Kibana 8.11.0 Failed To Start (Exit Code 1)

I am running a ELK Stack in a local hosted Docker Container that comprises of sub containers of Elasticsearch, Kibana and Logstash service.

image1362×389 52.1 KB

Setup / config wise, I followed Ali Younges youtube video closely to setup.

https://youtu.be/jXU_1GADENQ?si=VVSQBkNpeyM8iVpO

I have a Kibana <-> Elastic search connection issue
The supposed index cannot be found? Im confused.
I get timed out
Unable to connect to Elasticsearch. Error: index_not_found_exception
Kibana is reporting that it cannot authenticate due to the absence of a license.

I am not sure whats going on. This setup has to work given that its by a reliable YouTuber...

Pls help me. And tell me what's wrong and how I can fix it.

Pls help me

Problem is narrowed down to

image1281×174 67.6 KB

image997×49 21.7 KB

1. Kibana container is unhealthy.
2. It cannot talk to Elasticsearch at Port 9200
3. Even when I curl request to Port 9200, connection is refused
   
   

   image820×90 45.4 KB

I really dont know what to do. This is the 2nd approach i try to setup ELK in Docker and yet face the exact same issue of Kib not talking to ES.

I have even implemented both Inbound and Outbound rules on Ports 9200 and 9201 to allow Traffic in my machine. Yet no improvement.

Full Start Up Log

If you cannot talk with Elasticsearch this could means that your cluster is not working correctly, you need to check the Logs for your Elasticsearch nodes.

Kibana won't work if the Elasticsearch cluster is not running, before troubleshoot Kibana you need to check if your cluster is running.

Also, you didn't share your full docker-compose.yml file, please share your full configuration file.

And while the video you shared uses the official documentation, I recommend that you also check the same documentation.

Alright.

[details="docker-compose.yml"] FORMATTED

version: "3.8"

volumes:
  certs:
    driver: local
  esdata01:
    driver: local
  esdata02:
    driver: local
  esdata03:
    driver: local
  kibanadata:
    driver: local
  logstashdata01:
    driver: local

networks:
  default:
    name: elastic
    external: false
    
services:
  setup:
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
    user: "0"
    command: >
      bash -c '
        if [ x${ELASTIC_PASSWORD} == x ]; then
          echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
          exit 1;
        elif [ x${KIBANA_PASSWORD} == x ]; then
          echo "Set the KIBANA_PASSWORD environment variable in the .env file";
          exit 1;
        fi;
        if [ ! -f config/certs/ca.zip ]; then
          echo "Creating CA";
          bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
          unzip config/certs/ca.zip -d config/certs;
        fi;
        if [ ! -f config/certs/certs.zip ]; then
          echo "Creating certs";
          echo -ne \
          "instances:\n"\
          "  - name: es01\n"\
          "    dns:\n"\
          "      - es01\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          "  - name: es02\n"\
          "    dns:\n"\
          "      - es02\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          "  - name: es03\n"\
          "    dns:\n"\
          "      - es03\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          "  - name: kibana\n"\
          "    dns:\n"\
          "      - kibana\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          > config/certs/instances.yml;
          bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
          unzip config/certs/certs.zip -d config/certs;
        fi;
        echo "Setting file permissions"
        chown -R root:root config/certs;
        find . -type d -exec chmod 750 \{\} \;;
        find . -type f -exec chmod 640 \{\} \;;
        echo "Waiting for Elasticsearch availability";
        until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
        echo "Setting kibana_system password";
        until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
        echo "All done!";
      '
    healthcheck:
      test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
      interval: 1s
      timeout: 5s
      retries: 120

  es01:
    depends_on:
      setup:
        condition: service_healthy
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    labels:
      co.elastic.logs/module: elasticsearch
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - esdata01:/usr/share/elasticsearch/data
    ports:
      - 9201:9200
    environment:
      - node.name=es01
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es02,es03
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es01/es01.key
      - xpack.security.http.ssl.certificate=certs/es01/es01.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es01/es01.key
      - xpack.security.transport.ssl.certificate=certs/es01/es01.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    mem_limit: ${ES_MEM_LIMIT}
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  es02:
    depends_on:
      - es01
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    labels:
      co.elastic.logs/module: elasticsearch
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - esdata02:/usr/share/elasticsearch/data
    environment:
      - node.name=es02
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es01,es03
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es02/es02.key
      - xpack.security.http.ssl.certificate=certs/es02/es02.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es02/es02.key
      - xpack.security.transport.ssl.certificate=certs/es02/es02.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    mem_limit: ${ES_MEM_LIMIT}
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  es03:
    depends_on:
      - es02
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    labels:
      co.elastic.logs/module: elasticsearch
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - esdata03:/usr/share/elasticsearch/data
    environment:
      - node.name=es03
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es01,es02
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es03/es03.key
      - xpack.security.http.ssl.certificate=certs/es03/es03.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es03/es03.key
      - xpack.security.transport.ssl.certificate=certs/es03/es03.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    mem_limit: ${ES_MEM_LIMIT}
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  kibana:
    depends_on:
      es01:
        condition: service_healthy
      # es02:
      #   condition: service_healthy
      # es03:
      #   condition: service_healthy
    image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
    labels:
      co.elastic.logs/module: kibana
    volumes:
      - certs:/usr/share/kibana/config/certs
      - kibanadata:/usr/share/kibana/data
    ports:
      - ${KIBANA_PORT}:5601
    environment:
      - SERVERNAME=kibana
      - ELASTICSEARCH_HOSTS=https://es01:9200
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
    mem_limit: ${KB_MEM_LIMIT}
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
        ]
      interval: 5s
      timeout: 10s
      retries: 10

