I am new to elastic and I got into problems, I Installed elasticsearch, logstash and kibana in a virtual machine and when it's run, it's run all services kibana elastic search etc...
but when I try to navigate to browser to open web UI through any port 5601 or 9200 .. it's refuse to connect or timeout ..
OS: Ubuntu /CentOS(I tried them both same problem.)
RAM: 4 GB
I used curl to check connection on localhost:9200 it''s give me that message it's should be given, same on browser, but no interface like in other tutorials
It's hard to know how to help right now. It sounds like you've installed Elasticsearch, Kibana and Logstash and you can connect (to something?) using curl but you're having trouble doing the same with your browser? Or maybe you can get some responses but not others? And there's a virtual machine involved, which may or may not be where you're running curl and/or your browser? Also you're talking about using localhost which means different things depending on which machine you're on.
Can you break it down in more detail and show the exact URLs you're trying to access and the commands you're running (including where you're running them) and the responses you're getting?
First of all, I downloaded wazuh, wazuh has virtual appliance, which is CentOS with Elasticsearch, logstach and kibana. I downloaded they virtual appliance which it's used in virtual machine.
Ok, I'm not familiar with Wazuh so I don't know how the networking is set up. Let's try some basic checks. netstat -antp | grep LISTEN shows all the processes listening for incoming TCP connections. Can you share the output here? Does it indicate that anything is listening on port 5601 and/or does it indicate that process ID 2172 is listening on any other port or address?
It looks like Kibana is running there, but you're no longer root so we can't see the process information. It's best when troubleshooting to try and only change one thing at once.
What exactly does it say? "Kibana is not ready" sounds different from what you said before which was "connection refused".
Ok, it's really hard to help if you change everything in between providing bits of information. Who knows which things are no longer true? Please try and focus on one thing at once.
In this last screenshot I see process ID 4200 running node and listening on 127.0.0.1:5601. I would guess that this is Kibana. Are you still getting Connection refused with curl http://127.0.0.1:5601?
That is a good question. I think it normally logs to stdout. However it looks like this VM is running it with systemd so maybe it's sending them to syslog? Try looking under /var/log and see if you can find any mentions of Kibana.
Ok, looks like Kibana is running but Elasticsearch is not: it's getting Connection refused from http://127.0.0.1:9200. Do you get the same response from curl? Can you find any logs from Elasticsearch?
I reloaded all units using systemctl daemon-reload
and started them on systemctl start elasticsearch
systemctl start elasticsearch.service
systemctl start kibana
systemctl start kibana.service
as I see there is a response from elasticsearch's port
My OS on VM is Ubuntu server, so it's only commands line. Where I am trying to access is from Host machine in browser.
Wazuh Docs, says "Before connecting any of the Wazuh agents, change the VM’s network interface type from NAT (the factory default) to bridge for communication with your network. By default, the VM will try to get an IP address from your network’s DHCP server. Alternatively, you can set a static IP address by configuring the proper network files on the CentOS operating system that the virtual machine is based on."
which is when I want to connect Agents. I tried this mode, but I will try again now and see what happens
In which case I suspect that 127.0.0.1 isn't the right address. I would look for some help getting VirtualBox set up, perhaps https://forums.virtualbox.org or Redirecting to Google Groups since it looks like all the Elastic components are working.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
