Having trouble connecting to Kibana. New user

Can't get the server to listen on port 5601.


netstat -ant shows nothing on port 5601.
Getting connection refused on port 5601 with Curl.

telemetry.enabled: false
telemetry.optIn: false
newsfeed.enabled: false

server.host: '0.0.0.0'
server.port: 5601
server.maxPayload: 8388608
server.publicBaseUrl:

server.ssl.enabled: true
server.ssl.certificateAuthorities: /etc/kibana/certs/ca/ca.crt
server.ssl.key: /etc/kibana/certs/myhost/myhost.key
server.ssl.certificate: /etc/kibana/certs/myhost/myhost.crt

elasticsearch.hosts:
elasticsearch.username: 'kibana_system'
elasticsearch.password: 'PASSWORD'
elasticsearch.ssl.certificateAuthorities: /etc/kibana/certs/ca/ca.crt
elasticsearch.ssl.key: /etc/kibana/certs/myhost/myhost.key
elasticsearch.ssl.certificate: /etc/kibana/certs/myhost/myhost.crt
elasticsearch.ssl.verificationMode: 'certificate'

elasticsearch.requestTimeout: 132000
elasticsearch.shardTimeout: 120000

kibana.autocompleteTimeout: 2000
kibana.autocompleteTerminateAfter: 500000

monitoring.enabled: true
monitoring.kibana.collection.enabled: true
monitoring.kibana.collection.interval: 30000

monitoring.ui.enabled: true
monitoring.ui.min_interval_seconds: 20

xpack.maps.showMapVisualizationTypes: true

xpack.security.enabled: true
xpack.security.audit.enabled: false

I updated the PASSWORD to my own password.

UFW disabled, not a VM in the cloud, it's local. Why can't i even see a kibana.log? tail -f /var/log/kibana/kibana.log

try

sudo lsof -p PID-of-kibana

and look for any network ports. But it won't start listening on port 5601 until a fair way into its startup process.

In my case, I see:

sudo lsof -Pn -p 15950 | fgrep IPv
node    15950   vf   19u     IPv4 0xd5bd95614eeaec8d      0t0                 TCP 192.168.2.163:5601 (LISTEN)
node    15950   vf   22u     IPv4 0xe30558dfc17688dc      0t0                 TCP 127.0.0.1:54778->127.0.0.1:9200 (ESTABLISHED)
node    15950   vf   23u     IPv4 0x338ee9785da10153      0t0                 TCP 127.0.0.1:54802->127.0.0.1:9200 (ESTABLISHED)
node    15950   vf   25u     IPv4  0x1e4360ba51ae7f7      0t0                 TCP 192.168.2.163:5601->192.168.2.163:54805 (ESTABLISHED)
node    15950   vf   26u     IPv4 0x1dbbeecd36bcc3ff      0t0                 TCP 127.0.0.1:54806->127.0.0.1:9200 (ESTABLISHED)
node    15950   vf  108u     IPv4 0x6e8949ed5fa45cbe      0t0                 TCP 127.0.0.1:52866->127.0.0.1:9200 (ESTABLISHED)

btw, posting images full of text is considered a bit impolite, just cut and paste the text and quote it accordingly.

Alright, didn't realize that.
ps -aux | grep kibana
kibana 1951468 127 1.0 11842804 279928 ? Rsl 21:35 0:14 /usr/share/kibana/bin/../node/glibc-217/bin/node /usr/share/kibana/bin/../src/cli/dist
root 1951805 0.0 0.0 6432 656 pts/1 S+ 21:36 0:00 grep --color=auto kibana
I don't get anything for lsof -P 1951468. The PID keeps changing for kibana

Did I do something wrong with that reply? Lsof didn't give me any output.

You can use netstat to get ports:

netstat -tlpn | grep LISTEN
netstat -tlpn | grep ":5601"
netstat -tlpn | grep "kibana"

However, check kibana.log again, you have "Kibana is starting" which doesn't mean it's up and running.

I you don't have records in kibana.log, add in kibana.yml:

logging.root.level: info

logging.appenders.default:
  type: file
  fileName: /path/kibana.log
  layout:
    type: pattern

Well, the key line was:

The PID keeps changing for kibana

So likely kibana is starting, failing, and looping around that circle.

elasticsearch.hosts:
elasticsearch.username: 'kibana_system'
elasticsearch.password: 'PASSWORD'

The elasticsearch.hosts value is really blank? Is elasticsearch already running on this same system? You can connect to it with curl or other tools on port 9200 ?

I'd be explicit and set it:

elasticsearch.hosts: ["http://localhost:9200"]

in kibana.yml, or comment it out as I believe that specific setting is its default value.