  logstash:
    depends_on: 
      es01:
        condition: service_healthy
      kibana:
        condition: service_healthy
    image: docker.elastic.co/logstash/logstash:${STACK_VERSION}
    labels:
      co.elastic.logs/module: logstash
    user: root
    volumes:
      - logstashdata01:/usr/share/logstash/data
      - certs:/usr/share/logstash/certs
      - ./logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro
    environment:
      - NODE_NAME="logstash"
      - xpack.monitoring.enabled=false
      - ELASTIC_USER=elastic
      - ELASTIC_PASSWORD={ELASTIC_PASSWORD}
      - ELASTIC_HOSTS=https://es01:9200
    command: logstash -f /usr/share/logstash/pipeline/logstash.conf
    ports:
      - "5044:5044/udp"
    mem_limit: ${LS_MEM_LIMIT}

[/details]

Btw, even tho the ubuntu CLI says that all my ES containers are Healthy, it still can mean something is wrong?

Please format your code for the docker-compose.yml, use the Preformatted text option, the </>, it is pretty hard to read without proper formatting.

Also, do not use the hide option, there is no need.

This just means that the container is running, the service on the container can have some error, did you check the the logs for the elasticsearch containers? You need to check and share the logs.

Your issue seems to be a wrong docker configuration.

You are binding the host port 9201 to the container port 9200 for the container es01.

But in your Kibana container you are using the port 9200

This won't work because the por 9200 is not exposed on your host, just the 9201.

Not sure why you changed that, the official docker compose uses this:

    ports:
      - ${ES_PORT}:9200

So the port will be populated by the value on the env file.

You need to fix that, or you use change to use the port from the env file or you change your Kibana configuration to use port 9201.

Read your post and let me run it again. Thanks for the points out.

