Hi, im newbie so im not quite sure what im currently doing. few hours ago ive configured the kibana server. after i reopened the kali purple in my virtualbox the kibana server failed to start and i dont know what and how that happened. any help is very welcomed.
In your /etc/kibana/kibana.yml, do you have some setting that points out a directory for your logfiles? Like /var/log/kibana? Anything interesting in a log file there?
This is part of the logs. I noticed it only has the logs from the last time the server was running. theres no new logs after i reopened the Virtual box.
{"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.0"},"@timestamp":"2023-04-09T17:05:46.734+08:00","message":"Average event loop delay threshold exceeded 350ms. Received 10822.025216ms. See https://ela.st/kibana-scaling-considerations for more information about scaling Kibana.","log":{"level":"WARN","logger":"plugins.kibanaUsageCollection"},"process":{"pid":687},"trace":{"id":"8cdcc01c4272e29d01bf8f5cd7acac85"},"transaction":{"id":"14caeea6190c2b0b"}}
{"tags":["Fleet-Usage-Logger","Fleet-Usage-Logger Fleet-Usage-Logger-Task","event-loop-blocked"],"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.0"},"@timestamp":"2023-04-09T17:05:46.807+08:00","message":"event loop blocked for at least 7885 ms while running task Fleet-Usage-Logger Fleet-Usage-Logger-Task","log":{"level":"WARN","logger":"plugins.taskManager"},"process":{"pid":687},"trace":{"id":"bcf4c3c3f5cbe20723d0195ae1fc8b18"},"transaction":{"id":"19bca5d3d69b12ff"}}
{"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.0"},"@timestamp":"2023-04-09T17:05:47.114+08:00","message":"Kibana is now available (was degraded)","log":{"level":"INFO","logger":"status"},"process":{"pid":687},"trace":{"id":"51b8b9d444e2ae3d7e60e319035efcfb"},"transaction":{"id":"f086aa074c4fc285"}}
{"tags":["endpoint:user-artifact-packager","endpoint:user-artifact-packager endpoint:user-artifact-packager:1.0.0","event-loop-blocked"],"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.0"},"@timestamp":"2023-04-09T17:05:47.246+08:00","message":"event loop blocked for at least 24444 ms while running task endpoint:user-artifact-packager endpoint:user-artifact-packager:1.0.0","log":{"level":"WARN","logger":"plugins.taskManager"},"process":{"pid":687},"trace":{"id":"bcf4c3c3f5cbe20723d0195ae1fc8b18"},"transaction":{"id":"ee3f9ab1959951e4"}}
{"tags":["security:endpoint-diagnostics","security:endpoint-diagnostics security:endpoint-diagnostics:1.0.0","event-loop-blocked"],"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.0"},"@timestamp":"2023-04-09T17:05:47.274+08:00","message":"event loop blocked for at least 7852 ms while running task security:endpoint-diagnostics security:endpoint-diagnostics:1.0.0","log":{"level":"WARN","logger":"plugins.taskManager"},"process":{"pid":687},"trace":{"id":"bcf4c3c3f5cbe20723d0195ae1fc8b18"},"transaction":{"id":"73bf8246c6f36ee9"}}
{"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.0"},"@timestamp":"2023-04-09T17:19:47.908+08:00","message":"Fleet Usage: {\"agents_enabled\":true,\"agents\":{\"total_enrolled\":1,\"healthy\":0,\"unhealthy\":0,\"offline\":1,\"inactive\":0,\"unenrolled\":0,\"total_all_statuses\":1,\"updating\":0},\"fleet_server\":{\"total_enrolled\":1,\"healthy\":0,\"unhealthy\":0,\"offline\":1,\"updating\":0,\"total_all_statuses\":1,\"num_host_urls\":1}}","log":{"level":"INFO","logger":"plugins.fleet"},"process":{"pid":687},"trace":{"id":"bcf4c3c3f5cbe20723d0195ae1fc8b18"},"transaction":{"id":"397e8a24d72096aa"}}
{"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.0"},"@timestamp":"2023-04-09T17:23:57.748+08:00","message":"Kibana is now degraded (was available)","log":{"level":"INFO","logger":"status"},"process":{"pid":687},"trace":{"id":"a8eab1423d77de51c72eb9a78ac6f625"},"transaction":{"id":"0a2266767a8c3123"}}