Anyways, please check output from command below, as root, and share here if not clear on what its telling you.

journalctl -b -u kibana --output=short-full

This is something like what you should see from lsof when its all OK:

kevin@u2024:~$ sudo systemctl start elasticsearch
kevin@u2024:~$ sudo lsof -i :9200
kevin@u2024:~$ sudo lsof -i :9200
kevin@u2024:~$ sudo lsof -i :9200
COMMAND   PID          USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
java    10351 elasticsearch  557u  IPv6  73748      0t0  TCP *:9200 (LISTEN)
kevin@u2024:~$ sudo systemctl start kibana
kevin@u2024:~$ sudo lsof -i :5601
kevin@u2024:~$ sudo lsof -i :5601
kevin@u2024:~$ sudo lsof -i :5601
COMMAND   PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
node    10496 kibana   94u  IPv4  75856      0t0  TCP u2024.fritz.box:5601 (LISTEN)

Note there's a few seconds before Kibana is listening on port 5601 or elasticsearch is listing on port 9200

Set to https:
elasticsearch.hosts: ["https://localhost:9200"]

Yeah, the site doesn't let me post these https:// URLs. Omitted them so that it could let me post. Yes, already using https for the elasticsearch.hosts: line.
Screenshot 2025-01-22 at 2.33.50 PM

The part that I don't get is why it says that kibana is running.

Do I need to increase the logging level?

is the issue? Xpack settings?
Screenshot 2025-01-22 at 2.42.24 PM

Please, run the command I asked, post the entire text of the output.

I'm not squinting at that tiny text.

btw, where did you get the above kibana.yml from? It's not the OOTB config. What release are you using?

Yeah, its really annoying the site does not allow

elasticsearch.hosts: ["https://localhost:9200"]

:wink:

The part that I don't get is why it says that kibana is running.

systemctl started it, and it started. So it is running at the time you ran the status command.

The "0s ago" means it just started, it likely crashed soon afterwards.

I was also getting all sorts of restrictions when I tried to add more than one image. I thought it was related to the fact I was a new user.

Looks like it's related to myhost.key

2025-01-22 20:06:57 UTC ubuntu-20 systemd[1]: kibana.service: Main process exited, code=exited, status=1/FAILURE
Wed 2025-01-22 20:06:57 UTC ubuntu-20 systemd[1]: kibana.service: Failed with result 'exit-code'.
Wed 2025-01-22 20:07:00 UTC ubuntu-20 systemd[1]: kibana.service: Scheduled restart job, restart counter is at 3.
Wed 2025-01-22 20:07:00 UTC ubuntu-20 systemd[1]: Stopped Kibana.
Wed 2025-01-22 20:07:00 UTC ubuntu-20 systemd[1]: Started Kibana.
Wed 2025-01-22 20:07:00 UTC ubuntu-20 kibana[5775]: Kibana is currently running with legacy OpenSSL providers enabled! For details and instructions on how to disable see https://>
Wed 2025-01-22 20:07:02 UTC ubuntu-20 kibana[5775]: {"log.level":"info","@timestamp":"2025-01-22T20:07:02.003Z","log.logger":"elastic-apm-node","ecs.version":"8.10.0","agentVersi>
Wed 2025-01-22 20:07:02 UTC ubuntu-20 kibana[5775]: Native global console methods have been overridden in production environment.
Wed 2025-01-22 20:07:17 UTC ubuntu-20 kibana[5775]: FATAL Error: ENOENT: no such file or directory, open '/etc/kibana/certs/myhost/myhost.key'
Wed 2025-01-22 20:07:17 UTC ubuntu-20 systemd[1]: kibana.service: Main process exited, code=exited, status=1/FAILURE

Yes, when you have these settings (from where you didn't explain)

elasticsearch.ssl.certificateAuthorities: /etc/kibana/certs/ca/ca.crt
elasticsearch.ssl.key: /etc/kibana/certs/myhost/myhost.key
elasticsearch.ssl.certificate: /etc/kibana/certs/myhost/myhost.crt

but didn't check those files actually exist?

Wed 2025-01-22 20:07:00 UTC ubuntu-20 systemd[1]: Started Kibana.
...
Wed 2025-01-22 20:07:17 UTC ubuntu-20 systemd[1]: kibana.service: Main process exited, code=exited, status=1/FAILURE

15 second between start and exit.

And it's quite annoying that you want help but cant follow very clear and simple requests or questions, and drip feed information.

Good luck to you and your users.

OK, Thanks for trying.

1 Like

I don't have any users. Brand new to this. Just experimenting.
Perhaps you could be a little more understanding?

1 Like