Elasticsearch 7.10.2 backup

Elastic Stack Elasticsearch
1

Hi everyone

My name is José Manuel and I am trying to make a back from elasticsearch 7.10.2, but show me the next error

# curl -X PUT localhost:9200/_snapshot/my_backup?pretty  -H 'Content-Type: application/json' -d '{ "type": "fs", "settings": { "location": "/backup" } }'
<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD>
<BODY>
<FONT face="Helvetica">
<big><strong></strong></big><BR>
</FONT>
<blockquote>
<TABLE border=0 cellPadding=1 width="80%">
<TR><TD>
<FONT face="Helvetica">
<big>Access Denied (authentication_failed)</big>
<BR>
<BR>
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica">
Your credentials could not be authenticated: "Credentials are missing.". You will not be permitted access until your credentials can be verified.
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica">
This is typically caused by an incorrect username and/or password, but could also be caused by network problems.
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica" SIZE=2>
<BR>
For assistance, contact your network support team.
</FONT>
</TD></TR>
</TABLE>
</blockquote>
</FONT>
</BODY></HTML>

Can anyone help me?

Best regards. Thanks a lot.

2

If someone needs the elasticsearch.yml or something more please call me.
the linus is a Debian 11, graylog 4.3, elasticsearch 7.10.2

Best regards.

3

Hi José,

It looks like you are missing credentials in your request. Can you try adding credentials similar to the curl example here in the documentation and see if that resolves your issue?

4

It looks like you have something in front of Elasticsearch that is proxying requests, as that is not something that Elasticsearch will respond with.

5

Hi Mister

Now I did this simple comand and nothing

curl -X GET "http://localhost:9200?pretty"
<HTML><HEAD>
<TITLE>Redirect</TITLE>
</HEAD>
<BODY>
<FONT face="Helvetica">
<big><strong></strong></big><BR>
</FONT>
<blockquote>
<TABLE border=0 cellPadding=1 width="80%">
<TR><TD>
<FONT face="Helvetica">
<big>Redirect (authentication_redirect_to_virtual_host)</big>
<BR>
<BR>
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica">
You are being redirected to the authentication virtual host.
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica">

</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica" SIZE=2>
<BR>
For assistance, contact your network support team.
</FONT>
</TD></TR>
</TABLE>
</blockquote>
</FONT>
</BODY></HTML>

Why can not I use this comand?

Best regards.

6

Hi Carly.richmond

I am not using kibana, I am using graylog with elasticsearch and mongod , if you know another way to make backups please tell me about that.

Best regards.

7

You need to use the snapshot/restore API to backup Elasticsearch, and this will require you to have direct access to Elasticsearch and also potentially to update the configuration files directly. At the moment you are not accessing Elasticsearch directly as the HTML formatted error is not generated by Elasticsearch.

8

Hi mister

I am making the same in the phisical elastic with the same result, What am I doing wrong?

root@GRAYLOGDEBIANSERVER:/var/log/graylog-server# curl -X GET "http://localhost:9200?pretty"
<HTML><HEAD>
<TITLE>Redirect</TITLE>
</HEAD>
<BODY>
<FONT face="Helvetica">
<big><strong></strong></big><BR>
</FONT>
<blockquote>
<TABLE border=0 cellPadding=1 width="80%">
<TR><TD>
<FONT face="Helvetica">
<big>Redirect (authentication_redirect_to_virtual_host)</big>
<BR>
<BR>
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica">
You are being redirected to the authentication virtual host.
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica">

</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica" SIZE=2>
<BR>
For assistance, contact your network support team.
</FONT>
</TD></TR>
</TABLE>
</blockquote>
</FONT>
</BODY></HTML>
root@GRAYLOGDEBIANSERVER:/var/log/graylog-server#

Best regards.

9

You must have a proxy or third party plugin installed, which seems to be what is causing problems. Log into the host and check whether a proxy is in place and which interface and port Elasticsearch is configured to use.

10

Hi again

I edited the elasticsearch.yml
this is the elasticsearch.yml file

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: graylog
#
#action.auto_create_index: false
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
path.repo: ["/backup"]
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: 192.168.222.243
#
# Set a custom port for HTTP:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: elasticsearch.local
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
#action.auto_create_index: false

the result of the comand is the next:

root@GRAYLOGDEBIANSERVER:/var/log/graylog-server# curl -X GET "http://192.168.222.243:9200?pretty"
<HTML><HEAD>
<TITLE>Network Error</TITLE>
</HEAD>
<BODY>
<FONT face="Helvetica">
<big><strong></strong></big><BR>
</FONT>
<blockquote>
<TABLE border=0 cellPadding=1 width="80%">
<TR><TD>
<FONT face="Helvetica">
<big>Network Error (tcp_error)</big>
<BR>
<BR>
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica">
A communication error occurred: "Operation timed out"
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica">
The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica" SIZE=2>
<BR>
For assistance, contact your network support team.
</FONT>
</TD></TR>
</TABLE>
</blockquote>
</FONT>
</BODY></HTML>
root@GRAYLOGDEBIANSERVER:/var/log/graylog-server#

I am executing all in the phisical machine whre is installed elasticsearch.
What is happening?