{"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.0"},"@timestamp":"2023-04-09T17:24:02.923+08:00","message":"Kibana is now available (was degraded)","log":{"level":"INFO","logger":"status"},"process":{"pid":687},"trace":{"id":"4f89e9e74658e2a45a827188139bce59"},"transaction":{"id":"4eb48b88d51cc85c"}}
{"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.0"},"@timestamp":"2023-04-09T17:34:48.045+08:00","message":"Fleet Usage: {\"agents_enabled\":true,\"agents\":{\"total_enrolled\":1,\"healthy\":0,\"unhealthy\":0,\"offline\":1,\"inactive\":0,\"unenrolled\":0,\"total_all_statuses\":1,\"updating\":0},\"fleet_server\":{\"total_enrolled\":1,\"healthy\":0,\"unhealthy\":0,\"offline\":1,\"updating\":0,\"total_all_statuses\":1,\"num_host_urls\":1}}","log":{"level":"INFO","logger":"plugins.fleet"},"process":{"pid":687},"trace":{"id":"bcf4c3c3f5cbe20723d0195ae1fc8b18"},"transaction":{"id":"d0145c8dbcc728bc"}}
{"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.0"},"@timestamp":"2023-04-09T17:49:48.263+08:00","message":"Fleet Usage: {\"agents_enabled\":true,\"agents\":{\"total_enrolled\":1,\"healthy\":0,\"unhealthy\":0,\"offline\":1,\"inactive\":0,\"unenrolled\":0,\"total_all_statuses\":1,\"updating\":0},\"fleet_server\":{\"total_enrolled\":1,\"healthy\":0,\"unhealthy\":0,\"offline\":1,\"updating\":0,\"total_all_statuses\":1,\"num_host_urls\":1}}","log":{"level":"INFO","logger":"plugins.fleet"},"process":{"pid":687},"trace":{"id":"bcf4c3c3f5cbe20723d0195ae1fc8b18"},"transaction":{"id":"178c60028157489c"}}
{"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.0"},"@timestamp":"2023-04-09T17:53:10.246+08:00","message":"Kibana is now degraded (was available)","log":{"level":"INFO","logger":"status"},"process":{"pid":687},"trace":{"id":"bde2c8f4c3f0e800cf81cd117a368159"},"transaction":{"id":"2ff3d4d88672a189"}}
{"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.0"},"@timestamp":"2023-04-09T17:53:15.197+08:00","message":"Kibana is now available (was degraded)","log":{"level":"INFO","logger":"status"},"process":{"pid":687},"trace":{"id":"bb069b9f96d498e1905aa0c047e9d377"},"transaction":{"id":"e66a42b888b79ecf"}}
{"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.0"},"@timestamp":"2023-04-09T17:59:47.958+08:00","message":"Kibana is now degraded (was available)","log":{"level":"INFO","logger":"status"},"process":{"pid":687},"trace":{"id":"ded643debdba83a3191d6f1f4c44db7e"},"transaction":{"id":"2ab81a5dc0eb2685"}}
{"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.6.0"},"@timestamp":"2023-04-09T17:59:54.273+08:00","message":"Kibana is now available (was degraded)","log":{"level":"INFO","logger":"status"},"process":{"pid":687},"trace":{"id":"aa0dbba42da0c1532ac6fffb647c121b"},"transaction":{"id":"8acc60937e554be4"}}
Since you are trying to start Kibana using 'systemctl', perhaps you should try starting it manually from your terminal. That should give Kibana a chance to write something to the terminal that should give you a clue as to what is wrong.
The output you see from systemctl status is only half the picture. Try running systemctl cat kibana. It should show you everything you need to start Kibana by hand - which user (most likely 'kibana', any environment variables (Environment/EnvironmentFile) that needs to be set (and exported) before start, and most importantly, the command line (ExecStart) to use.
Sorry for a very late reply. ive run systemctl cat kibana and this is the output
I've also run journalctl -u kibana.service to check kibana logs and I notice a line that probably showing the error
as shown in the picture the log file path is missing so I check nano /etc/kibana/kibana.yml and it shows that the log file output is defined so Idk what is the problem actually
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.