ES LOGS

2023-11-11 21:35:48 {"@timestamp":"2023-11-11T13:35:48.311Z", "log.level": "WARN", "message":"master not discovered or elected yet, an election requires at least 2 nodes with ids from [TMQPiSCqQeSMOiDsX_C5MQ, aSKFSYSvR96IAjii9hFj4w, -JiMNlfRSOi4PBvbLV7urg], have discovered possible quorum [{es01}{TMQPiSCqQeSMOiDsX_C5MQ}{P0QZODU9TN6URctBXxcDug}{es01}{172.23.0.3}{172.23.0.3:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}, {es02}{-JiMNlfRSOi4PBvbLV7urg}{oTCucY-4RVqJqK1muV3_5Q}{es02}{172.23.0.4}{172.23.0.4:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}, {es03}{aSKFSYSvR96IAjii9hFj4w}{025EJTvXQlSOUAr5Fn-vZg}{es03}{172.23.0.5}{172.23.0.5:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}]; discovery will continue using [172.23.0.4:9300, 172.23.0.5:9300] from hosts providers and [{es01}{TMQPiSCqQeSMOiDsX_C5MQ}{P0QZODU9TN6URctBXxcDug}{es01}{172.23.0.3}{172.23.0.3:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}] from last-known cluster state; node term 22, last-accepted version 257 in term 19; joining [{es02}{-JiMNlfRSOi4PBvbLV7urg}{oTCucY-4RVqJqK1muV3_5Q}{es02}{172.23.0.4}{172.23.0.4:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}] in term [22] has status [waiting for response] after [200ms]; for troubleshooting guidance, see https://www.elastic.co/guide/en/elasticsearch/reference/8.11/discovery-troubleshooting.html", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][cluster_coordination][T#1]","log.logger":"org.elasticsearch.cluster.coordination.ClusterFormationFailureHelper","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 21:35:54 {"@timestamp":"2023-11-11T13:35:54.514Z", "log.level": "INFO", "message":"master node changed {previous [], current [{es02}{-JiMNlfRSOi4PBvbLV7urg}{oTCucY-4RVqJqK1muV3_5Q}{es02}{172.23.0.4}{172.23.0.4:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}]}, added {{es02}{-JiMNlfRSOi4PBvbLV7urg}{oTCucY-4RVqJqK1muV3_5Q}{es02}{172.23.0.4}{172.23.0.4:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}, {es03}{aSKFSYSvR96IAjii9hFj4w}{025EJTvXQlSOUAr5Fn-vZg}{es03}{172.23.0.5}{172.23.0.5:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}}, term: 22, version: 293, reason: ApplyCommitRequest{term=22, version=293, sourceNode={es02}{-JiMNlfRSOi4PBvbLV7urg}{oTCucY-4RVqJqK1muV3_5Q}{es02}{172.23.0.4}{172.23.0.4:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}{ml.allocated_processors_double=8.0, ml.max_jvm_size=2147483648, ml.config_version=11.0.0, xpack.installed=true, transform.config_version=10.0.0, ml.machine_memory=4294967296, ml.allocated_processors=8}}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.ClusterApplierService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 21:35:57 {"@timestamp":"2023-11-11T13:35:57.458Z", "log.level": "INFO", "message":"refresh keys", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.TokenService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 21:35:57 {"@timestamp":"2023-11-11T13:35:57.909Z", "log.level": "INFO", "message":"refreshed keys", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.TokenService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 21:35:58 {"@timestamp":"2023-11-11T13:35:58.679Z", "log.level": "INFO", "message":"license [4a2d1b11-2c62-4962-834d-5090a8f205dc] mode [basic] - valid", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.license.ClusterStateLicenseService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 21:35:58 {"@timestamp":"2023-11-11T13:35:58.705Z", "log.level": "INFO", "message":"license mode is [basic], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.Realms","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 21:35:59 {"@timestamp":"2023-11-11T13:35:59.011Z", "log.level": "INFO", "message":"publish_address {172.23.0.3:9200}, bound_addresses {0.0.0.0:9200}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.http.AbstractHttpServerTransport","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 21:35:59 {"@timestamp":"2023-11-11T13:35:59.086Z", "log.level": "INFO", "message":"started {es01}{TMQPiSCqQeSMOiDsX_C5MQ}{P0QZODU9TN6URctBXxcDug}{es01}{172.23.0.3}{172.23.0.3:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}{ml.allocated_processors_double=8.0, ml.max_jvm_size=2147483648, ml.config_version=11.0.0, xpack.installed=true, transform.config_version=10.0.0, ml.machine_memory=4294967296, ml.allocated_processors=8}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 21:36:09 {"@timestamp":"2023-11-11T13:36:08.993Z", "log.level": "INFO", "message":"reloading search analyzers", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#4]","log.logger":"org.elasticsearch.index.mapper.MapperService","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster","tags":[" [.kibana_security_solution_8.11.0_001]"]}