Best regards. Thanks a lot.

11

I suspect you may have some third-party security plugin installed as there does not seem to be any external proxy. Did you install Elasticsearch yourself or was this done through Graylog? If the latter you may need to contact them.

12

Hi Christian_Dahlqvist

I installed elasticsearch by myself using the graylog instructions but graylog put the Elastic manual to install elasticsearch so, What´s going on?

Best regards. Thanks a lot.

13

Did you install any third-party plugins?

Did you download the offical distribution of Elasticsearch?

I do not know. I have never seen the Graylog instructions so am not sure what they contain.

14

Hi again

No plugins.
yes the elasticsearch is from elastic web page.
the correct version is 7.9.3 but is the same, don´t?

Best regards. Thanks a lot. Sorry to make many questions.

15

Can you run netstat -pln | grep 9200 (think that should work) on the host where Elasticsearch is running and show the output here?

Can you verify that Elasticsearch is running?

16

Hi again Mr Christian_Dahlqvist
The commando you send me doen´t work but systemctl status woks so here we go

root@GRAYLOGDEBIANSERVER:/etc/elasticsearch# netstat -pln | grep 9200
bash: netstat: command not found
root@GRAYLOGDEBIANSERVER:/etc/elasticsearch# systemctl status elasticsearch
● elasticsearch.service - Elasticsearch
     Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2023-05-08 10:18:27 CEST; 1h 56min ago
       Docs: https://www.elastic.co
   Main PID: 4441 (java)
      Tasks: 68 (limit: 7071)
     Memory: 1.2G
        CPU: 1min 20.791s
     CGroup: /system.slice/elasticsearch.service
             ├─4441 /usr/lib/jvm/java-17-openjdk-amd64/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encod>
             └─4631 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller

May 08 10:18:17 GRAYLOGDEBIANSERVER systemd[1]: Starting Elasticsearch...
May 08 10:18:19 GRAYLOGDEBIANSERVER systemd-entrypoint[4441]: WARNING: A terminally deprecated method in java.lang.System has been called
May 08 10:18:19 GRAYLOGDEBIANSERVER systemd-entrypoint[4441]: WARNING: System::setSecurityManager has been called by org.elasticsearch.bootstrap.Elasticsearch (file:/usr/share/elasticsearch/lib/elasticsearch-7.9.3.ja>
May 08 10:18:19 GRAYLOGDEBIANSERVER systemd-entrypoint[4441]: WARNING: Please consider reporting this to the maintainers of org.elasticsearch.bootstrap.Elasticsearch
May 08 10:18:19 GRAYLOGDEBIANSERVER systemd-entrypoint[4441]: WARNING: System::setSecurityManager will be removed in a future release
May 08 10:18:20 GRAYLOGDEBIANSERVER systemd-entrypoint[4441]: WARNING: A terminally deprecated method in java.lang.System has been called
May 08 10:18:20 GRAYLOGDEBIANSERVER systemd-entrypoint[4441]: WARNING: System::setSecurityManager has been called by org.elasticsearch.bootstrap.Security (file:/usr/share/elasticsearch/lib/elasticsearch-7.9.3.jar)
May 08 10:18:20 GRAYLOGDEBIANSERVER systemd-entrypoint[4441]: WARNING: Please consider reporting this to the maintainers of org.elasticsearch.bootstrap.Security
May 08 10:18:20 GRAYLOGDEBIANSERVER systemd-entrypoint[4441]: WARNING: System::setSecurityManager will be removed in a future release
May 08 10:18:27 GRAYLOGDEBIANSERVER systemd[1]: Started Elasticsearch.
lines 1-22/22 (END)

Thanks man, very pleased to help me.

17

Can you please show the full logs from the point where you restarted Elasticsearch?

