Elasticsearch and other components failed

Hello elastic members,

I am new to elastic and I got into problems, I Installed elasticsearch, logstash and kibana in a virtual machine and when it's run, it's run all services kibana elastic search etc...
but when I try to navigate to browser to open web UI through any port 5601 or 9200 .. it's refuse to connect or timeout ..

OS: Ubuntu /CentOS(I tried them both same problem.)
RAM: 4 GB

I used curl to check connection on localhost:9200 it''s give me that message it's should be given, same on browser, but no interface like in other tutorials

Did I miss something?

Hi Samer,

It's hard to know how to help right now. It sounds like you've installed Elasticsearch, Kibana and Logstash and you can connect (to something?) using curl but you're having trouble doing the same with your browser? Or maybe you can get some responses but not others? And there's a virtual machine involved, which may or may not be where you're running curl and/or your browser? Also you're talking about using localhost which means different things depending on which machine you're on.

Can you break it down in more detail and show the exact URLs you're trying to access and the commands you're running (including where you're running them) and the responses you're getting?

First of all, I downloaded wazuh, wazuh has virtual appliance, which is CentOS with Elasticsearch, logstach and kibana. I downloaded they virtual appliance which it's used in virtual machine.

Screenshot (17).png1366×768 82 KB

Screenshot (18).png1366×768 83.9 KB

Screenshot (19).png723×451 16.7 KB

here I tried to connect to server using curl, but not responding..

Ok, I'm not familiar with Wazuh so I don't know how the networking is set up. Let's try some basic checks. netstat -antp | grep LISTEN shows all the processes listening for incoming TCP connections. Can you share the output here? Does it indicate that anything is listening on port 5601 and/or does it indicate that process ID 2172 is listening on any other port or address?

Thanks for your reply,

I Already made a ubuntu copy for that program.

same setup, I run the virtual machine and connected to port 9200 successfully, using 127.0.0.1:9200

Screenshot%20(20)822×664 22.3 KB

as you can see there is response.
I tried same to kibana's port but it says kibana is not ready

here is screenshot for netstat & grep

Screenshot%20(21)799×650 11.6 KB

It looks like Kibana is running there, but you're no longer root so we can't see the process information. It's best when troubleshooting to try and only change one thing at once.

What exactly does it say? "Kibana is not ready" sounds different from what you said before which was "connection refused".

This is a new virtual machine not like the first one.

The last reply from a new virtual machine on ubuntu OS not CentOS.

anyway, what do you mean by you are no longer root? I can run as root

Screenshot (22).png801×257 3.33 KB

I have no idea what should I do.

Ok, it's really hard to help if you change everything in between providing bits of information. Who knows which things are no longer true? Please try and focus on one thing at once.

In this last screenshot I see process ID 4200 running node and listening on 127.0.0.1:5601. I would guess that this is Kibana. Are you still getting Connection refused with curl http://127.0.0.1:5601?

Sorry for misleading you..

I am no longer changing my machine, I only created new one just to test.
here is the result, kibana is not ready

Ok great, that means we're taking to Kibana at least. Its logs will tell you why it's not ready.

how do I see the logs?

That is a good question. I think it normally logs to stdout. However it looks like this VM is running it with systemd so maybe it's sending them to syslog? Try looking under /var/log and see if you can find any mentions of Kibana.

I have found in /var/log/syslog
before the first image, I saw kibana was started.

Screenshot (24).png802×593 9.42 KB

Screenshot (25).png808×589 13.8 KB

Screenshot (26).png814×595 7.83 KB

Screenshot (27).png826×598 10.3 KB

Screenshot (28).png836×591 22.6 KB

Ok, looks like Kibana is running but Elasticsearch is not: it's getting Connection refused from http://127.0.0.1:9200. Do you get the same response from curl? Can you find any logs from Elasticsearch?

Here is the result of curl !

I reloaded all units using systemctl daemon-reload
and started them on systemctl start elasticsearch
systemctl start elasticsearch.service
systemctl start kibana
systemctl start kibana.service
as I see there is a response from elasticsearch's port

VirtualBox_Ubuntu wazuh_22_04_2019_14_45_28.png800×188 1.05 KB

VirtualBox_Ubuntu wazuh_22_04_2019_14_46_09.png800×116 2.06 KB

Status changed from red to green sounds promising. Is it working now?

I tried to on browser on https://127.0.0.1:5601 & 127.0.0.1:9200
here it's

Screenshot (29).png692×231 11.5 KB

Screenshot (30).png706×348 12.1 KB

Ok before we jump to the browser, what does curl http://127.0.0.1:5601 say on the VM?

Next, where is this browser running? On the VM or on the host machine?

Finally, how have you configured the network for the VM in VirtualBox? The Wazuh docs say to set it to a bridge network - is this what you've done?

Thanks for your reply,here is the reply

VirtualBox_Ubuntu wazuh_22_04_2019_16_06_52.png800×35 565 Bytes

My OS on VM is Ubuntu server, so it's only commands line. Where I am trying to access is from Host machine in browser.

Wazuh Docs, says "Before connecting any of the Wazuh agents, change the VM’s network interface type from NAT (the factory default) to bridge for communication with your network. By default, the VM will try to get an IP address from your network’s DHCP server. Alternatively, you can set a static IP address by configuring the proper network files on the CentOS operating system that the virtual machine is based on."
which is when I want to connect Agents. I tried this mode, but I will try again now and see what happens

In which case I suspect that 127.0.0.1 isn't the right address. I would look for some help getting VirtualBox set up, perhaps https://forums.virtualbox.org or Redirecting to Google Groups since it looks like all the Elastic components are working.