2023-11-11 21:36:09 {"@timestamp":"2023-11-11T13:36:09.207Z", "log.level": "INFO", "message":"reloading search analyzers", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#1]","log.logger":"org.elasticsearch.index.mapper.MapperService","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster","tags":[" [.kibana_8.11.0_001]"]}
2023-11-11 21:37:14 {"@timestamp":"2023-11-11T13:37:14.034Z", "log.level": "INFO", "message":"reloading search analyzers", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#4]","log.logger":"org.elasticsearch.index.mapper.MapperService","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster","tags":[" [.security-7]"]}
2023-11-11 21:37:16 {"@timestamp":"2023-11-11T13:37:16.189Z", "log.level": "INFO", "message":"reloading search analyzers", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#4]","log.logger":"org.elasticsearch.index.mapper.MapperService","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster","tags":[" [.kibana_task_manager_8.11.0_001]"]}
2023-11-11 21:37:35 {"@timestamp":"2023-11-11T13:37:35.724Z", "log.level": "WARN", "message":"absolute clock went backwards by [441ms/441ms] while timer thread was sleeping", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][[timer]]","log.logger":"org.elasticsearch.threadpool.ThreadPool","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 21:37:41 {"@timestamp":"2023-11-11T13:37:41.245Z", "log.level": "INFO", "message":"reloading search analyzers", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#1]","log.logger":"org.elasticsearch.index.mapper.MapperService","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster","tags":[" [.tasks]"]}
2023-11-11 21:37:41 {"@timestamp":"2023-11-11T13:37:41.568Z", "log.level": "INFO", "message":"reloading search analyzers", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#4]","log.logger":"org.elasticsearch.index.mapper.MapperService","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster","tags":[" [.apm-custom-link]"]}
2023-11-11 21:39:08 {"@timestamp":"2023-11-11T13:39:08.185Z", "log.level": "INFO", "message":"[gc][young][213][11] duration [742ms], collections [1]/[1s], total [742ms]/[2.1s], memory [516.4mb]->[116.5mb]/[2gb], all_pools {[young] [436mb]->[4mb]/[0b]}{[old] [64.5mb]->[64.5mb]/[2gb]}{[survivor] [15.9mb]->[48mb]/[0b]}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][scheduler][T#1]","log.logger":"org.elasticsearch.monitor.jvm.JvmGcMonitorService","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 21:39:08 {"@timestamp":"2023-11-11T13:39:08.224Z", "log.level": "WARN", "message":"[gc][213] overhead, spent [742ms] collecting in the last [1s]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][scheduler][T#1]","log.logger":"org.elasticsearch.monitor.jvm.JvmGcMonitorService","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 21:40:25 {"@timestamp":"2023-11-11T13:40:25.638Z", "log.level": "WARN", "message":"[gc][young][289][12] duration [1.8s], collections [1]/[2s], total [1.8s]/[3.9s], memory [160.5mb]->[114.9mb]/[2gb], all_pools {[young] [48mb]->[0b]/[0b]}{[old] [64.5mb]->[110.2mb]/[2gb]}{[survivor] [48mb]->[4.6mb]/[0b]}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][scheduler][T#1]","log.logger":"org.elasticsearch.monitor.jvm.JvmGcMonitorService","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 21:40:25 {"@timestamp":"2023-11-11T13:40:25.712Z", "log.level": "WARN", "message":"[gc][289] overhead, spent [1.8s] collecting in the last [2s]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][scheduler][T#1]","log.logger":"org.elasticsearch.monitor.jvm.JvmGcMonitorService","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 21:43:30 {"@timestamp":"2023-11-11T13:43:30.193Z", "log.level": "INFO", "message":"[gc][young][470][13] duration [767ms], collections [1]/[1.4s], total [767ms]/[4.7s], memory [338.9mb]->[113.5mb]/[2gb], all_pools {[young] [224mb]->[0b]/[0b]}{[old] [110.2mb]->[110.2mb]/[2gb]}{[survivor] [4.6mb]->[3.2mb]/[0b]}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][scheduler][T#1]","log.logger":"org.elasticsearch.monitor.jvm.JvmGcMonitorService","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 21:43:30 {"@timestamp":"2023-11-11T13:43:30.350Z", "log.level": "WARN", "message":"[gc][470] overhead, spent [767ms] collecting in the last [1.4s]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][scheduler][T#1]","log.logger":"org.elasticsearch.monitor.jvm.JvmGcMonitorService","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}

