Error: 403 Forbidden while trying to Create IndexPattern for filebeat. Tried Most of The Solutions!

(Shashank) #1

Hi All,

I've gone through many posts regarding this and still couldn't manage to fix the issue.
Below are the details of the environment and the index details:

A Clean Installation of ELK followed steps mentioned on:

The only thing changed is instead of Nginx I'm using apache.

Operating System: CentOS 7

ELK Versions:
Elasticsearch 6.5.2,
Kibana 6.6.2,
Logstash 6.5.2, and
Filebeat 6.5.2

Current Disk Usage

image


The Issue:
Getting the error while trying to Create an Index pattern from the index filebeat-*
this filebeat is reading syslog on the server.

Request URL: https://MyHostName/kibana/api/saved_objects/index-pattern/015d2500-45a6-11e9-98dd-49be5a77d05f
Request method:PUT

Response: 403 Forbidden

Error on the Kibana Page While trying to Create the index pattern based on filebeat-* :

Error: Forbidden
KFetchError@https://MyHostName/kibana/bundles/commons.bundle.js:3:1049083
kfetch/</</promise</</</<@https://MyHostName/kibana/bundles/commons.bundle.js:3:504592
step@https://MyHostName/kibana/dlls/vendors.bundle.dll.js:524:4010
verb/<@https://MyHostName/kibana/dlls/vendors.bundle.dll.js:524:3275
fulfilled@https://MyHostName/kibana/dlls/vendors.bundle.dll.js:524:2659
run@https://MyHostName/kibana/dlls/vendors.bundle.dll.js:212:1730377
notify/<@https://MyHostName/kibana/dlls/vendors.bundle.dll.js:212:1730664
flush@https://MyHostName/kibana/dlls/vendors.bundle.dll.js:212:1737402


Result of
GET _cat/indices

green open filebeat-6.6.2-2019.02.14 pUpM-pXlQ2ixX_9vZgpBoA 3 0 6614 0 1.5mb 1.5mb
green open filebeat-6.6.2-2019.03.13 gO2BFT98QdWzp2pn856V0Q 3 0 50654 0 14.1mb 14.1mb
green open filebeat-6.6.2-2019.03.04 8hloDqutSaq139iH6XiX9w 3 0 12295 0 3.8mb 3.8mb
green open filebeat-6.6.2-2019.02.19 nydUtpbJQsGaeRjvTGb-JA 3 0 6876 0 1.5mb 1.5mb
green open filebeat-6.6.2-2019.02.11 ne0d4v0wSvu13MGK83pJcg 3 0 6107 0 1.7mb 1.7mb
green open filebeat-6.6.2-2019.03.12 uh6kt0-BQkOoJIkreRVc3A 3 0 44722 0 9.3mb 9.3mb
green open filebeat-6.6.2-2019.02.20 GfbEXMb8SiS6KjyMu7rOGg 3 0 36500 0 7.3mb 7.3mb
green open kibana_sample_data_logs G0NfXAzATEifUTyKA7p91A 1 0 14005 0 11.3mb 11.3mb
green open filebeat-6.6.2-2019.02.26 _onWs8UCT1GzEWLoQej3jw 3 0 8244 0 1.9mb 1.9mb
green open filebeat-6.6.2-2019.03.01 a6RpEeiwRyGhy0nTRgLnAg 3 0 10855 0 2.8mb 2.8mb
green open .kibana_1 sFxKdpFtT9CSnHUumOaCsw 1 0 4 0 17.7kb 17.7kb
green open filebeat-6.6.2-2019.03.06 -AbS-8NaQim4YzDdATLAMg 3 0 8234 0 2.5mb 2.5mb
green open filebeat-6.6.2-2019.02.18 cOXjWDB5Sx-Lt9TtW26OZA 3 0 8428 0 1.9mb 1.9mb
green open filebeat-6.6.2-2019.02.12 aSLfIaezQTadVEEQmDp98w 3 0 6109 0 1.3mb 1.3mb
green open filebeat-6.6.2-2019.02.21 6A-dGRpSThWhk5RyhM4EqA 3 0 18085 0 3.5mb 3.5mb
green open filebeat-6.6.2-2019.02.28 sZ0hcMkJQhGFfLDo4zuylQ 3 0 9302 0 2.6mb 2.6mb
green open filebeat-6.6.2-2019.02.13 _mvPMqyGTdy-GYxhtZk_fQ 3 0 7858 0 1.8mb 1.8mb
green open filebeat-6.6.2-2019.02.15 b3_jSYs6RY6vUAtSJY_0YQ 3 0 6514 0 1.4mb 1.4mb
green open filebeat-6.6.2-2019.03.08 kBs7XMQlTYam2FtxCXuOLw 3 0 7839 0 1.6mb 1.6mb
green open filebeat-6.6.2-2019.03.07 CUNEyP1eQt2Nqjnhb0AdYQ 3 0 9140 0 2.7mb 2.7mb
green open filebeat-6.6.2-2019.02.22 5ZdEOL6UTDebLhG5PnICCw 3 0 7201 0 1.4mb 1.4mb
green open filebeat-6.6.2-2019.03.11 EeUP-GP1TPiXIG39ONKp-w 3 0 7274 0 1.6mb 1.6mb
green open filebeat-6.6.2-2019.02.27 hANjUnRURsCB5hrdamfpTg 3 0 5901 0 1.2mb 1.2mb
green open filebeat-6.6.2-2019.02.25 1OC7RGozQsGYVRY4Fg2CuA 3 0 5636 0 1.6mb 1.6mb
green open filebeat-6.6.2-2019.03.05 ana6-PKJSRS5Egak7yEMmQ 3 0 17687 0 7.1mb 7.1mb

