I’m new here, I signed up because we’re having some issues with Kibana and I’m hoping someone can help
We have Kibana v8.13.4 exposed on an AWS EC2 instance. It’s the only one Kibana instance we have.
When I try to create a report, the section Management > Alerts and Insights > Reporting throws the following error:
No report generated ReportingError(code: unknown_error) "Failed to decrypt report job data. Please ensure that xpack.reporting.encryptionKey is set and re-generate this report. Error: Unsupported state or unable to authenticate data"
Okay, from the error it looks like we don’t have xpack.reporting.encryptionKey set in kibana.yml, which makes sense. So I generated and set a key that meets the requirements, restarted Kibana, but the same error continues to appear, even though the key has been set.
Does anyone have an idea what I could check / what the issue might be? If you need more information, please let me know!
I am not sure if below post can help where similar issue was encountered :
If the issue is not fixed pease share your kibana.yml, but make sure it is redacted (remove or replace any production IPs, passwords, or other sensitive values).
Hi Tortoise, thanks for you reply!
I’ve checked your linked post and i’m pretty sure that’s not the same problem.
I’ll post here the actual kibana.yml file:
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 443
# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "0.0.0.0"
# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""
server.publicBaseUrl: "*****"
# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# This setting was effectively always `false` before Kibana 6.3 and will
# default to `true` starting in Kibana 7.0.
#server.rewriteBasePath: false
# The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576
# The Kibana server's name. This is used for displ ay purposes.
server.name: "kibana"
# The URLs of the Elasticsearch instances to use for all your queries.
# TODO configure elasticsearch endpoint
# elasticsearch.hosts: ['http://localhost:9200']
# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true
# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"
# The default application to load.
#kibana.defaultAppId: "home"
# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
# elasticsearch.username: "kibana_system"
# elasticsearch.password: ""
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
server.ssl.enabled: true
server.ssl.certificate: *****
server.ssl.key: *****
# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files validate that your Elasticsearch backend uses the same key files.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key
# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
# To disregard the validity of SSL certificates, change this setting's value to 'none'.
elasticsearch.ssl.verificationMode: none
# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500
# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000
# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]
# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}
# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000
# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
#elasticsearch.startupTimeout: 5000
# Logs queries sent to Elasticsearch. Requires logging.verbose set to true.
#elasticsearch.logQueries: false
# Specifies the path where Kibana creates the process ID file.
#pid.file: /var/run/kibana.pid
# Enables you specify a file where Kibana stores log output.
#logging.dest: stdout
# Set the value of this setting to true to suppress all logging output.
#logging.silent: false
# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false
# Set the value of this setting to true to log all events, including system usage information
# and all requests.
#logging.verbose: false
logging:
appenders:
file:
type: file
fileName: /var/log/kibana/kibana.log
layout:
type: json
root:
appenders:
- default
- file
# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000
# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English - en , by default , Chinese - zh-CN .
#i18n.locale: "en"
xpack.security.authc.providers:
oidc.keycloak_production_ec2:
order: 0
realm: "keycloak_production_ec2"
hint: "*****"
icon: "*****"
description: "*****"
oidc.keycloak_staging_ec2:
order: 1
realm: "keycloak_staging_ec2"
hint: "*****"
icon: "*****"
description: "*****"
basic.basic1:
order: 2
xpack.security.sameSiteCookies: "None"
# This section was automatically generated during setup.
elasticsearch.hosts: ['https://*****.es.eu-west-1.aws.found.io:9243']
elasticsearch.username: kibana_system
elasticsearch.password: *****
elasticsearch.ssl.certificateAuthorities: [/var/lib/kibana/*****]
xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://*****.es.eu-west-1.aws.found.io:9243'], ca_trusted_fingerprint: *****}]
# My edits
xpack.reporting.encryptionKey: "reporting-key-reporting-key-reporting-key"
I’ve also tried an encryption key generated using:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