Managed to now get es01 failed. Latest logs attached.
LATEST ES-LOGS

2023-11-11 22:01:13 {"@timestamp":"2023-11-11T14:01:13.327Z", "log.level": "INFO", "message":"bound or publishing to a non-loopback address, enforcing bootstrap checks", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.bootstrap.BootstrapChecks","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 22:01:14 {"@timestamp":"2023-11-11T14:01:14.511Z", "log.level": "WARN", "message":"this node is locked into cluster UUID [3m-f4WNRREeLwEQNJDIbbQ] but [cluster.initial_master_nodes] is set to [es01, es02, es03]; remove this setting to avoid possible data loss caused by subsequent cluster bootstrap attempts; for further information see https://www.elastic.co/guide/en/elasticsearch/reference/8.11/important-settings.html#initial_master_nodes", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.cluster.coordination.ClusterBootstrapService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 22:01:26 {"@timestamp":"2023-11-11T14:01:26.688Z", "log.level": "WARN", "message":"master not discovered or elected yet, an election requires at least 2 nodes with ids from [TMQPiSCqQeSMOiDsX_C5MQ, aSKFSYSvR96IAjii9hFj4w, -JiMNlfRSOi4PBvbLV7urg], have only discovered non-quorum [{es01}{TMQPiSCqQeSMOiDsX_C5MQ}{wK6SjdGqQJaXnNZDCcaZlQ}{es01}{172.23.0.3}{172.23.0.3:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}]; discovery will continue using [172.23.0.4:9300, 172.23.0.5:9300] from hosts providers and [{es01}{TMQPiSCqQeSMOiDsX_C5MQ}{wK6SjdGqQJaXnNZDCcaZlQ}{es01}{172.23.0.3}{172.23.0.3:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}] from last-known cluster state; node term 22, last-accepted version 302 in term 22; for troubleshooting guidance, see https://www.elastic.co/guide/en/elasticsearch/reference/8.11/discovery-troubleshooting.html", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][cluster_coordination][T#1]","log.logger":"org.elasticsearch.cluster.coordination.ClusterFormationFailureHelper","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 22:01:37 {"@timestamp":"2023-11-11T14:01:37.282Z", "log.level": "WARN", "message":"master not discovered or elected yet, an election requires at least 2 nodes with ids from [TMQPiSCqQeSMOiDsX_C5MQ, aSKFSYSvR96IAjii9hFj4w, -JiMNlfRSOi4PBvbLV7urg], have only discovered non-quorum [{es01}{TMQPiSCqQeSMOiDsX_C5MQ}{wK6SjdGqQJaXnNZDCcaZlQ}{es01}{172.23.0.3}{172.23.0.3:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}]; discovery will continue using [172.23.0.4:9300, 172.23.0.5:9300] from hosts providers and [{es01}{TMQPiSCqQeSMOiDsX_C5MQ}{wK6SjdGqQJaXnNZDCcaZlQ}{es01}{172.23.0.3}{172.23.0.3:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}] from last-known cluster state; node term 22, last-accepted version 302 in term 22; for troubleshooting guidance, see https://www.elastic.co/guide/en/elasticsearch/reference/8.11/discovery-troubleshooting.html", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][cluster_coordination][T#1]","log.logger":"org.elasticsearch.cluster.coordination.ClusterFormationFailureHelper","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 22:01:46 {"@timestamp":"2023-11-11T14:01:46.092Z", "log.level": "WARN", "message":"timed out while waiting for initial discovery state - timeout: 30s", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#1]","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 22:01:46 {"@timestamp":"2023-11-11T14:01:46.748Z", "log.level": "INFO", "message":"publish_address {172.23.0.3:9200}, bound_addresses {0.0.0.0:9200}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.http.AbstractHttpServerTransport","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 22:01:46 {"@timestamp":"2023-11-11T14:01:46.758Z", "log.level": "INFO", "message":"started {es01}{TMQPiSCqQeSMOiDsX_C5MQ}{wK6SjdGqQJaXnNZDCcaZlQ}{es01}{172.23.0.3}{172.23.0.3:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}{ml.allocated_processors=8, ml.machine_memory=4294967296, transform.config_version=10.0.0, xpack.installed=true, ml.config_version=11.0.0, ml.max_jvm_size=2147483648, ml.allocated_processors_double=8.0}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 22:01:50 {"@timestamp":"2023-11-11T14:01:50.073Z", "log.level": "WARN", "message":"master not discovered or elected yet, an election requires at least 2 nodes with ids from [TMQPiSCqQeSMOiDsX_C5MQ, aSKFSYSvR96IAjii9hFj4w, -JiMNlfRSOi4PBvbLV7urg], have discovered possible quorum [{es01}{TMQPiSCqQeSMOiDsX_C5MQ}{wK6SjdGqQJaXnNZDCcaZlQ}{es01}{172.23.0.3}{172.23.0.3:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}, {es02}{-JiMNlfRSOi4PBvbLV7urg}{C0zycprTTEWD4b5Qy8cDpA}{es02}{172.23.0.4}{172.23.0.4:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}, {es03}{aSKFSYSvR96IAjii9hFj4w}{iUBcrF_ITWKAsdDadIHSew}{es03}{172.23.0.5}{172.23.0.5:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}]; discovery will continue using [172.23.0.4:9300, 172.23.0.5:9300] from hosts providers and [{es01}{TMQPiSCqQeSMOiDsX_C5MQ}{wK6SjdGqQJaXnNZDCcaZlQ}{es01}{172.23.0.3}{172.23.0.3:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}] from last-known cluster state; node term 24, last-accepted version 302 in term 22; joining [{es02}{-JiMNlfRSOi4PBvbLV7urg}{C0zycprTTEWD4b5Qy8cDpA}{es02}{172.23.0.4}{172.23.0.4:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}] in term [24] has status [waiting for response] after [6s/6096ms]; for troubleshooting guidance, see