18

netstat is repared, this is the result:

root@GRAYLOGDEBIANSERVER:/etc/elasticsearch# netstat -pln | grep 9200
tcp6       0      0 192.168.222.243:9200    :::*                    LISTEN      4441/java
root@GRAYLOGDEBIANSERVER:/etc/elasticsearch#

the directory /var/log/elasticsearh has all of this log files, What do you need? OH my GOD

root@GRAYLOGDEBIANSERVER:/var/log/elasticsearch# ls
elasticsearch_audit.json                   gc.log.07  gc.log.24                     graylog-2023-01-12-1.log.gz   graylog-2023-01-25-1.json.gz  graylog-2023-02-07-1.log.gz   graylog-2023-05-04-1.json.gz
elasticsearch_deprecation.json             gc.log.08  gc.log.25                     graylog-2023-01-13-1.json.gz  graylog-2023-01-25-1.log.gz   graylog-2023-02-22-1.json.gz  graylog-2023-05-04-1.log.gz
elasticsearch_deprecation.log              gc.log.09  gc.log.26                     graylog-2023-01-13-1.log.gz   graylog-2023-01-26-1.json.gz  graylog-2023-02-22-1.log.gz   graylog-2023-05-05-1.json.gz
elasticsearch_index_indexing_slowlog.json  gc.log.10  gc.log.27                     graylog-2023-01-16-1.json.gz  graylog-2023-01-26-1.log.gz   graylog-2023-03-01-1.json.gz  graylog-2023-05-05-1.log.gz
elasticsearch_index_indexing_slowlog.log   gc.log.11  gc.log.28                     graylog-2023-01-16-1.log.gz   graylog-2023-01-27-1.json.gz  graylog-2023-03-01-1.log.gz   graylog-2023-05-06-1.json.gz
elasticsearch_index_search_slowlog.json    gc.log.12  gc.log.29                     graylog-2023-01-17-1.json.gz  graylog-2023-01-27-1.log.gz   graylog-2023-03-02-1.json.gz  graylog-2023-05-06-1.log.gz
elasticsearch_index_search_slowlog.log     gc.log.13  gc.log.30                     graylog-2023-01-17-1.log.gz   graylog-2023-01-30-1.json.gz  graylog-2023-03-02-1.log.gz   graylog_audit.json
elasticsearch.log                          gc.log.14  gc.log.31                     graylog-2023-01-18-1.json.gz  graylog-2023-01-30-1.log.gz   graylog-2023-03-03-1.json.gz  graylog_deprecation.json
elasticsearch_server.json                  gc.log.15  graylog-2022-12-22-1.json.gz  graylog-2023-01-18-1.log.gz   graylog-2023-01-31-1.json.gz  graylog-2023-03-03-1.log.gz   graylog_deprecation.log
gc.log                                     gc.log.16  graylog-2022-12-22-1.log.gz   graylog-2023-01-19-1.json.gz  graylog-2023-01-31-1.log.gz   graylog-2023-03-27-1.json.gz  graylog_index_indexing_slowlog.json
gc.log.00                                  gc.log.17  graylog-2022-12-27-1.json.gz  graylog-2023-01-19-1.log.gz   graylog-2023-02-01-1.json.gz  graylog-2023-03-27-1.log.gz   graylog_index_indexing_slowlog.log
gc.log.01                                  gc.log.18  graylog-2022-12-27-1.log.gz   graylog-2023-01-20-1.json.gz  graylog-2023-02-01-1.log.gz   graylog-2023-03-28-1.json.gz  graylog_index_search_slowlog.json
gc.log.02                                  gc.log.19  graylog-2023-01-10-1.json.gz  graylog-2023-01-20-1.log.gz   graylog-2023-02-02-1.json.gz  graylog-2023-03-28-1.log.gz   graylog_index_search_slowlog.log
gc.log.03                                  gc.log.20  graylog-2023-01-10-1.log.gz   graylog-2023-01-23-1.json.gz  graylog-2023-02-02-1.log.gz   graylog-2023-03-29-1.json.gz  graylog.log
gc.log.04                                  gc.log.21  graylog-2023-01-11-1.json.gz  graylog-2023-01-23-1.log.gz   graylog-2023-02-03-1.json.gz  graylog-2023-03-29-1.log.gz   graylog_server.json
gc.log.05                                  gc.log.22  graylog-2023-01-11-1.log.gz   graylog-2023-01-24-1.json.gz  graylog-2023-02-03-1.log.gz   graylog-2023-05-03-1.json.gz
gc.log.06                                  gc.log.23  graylog-2023-01-12-1.json.gz  graylog-2023-01-24-1.log.gz   graylog-2023-02-07-1.json.gz  graylog-2023-05-03-1.log.gz
root@GRAYLOGDEBIANSERVER:/var/log/elasticsearch#

Sorry again...

19

I putted in a browser http://192.168.222.243:9200 and the result is

{
  "name" : "GRAYLOGDEBIANSERVER",
  "cluster_name" : "graylog",
  "cluster_uuid" : "orXEkVScRG-hU88wODz7Kg",
  "version" : {
    "number" : "7.9.3",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "c4138e51121ef06a6404866cddc601906fe5c868",
    "build_date" : "2020-10-16T10:36:16.141335Z",
    "build_snapshot" : false,
    "lucene_version" : "8.6.2",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

it is the same result that putting.
curl -X GET "http://192.168.222.243:9200"
Am I in right?

Best regards.

20

Yes, that is what I would expect and the url command should give the same response.