`--------------------------------------------------------------------------------------

Result of : 
POST .kibana/_search
{
  "size": 10000,
  "from": 0,
  "_source": ["index-pattern.title", "type", "title"],
  "version": true,
  "query": {
    "bool": {
      "filter": [{
        "term": {
          "type": "index-pattern"
        }
      }]
    }
  }
} 

Result:

    {
      "took" : 0,
      "timed_out" : false,
      "_shards" : {
        "total" : 1,
        "successful" : 1,
        "skipped" : 0,
        "failed" : 0
      },
      "hits" : {
        "total" : 1,
        "max_score" : 0.0,
        "hits" : [
          {
            "_index" : ".kibana_1",
            "_type" : "doc",
            "_id" : "index-pattern:015d2500-45a6-11e9-98dd-49be5a77d05f",
            "_version" : 1,
            "_score" : 0.0,
            "_source" : {
              "index-pattern" : {
                "title" : "filebeat-*"
              },
              "type" : "index-pattern"
            }
          }
        ]
      }
    }
    ------------------------------------------------------------------------------------------------------

    Tried Already: 

     PUT _settings
        {
        "index": {
        "blocks": {
        "read_only_allow_delete": "false"
        }
        }
        }

AND 

 PUT filebeat-*
    {
    "index": {
    "blocks": {
    "read_only_allow_delete": "false"
    }
    }
    }

AND 

DELETE kibana*

AND 
curl -XPUT -H "Content-Type: application/json" https://[YOUR_ELASTICSEARCH_ENDPOINT]:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' 

AND 

sudo filebeat setup --dashboards

Still same issue.

Something that might be little different (follwed the commands on the ref. installation Page mentioned above) :
sudo filebeat setup --template -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["localhost:9200"]'

    sudo filebeat setup -e -E output.logstash.enabled=false -E output.elasticsearch.hosts=['localhost:9200'] -E setup.kibana.host=localhost:5601 

Please any help is most welcome.

(John Dorlus) #2

Hello Shashank,

The 403 error might be indicative of a permissions issue. You need both read/write access for the setup command to be able to install what it needs. Do you have read/write access?

(Lee Drengenberg) #3

Did you start the trial license and then configure TLS and security for Elasticsearch and Kibana?

If not, you should use http and not https when connecting to Kibana.

(Shashank) #4

Hi John,
Thanks for the reply
yes I do have both read and write access(including root access). Do you mean I need to mention that in the setup command ?
Am I missing some additional permission setup? I haven't setup xpack module at all. I'd like to first make it work without it if possible.

(Shashank) #5

Hi Lee,

Thanks for the response.

I haven't started/configured any kind of licence for the whole setup, I'm using the basic license of elasticsearch. And
I'm using the apache proxy to redirect every request via myhostname (https) to the kibana (http). In my apache conf I've added the below proxy setting (for both 80 and 443):

    ProxyPass /kibana/ http://127.0.0.1:5601/
    ProxyPassReverse /kibana/ http://127.0.0.1:5601/

Hence I did't do the TLS setup for my Kibana installation.

(Shashank) #6

Any updates from anyone on the above issue?

(Shashank) #7

Hi Everyone,

Could anyone please tell me if I need to post it to the elastic search support? And if yes, how to do it?

(system) closed #8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.