https://www.elastic.co/guide/en/elasticsearch/reference/8.11/discovery-troubleshooting.html", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][cluster_coordination][T#1]","log.logger":"org.elasticsearch.cluster.coordination.ClusterFormationFailureHelper","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 22:01:56 {"@timestamp":"2023-11-11T14:01:56.350Z", "log.level": "INFO", "message":"master node changed {previous [], current [{es02}{-JiMNlfRSOi4PBvbLV7urg}{C0zycprTTEWD4b5Qy8cDpA}{es02}{172.23.0.4}{172.23.0.4:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}]}, added {{es03}{aSKFSYSvR96IAjii9hFj4w}{iUBcrF_ITWKAsdDadIHSew}{es03}{172.23.0.5}{172.23.0.5:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}, {es02}{-JiMNlfRSOi4PBvbLV7urg}{C0zycprTTEWD4b5Qy8cDpA}{es02}{172.23.0.4}{172.23.0.4:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}}, term: 24, version: 319, reason: ApplyCommitRequest{term=24, version=319, sourceNode={es02}{-JiMNlfRSOi4PBvbLV7urg}{C0zycprTTEWD4b5Qy8cDpA}{es02}{172.23.0.4}{172.23.0.4:9300}{cdfhilmrstw}{8.11.0}{7000099-8500003}{ml.allocated_processors=8, ml.machine_memory=4294967296, transform.config_version=10.0.0, xpack.installed=true, ml.config_version=11.0.0, ml.max_jvm_size=2147483648, ml.allocated_processors_double=8.0}}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.ClusterApplierService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 22:01:58 {"@timestamp":"2023-11-11T14:01:58.026Z", "log.level": "INFO", "message":"retrying master election after [10] failed attempts; election attempts are currently scheduled up to [1100ms] apart", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][cluster_coordination][T#1]","log.logger":"org.elasticsearch.cluster.coordination.ElectionSchedulerFactory","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 22:02:01 {"@timestamp":"2023-11-11T14:02:01.781Z", "log.level": "INFO", "message":"refresh keys", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.TokenService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 22:02:02 {"@timestamp":"2023-11-11T14:02:02.640Z", "log.level": "INFO", "message":"refreshed keys", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.TokenService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 22:02:04 {"@timestamp":"2023-11-11T14:02:04.083Z", "log.level": "INFO", "message":"license [4a2d1b11-2c62-4962-834d-5090a8f205dc] mode [basic] - valid", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.license.ClusterStateLicenseService","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 22:02:04 {"@timestamp":"2023-11-11T14:02:04.119Z", "log.level": "INFO", "message":"license mode is [basic], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.Realms","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
2023-11-11 22:02:09 {"@timestamp":"2023-11-11T14:02:09.467Z", "log.level": "INFO", "message":"reloading search analyzers", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#1]","log.logger":"org.elasticsearch.index.mapper.MapperService","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster","tags":[" [.kibana_security_solution_8.11.0_001]"]}
2023-11-11 22:02:09 {"@timestamp":"2023-11-11T14:02:09.501Z", "log.level": "INFO", "message":"reloading search analyzers", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#2]","log.logger":"org.elasticsearch.index.mapper.MapperService","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster","tags":[" [.kibana_task_manager_8.11.0_001]"]}
2023-11-11 22:02:13 {"@timestamp":"2023-11-11T14:02:13.595Z", "log.level": "INFO", "message":"reloading search analyzers", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#3]","log.logger":"org.elasticsearch.index.mapper.MapperService","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster","tags":[" [.security-7]"]}
2023-11-11 22:02:13 {"@timestamp":"2023-11-11T14:02:13.709Z", "log.level": "INFO", "message":"reloading search analyzers", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#2]","log.logger":"org.elasticsearch.index.mapper.MapperService","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster","tags":[" [.kibana_8.11.0_001]"]}
2023-11-11 22:02:16 {"@timestamp":"2023-11-11T14:02:16.631Z", "log.level": "INFO", "message":"reloading search analyzers", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#1]","log.logger":"org.elasticsearch.index.mapper.MapperService","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster","tags":[" [.apm-custom-link]"]}
2023-11-11 22:02:18 {"@timestamp":"2023-11-11T14:02:18.366Z", "log.level": "INFO", "message":"reloading search analyzers", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#5]","log.logger":"org.elasticsearch.index.mapper.MapperService","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster","tags":[" [.tasks]"]}
2023-11-11 22:02:24 {"@timestamp":"2023-11-11T14:02:24.128Z", "log.level": "INFO", "message":"reloading search analyzers", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#3]","log.logger":"org.elasticsearch.index.mapper.MapperService","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster","tags":[" [.kibana_analytics_8.11.0_001]"]}
2023-11-11 22:13:33 {"@timestamp":"2023-11-11T14:13:32.999Z", "log.level": "INFO", "message":"[gc][743] overhead, spent [411ms] collecting in the last [1s]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][scheduler][T#1]","log.logger":"org.elasticsearch.monitor.jvm.JvmGcMonitorService","elasticsearch.cluster.uuid":"3m-f4WNRREeLwEQNJDIbbQ","elasticsearch.node.id":"TMQPiSCqQeSMOiDsX_C5MQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}

