Elastic Search 7.8 installation with XPACK

Hello Team,
We had Elastic search version 7.6 installed on the server and was working well with the Wazuh perfectly and then we tried to install the XPACK and Kibana was not starting at all.

● elasticsearch.service - Elasticsearch

Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vend>

Active: failed (Result: exit-code) since Sat 2020-06-27 13:04:00 EDT; 27s ago

Docs: https://www.elastic.co

Process: 9181 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${>

Main PID: 9181 (code=exited, status=1/FAILURE)

As there was a new version of Elastic search we tried to upgrade the Elastic search to 7.7 and still it was not able start and we have the same error.


  • Can we install the new version of Elastic search 7.8 and then install the XPAC again?
  • Is installing XPAC suggestible? Any compatibility issues?
  • Can you please provide detailed steps to install XPAC security on ELKSTACK 7.8?

The below are the versions:
Wazuh 3.13
filebeat 7.7
kibana 7.7
elastic search 7.8 (planning fresh install,current 7.7)



Can you provide the snippet from the Elasticsearch logs?

What do you mean with installing XPack as it is part of the ElasticStack by now? Do you mean you tried to configure XPack?

Best regards

Can you please provide me detailed steps on how to enable or perform XPAC configuration on 7.8?

My ElkStac is up and running now with latest Wazuh 3.13 and elastic server 7.8.

But we dint enable the configuration for XPAC fearing it will break again.




Have a look here: https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-xpack.html
This is a really good description of what to do .

Best regards

There are two different distributions of Elasticsearch: the default one which comes bundled with X-Pack and the oss one which does not include X-Pack. Make sure you have installed the default distribution before you try setting it up.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.