect ECONNREFUSED 10.0.2.15:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":2947},"trace":{"id":"d45d4da76a3c60bfac440fe7f71d0a54"},"transaction":{"id":"6ee1315d55fbeabe"}}
{"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.1"},"@timestamp":"2023-07-19T07:50:45.725+00:00","message":"Browser executable: /usr/share/kibana/node_modules/@kbn/screenshotting-plugin/chromium/headless_shell-linux_x64/headless_shell","log":{"level":"INFO","logger":"plugins.screenshotting.chromium"},"process":{"pid":2947},"trace":{"id":"d45d4da76a3c60bfac440fe7f71d0a54"},"transaction":{"id":"6ee1315d55fbeabe"}}

curl -k -v -u kibana_sysyem https://10.0.2.15:9200
Enter host password for user 'kibana_sysyem':
*   Trying 10.0.2.15:9200...
* connect to 10.0.2.15 port 9200 failed: Connection refused
* Failed to connect to 10.0.2.15 port 9200: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 10.0.2.15 port 9200: Connection refused

Aditya_Bollam · July 20, 2023, 12:49am

There's no automatic configuration in kibana.yml

kibana.yml file

# For more configuration options see the configuration guide for Kibana in
# https://www.elastic.co/guide/index.html

# =================== System: Kibana Server ===================
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: 0.0.0.0

# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""

# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# Defaults to `false`.
#server.rewriteBasePath: false

# Specifies the public URL at which Kibana is available for end users. If
# `server.basePath` is configured this URL should end with the same basePath.
#server.publicBaseUrl: ""

# The maximum payload size in bytes for incoming server requests.
#server.maxPayload: 1048576

# The Kibana server's name. This is used for display purposes.
#server.name: "your-hostname"

# =================== System: Kibana Server (Optional) ===================
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: true
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key

# =================== System: Elasticsearch ===================
# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: https://10.0.2.15:9200

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "kibana_system"
elasticsearch.password: "gT_=FiO7QxBSYQSY9kmT"

# Kibana can also authenticate to Elasticsearch via "service account tokens".
# Service account tokens are Bearer style tokens that replace the traditional username/password based configuration.
# Use this token instead of a username/password.
# elasticsearch.serviceAccountToken: "my_token"

# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000

# The maximum number of sockets that can be used for communications with elasticsearch.
# Defaults to `Infinity`.
#elasticsearch.maxSockets: 1024

# Specifies whether Kibana should use compression for communications with elasticsearch
# Defaults to `false`.
#elasticsearch.compression: false

# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]

# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000

# =================== System: Elasticsearch (Optional) ===================
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key

# Enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: $KBN_PATH_CONF/elasticsearch-ca.pem

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
elasticsearch.ssl.verificationMode: "none"
# =================== System: Logging ===================
# Set the value of this setting to off to suppress all logging output, or to debug to log everything. Defaults to 'info'
#logging.root.level: debug

# Enables you to specify a file where Kibana stores log output.
logging:
  appenders:
    file:
      type: file
      fileName: /var/log/kibana/kibana.log
      layout:
        type: json
  root:
    appenders:
      - default
      - file
#  layout:
#    type: json

# Logs queries sent to Elasticsearch.
#logging.loggers:
#  - name: elasticsearch.query
#    level: debug

# Logs http responses.
#logging.loggers:
#  - name: http.server.response
#    level: debug

# Logs system usage information.
#logging.loggers:
#  - name: metrics.ops
#    level: debug

# =================== System: Other ===================
# The path where Kibana stores persistent data not saved in Elasticsearch. Defaults to data
#path.data: data

# Specifies the path where Kibana creates the process ID file.
pid.file: /run/kibana/kibana.pid

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000ms.
#ops.interval: 5000

# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English (default) "en", Chinese "zh-CN", Japanese "ja-JP", French "fr-FR".
# =================== Frequently used (Optional)===================

# =================== Saved Objects: Migrations ===================
# Saved object migrations run at startup. If you run into migration-related issues, you might need to adjust these settings.

# The number of documents migrated at a time.
# If Kibana can't start up or upgrade due to an Elasticsearch `circuit_breaking_exception`,
# use a smaller batchSize value to reduce the memory pressure. Defaults to 1000 objects per batch.
#migrations.batchSize: 1000

# The maximum payload size for indexing batches of upgraded saved objects.
# To avoid migrations failing due to a 413 Request Entity Too Large response from Elasticsearch.
# This value should be lower than or equal to your Elasticsearch cluster’s `http.max_content_length`
# configuration option. Default: 100mb
#migrations.maxBatchSizeBytes: 100mb

# The number of times to retry temporary migration failures. Increase the setting
# if migrations fail frequently with a message such as `Unable to complete the [...] step after
# 15 attempts, terminating`. Defaults to 15
#migrations.retryAttempts: 15

# =================== Search Autocomplete ===================
# Time in milliseconds to wait for autocomplete suggestions from Elasticsearch.
# This value must be a whole number greater than zero. Defaults to 1000ms
#unifiedSearch.autocomplete.valueSuggestions.timeout: 1000

# Maximum number of documents loaded by each shard to generate autocomplete suggestions.
# This value must be a whole number greater than zero. Defaults to 100_000
#unifiedSearch.autocomplete.valueSuggestions.terminateAfter: 100000

stephenb · July 20, 2023, 1:42am

Okay help me out here.....

You showed this connected and worked above

curl -k -v -u elastic https://10.0.2.15:9200
Enter host password for user 'elastic':
*   Trying 10.0.2.15:9200...
* Connected to 10.0.2.15 (10.0.2.15) port 9200 (#0)
...

Now you are showing this does not connect
Note I had a typo on the -u should have been kibana_system I fixed that, but that would no had resulted in Connection Refused just the auth would have failed

curl -k -v -u kibana_system https://10.0.2.15:9200
Enter host password for user 'kibana_system':
*   Trying 10.0.2.15:9200...
* connect to 10.0.2.15 port 9200 failed: Connection refused
* Failed to connect to 10.0.2.15 port 9200: Connection refused

Did you run those from the same server? Did you stop elasticsearch

curl -k -v -u elastic https://10.0.2.15:9200
curl -k -v -u kibana_system https://10.0.2.15:9200

Those are the exact same command with only the user different One can connect the other can not ... that does not make sense(impossible) they either should both connect or not...

It is possible the authentication would fail...but that comes after the connection

lets also try this without the quotes although that should not matter

elasticsearch.ssl.verificationMode: none

Also you did not share the kibana logs there is probably something helpful there

stephenb · July 20, 2023, 2:00pm

hi @Aditya_Bollam

Also, I saw something else ... syntax is important

My example and the the correct syntax

Yours is not correct syntax

you need to fix that to be the brackets and quotes are important, not sure if that will fix but that is correct syntax

elasticsearch.hosts: ["https://10.0.2.15:9200"]

system · August 17, 2023, 2:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
QUESTION ABOUT ELK SIEM Kibana	26	616	May 11, 2022
Kibana Unable to retrieve version information from Elasticsearch nodes Kibana	8	4329	January 22, 2022
Elastic search(8.2) and Kibana Authentication Error Kibana	11	4379	July 24, 2022
Unable to connect to Elasticsearch. Error: Request Timeout after 30000ms Kibana	5	994	October 13, 2020
Updated to 7.2, now I cannot connect to kibana gui Kibana	5	792	August 6, 2019

Couldn't configure Elastic Retry or update the kibana.yml file manually

Related topics