DOCKER-COMPOSE

version: "3.8"

volumes:
  certs:
    driver: local
  esdata01:
    driver: local
  esdata02:
    driver: local
  esdata03:
    driver: local
  kibanadata:
    driver: local
  logstashdata01:
    driver: local

networks:
  default:
    name: elastic
    external: false
    
services:
  setup:
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
    user: "0"
    command: >
      bash -c '
        if [ x${ELASTIC_PASSWORD} == x ]; then
          echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
          exit 1;
        elif [ x${KIBANA_PASSWORD} == x ]; then
          echo "Set the KIBANA_PASSWORD environment variable in the .env file";
          exit 1;
        fi;
        if [ ! -f config/certs/ca.zip ]; then
          echo "Creating CA";
          bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
          unzip config/certs/ca.zip -d config/certs;
        fi;
        if [ ! -f config/certs/certs.zip ]; then
          echo "Creating certs";
          echo -ne \
          "instances:\n"\
          "  - name: es01\n"\
          "    dns:\n"\
          "      - es01\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          "  - name: es02\n"\
          "    dns:\n"\
          "      - es02\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          "  - name: es03\n"\
          "    dns:\n"\
          "      - es03\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          "  - name: kibana\n"\
          "    dns:\n"\
          "      - kibana\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          > config/certs/instances.yml;
          bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
          unzip config/certs/certs.zip -d config/certs;
        fi;
        echo "Setting file permissions"
        chown -R root:root config/certs;
        find . -type d -exec chmod 750 \{\} \;;
        find . -type f -exec chmod 640 \{\} \;;
        echo "Waiting for Elasticsearch availability";
        until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
        echo "Setting kibana_system password";
        until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
        echo "All done!";
      '
    healthcheck:
      test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
      interval: 1s
      timeout: 5s
      retries: 120

  es01:
    depends_on:
      setup:
        condition: service_healthy
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    labels:
      co.elastic.logs/module: elasticsearch
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - esdata01:/usr/share/elasticsearch/data
    ports:
      - 9201:9200
    environment:
      - node.name=es01
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es02,es03
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es01/es01.key
      - xpack.security.http.ssl.certificate=certs/es01/es01.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es01/es01.key
      - xpack.security.transport.ssl.certificate=certs/es01/es01.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    mem_limit: ${ES_MEM_LIMIT}
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9201 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  es02:
    depends_on:
      - es01
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    labels:
      co.elastic.logs/module: elasticsearch
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - esdata02:/usr/share/elasticsearch/data
    environment:
      - node.name=es02
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es01,es03
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es02/es02.key
      - xpack.security.http.ssl.certificate=certs/es02/es02.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es02/es02.key
      - xpack.security.transport.ssl.certificate=certs/es02/es02.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    mem_limit: ${ES_MEM_LIMIT}
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9201 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  es03:
    depends_on:
      - es02
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    labels:
      co.elastic.logs/module: elasticsearch
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - esdata03:/usr/share/elasticsearch/data
    environment:
      - node.name=es03
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es01,es02
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es03/es03.key
      - xpack.security.http.ssl.certificate=certs/es03/es03.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es03/es03.key
      - xpack.security.transport.ssl.certificate=certs/es03/es03.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    mem_limit: ${ES_MEM_LIMIT}
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9201 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  kibana:
    depends_on:
      es01:
        condition: service_healthy
      # es02:
      #   condition: service_healthy
      # es03:
      #   condition: service_healthy
    image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
    labels:
      co.elastic.logs/module: kibana
    volumes:
      - certs:/usr/share/kibana/config/certs
      - kibanadata:/usr/share/kibana/data
    ports:
      - ${KIBANA_PORT}:5601
      - ${ES_PORT}:9200
    environment:
      - SERVERNAME=kibana
      - ELASTICSEARCH_HOSTS=https://es01:9201
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
    mem_limit: ${KB_MEM_LIMIT}
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
        ]
      interval: 5s
      timeout: 10s
      retries: 10

  logstash:
    depends_on: 
      es01:
        condition: service_healthy
      kibana:
        condition: service_healthy
    image: docker.elastic.co/logstash/logstash:${STACK_VERSION}
    labels:
      co.elastic.logs/module: logstash
    user: root
    volumes:
      - logstashdata01:/usr/share/logstash/data
      - certs:/usr/share/logstash/certs
      - ./logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro
    environment:
      - NODE_NAME="logstash"
      - xpack.monitoring.enabled=false
      - ELASTIC_USER=elastic
      - ELASTIC_PASSWORD={ELASTIC_PASSWORD}
      - ELASTIC_HOSTS=https://es01:9201
    command: logstash -f /usr/share/logstash/pipeline/logstash.conf
    ports:
      - "5044:5044/udp"
    mem_limit: ${LS_MEM_LIMIT}
 

This is wrong, please check the official docker compose and validate with your compose.

This is the configuration for your kibana container, you only need to expose the kibana port, remove the - ${ES_PORT}:9200 line from this part of your compose.

