Hi All,

I'm new to ELK and was not involved with the installation of ELK. The delete_indices.yml script ended up deleting the main .kibana index file which wiped out the dashboards. Once I gave the server a reboot some of it finally appeared back but now I'm missing majority of the Metricbeat Dashboards and Visualizations especially the Host Overview.

I have tried to import the sample dashboards via .\metricbeat.exe setup --dashboards but the following error occurs below.

E:\beats\metricbeat-6.3.1-windows-x86_64>.\metricbeat.exe setup --dashboards
Loading dashboards (Kibana must be running and reachable)
Exiting: Error importing Kibana dashboards: fail to import the dashboards in Kib
ana: Error importing directory E:\beats\metricbeat-6.3.1-windows-x86_64\kibana:
Failed to import index-pattern: Failed to load directory E:\beats\metricbeat-6.3
.1-windows-x86_64\kibana/6/index-pattern:
error loading E:\beats\metricbeat-6.3.1-windows-x86_64\kibana\6\index-pattern
metricbeat.json: no permissions for [indices:data/write/index, indices:data/writ
e/bulk[s]] and User [name=logstash, roles=[logstash], requestedTenant=null]. Res
ponse: {"objects":[{"id":"metricbeat-*","type":"index-pattern","error":{"message
":"no permissions for [indices:data/write/index, indices:data/write/bulk[s]] and
User [name=logstash, roles=[logstash], requestedTenant=null]"}}]}

In the Elastic Search logs I'm also seeing in case this is related.

[2019-01-04T16:04:20,709][INFO ][c.f.s.c.PrivilegesEvaluator] No cluster-level perm match for User [name=kibanaro, roles=[kibanauser, readall], requestedTenant=null] Resolved [aliases=, indices=, allIndices=, types=[], isAll()=false, isEmpty()=false] [Action [indices:admin/template/get]] [RolesChecked [sg_own_index, sg_kibana_user, sg_readall]]
[2019-01-04T16:04:20,709][INFO ][c.f.s.c.PrivilegesEvaluator] No permissions for [indices:admin/template/get]
[2019-01-04T16:04:20,724][INFO ][c.f.s.c.PrivilegesEvaluator] No index-level perm match for User [name=kibanaro, roles=[kibanauser, readall], requestedTenant=null] Resolved [aliases=[], indices=[], allIndices=[], types=[], isAll()=true, isEmpty()=false] [Action [indices:admin/mappings/get]] [RolesChecked [sg_own_index, sg_kibana_user, sg_readall]]
[2019-01-04T16:04:20,724][INFO ][c.f.s.c.PrivilegesEvaluator] No permissions for [indices:admin/mappings/get]
[2019-01-04T16:04:20,740][INFO ][c.f.s.c.PrivilegesEvaluator] No index-level perm match for User [name=kibanaro, roles=[kibanauser, readall], requestedTenant=null] Resolved [aliases=[], indices=[], allIndices=[], types=, isAll()=true, isEmpty()=false] [Action [indices:admin/get]] [RolesChecked [sg_own_index, sg_kibana_user, sg_readall]]
[2019-01-04T16:04:20,740][INFO ][c.f.s.c.PrivilegesEvaluator] No permissions for [indices:admin/get]

Thank you all for your help! This has been driving me nuts for the past few weeks!

Hello @SSIDDIQUI, did you by any chance run the setup dashboard command in PowerShell as admin?

Hi,

Apologies for the late response. Yes i did try running in CMD and Powershell with Admin privileges its the same error as below.

E:\beats\metricbeat-6.3.1-windows-x86_64>.\metricbeat.exe setup --dashboards
Loading dashboards (Kibana must be running and reachable)
Exiting: Error importing Kibana dashboards: fail to import the dashboards in Kib
ana: Error importing directory E:\beats\metricbeat-6.3.1-windows-x86_64\kibana:
Failed to import index-pattern: Failed to load directory E:\beats\metricbeat-6.3
.1-windows-x86_64\kibana/6/index-pattern:
error loading E:\beats\metricbeat-6.3.1-windows-x86_64\kibana\6\index-pattern
metricbeat.json: no permissions for [indices:data/write/index, indices:data/writ
e/bulk[s]] and User [name=logstash, roles=[logstash], requestedTenant=null]. Res
ponse: {"objects":[{"id":"metricbeat-*","type":"index-pattern","error":{"message
":"no permissions for [indices:data/write/index, indices:data/write/bulk[s]] and
User [name=logstash, roles=[logstash], requestedTenant=null]"}}]}

This looks like a permission error. I assume you have x-pack security enabled?

Interestingly in the error it shows the user logstash with the role logstash which I assume does not have permissions to load the dashobards.

Hi Ruffin,

From checking the elasticsearch.yml file it seems to be disabled.

SearchGuard Security Area

xpack.security.enabled: false
searchguard.ssl.transport.pemcert_filepath: esnode.pem
searchguard.ssl.transport.pemkey_filepath: esnode-key.pem
searchguard.ssl.transport.pemtrustedcas_filepath: root-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.pemcert_filepath: esnode.pem
searchguard.ssl.http.pemkey_filepath: esnode-key.pem
searchguard.ssl.http.pemtrustedcas_filepath: root-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.allow_default_init_sgindex: true
searchguard.authcz.admin_dn:

• CN=kirk,OU=client,O=client,L=test,C=de

You are running search guard? I assume this is causing it. You need to adjust the permissions.

Thanks. I'll have a look at the sg_roles and sg_config.yml files and see what is missing.

sg_logstash is mapped to user logstash

What permissions would i need to give in this sg_roles.yml file for these dashboards to install using user logstash?

For logstash and beats

sg_logstash:
cluster:
- CLUSTER_MONITOR
- CLUSTER_COMPOSITE_OPS
- indices:admin/template/get
- indices:admin/template/put
indices:
'logstash-':
'':
- CRUD
- CREATE_INDEX
- indices:data/write/index
- indices:data/write/bulk[s]]
- indices:data/write/bulk

'*beat*':
  '*':
    - CRUD
    - CREATE_INDEX
    - indices:data/write/index
    - indices:data/write/bulk[s]]
    - indices:data/write/bulk

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.