Rollback the changes you made to your docker compose, you need to only change this:

The ports needs to be - ${ES_PORT}:9200

Your issue is a docker issue, you need to validate your docker compose to see if all ports are correctly exposed.

You need to change all 9201 port back to 9200, and use the ES_PORT variable in your es01 container configuration only.

Then you set this port to 9200 in your env file.

Looking with more attention, the external port should not make any difference in this case.

But try with this docker compose to see if it works.

version: "3.8"

volumes:
  certs:
    driver: local
  esdata01:
    driver: local
  esdata02:
    driver: local
  esdata03:
    driver: local
  kibanadata:
    driver: local
  logstashdata01:
    driver: local

networks:
  default:
    name: elastic
    external: false
    
services:
  setup:
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
    user: "0"
    command: >
      bash -c '
        if [ x${ELASTIC_PASSWORD} == x ]; then
          echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
          exit 1;
        elif [ x${KIBANA_PASSWORD} == x ]; then
          echo "Set the KIBANA_PASSWORD environment variable in the .env file";
          exit 1;
        fi;
        if [ ! -f config/certs/ca.zip ]; then
          echo "Creating CA";
          bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
          unzip config/certs/ca.zip -d config/certs;
        fi;
        if [ ! -f config/certs/certs.zip ]; then
          echo "Creating certs";
          echo -ne \
          "instances:\n"\
          "  - name: es01\n"\
          "    dns:\n"\
          "      - es01\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          "  - name: es02\n"\
          "    dns:\n"\
          "      - es02\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          "  - name: es03\n"\
          "    dns:\n"\
          "      - es03\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          "  - name: kibana\n"\
          "    dns:\n"\
          "      - kibana\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          > config/certs/instances.yml;
          bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
          unzip config/certs/certs.zip -d config/certs;
        fi;
        echo "Setting file permissions"
        chown -R root:root config/certs;
        find . -type d -exec chmod 750 \{\} \;;
        find . -type f -exec chmod 640 \{\} \;;
        echo "Waiting for Elasticsearch availability";
        until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
        echo "Setting kibana_system password";
        until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
        echo "All done!";
      '
    healthcheck:
      test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
      interval: 1s
      timeout: 5s
      retries: 120

  es01:
    depends_on:
      setup:
        condition: service_healthy
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    labels:
      co.elastic.logs/module: elasticsearch
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - esdata01:/usr/share/elasticsearch/data
    ports:
      - ${ES_PORT}:9200
    environment:
      - node.name=es01
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es02,es03
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es01/es01.key
      - xpack.security.http.ssl.certificate=certs/es01/es01.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es01/es01.key
      - xpack.security.transport.ssl.certificate=certs/es01/es01.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    mem_limit: ${ES_MEM_LIMIT}
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  es02:
    depends_on:
      - es01
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    labels:
      co.elastic.logs/module: elasticsearch
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - esdata02:/usr/share/elasticsearch/data
    environment:
      - node.name=es02
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es01,es03
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es02/es02.key
      - xpack.security.http.ssl.certificate=certs/es02/es02.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es02/es02.key
      - xpack.security.transport.ssl.certificate=certs/es02/es02.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    mem_limit: ${ES_MEM_LIMIT}
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  es03:
    depends_on:
      - es02
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    labels:
      co.elastic.logs/module: elasticsearch
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - esdata03:/usr/share/elasticsearch/data
    environment:
      - node.name=es03
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es01,es02
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es03/es03.key
      - xpack.security.http.ssl.certificate=certs/es03/es03.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es03/es03.key
      - xpack.security.transport.ssl.certificate=certs/es03/es03.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    mem_limit: ${ES_MEM_LIMIT}
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  kibana:
    depends_on:
      es01:
        condition: service_healthy
      # es02:
      #   condition: service_healthy
      # es03:
      #   condition: service_healthy
    image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
    labels:
      co.elastic.logs/module: kibana
    volumes:
      - certs:/usr/share/kibana/config/certs
      - kibanadata:/usr/share/kibana/data
    ports:
      - ${KIBANA_PORT}:5601
    environment:
      - SERVERNAME=kibana
      - ELASTICSEARCH_HOSTS=https://es01:9200
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
    mem_limit: ${KB_MEM_LIMIT}
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
        ]
      interval: 5s
      timeout: 10s
      retries: 10

  logstash:
    depends_on: 
      es01:
        condition: service_healthy
      kibana:
        condition: service_healthy
    image: docker.elastic.co/logstash/logstash:${STACK_VERSION}
    labels:
      co.elastic.logs/module: logstash
    user: root
    volumes:
      - logstashdata01:/usr/share/logstash/data
      - certs:/usr/share/logstash/certs
      - ./logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro
    environment:
      - NODE_NAME="logstash"
      - xpack.monitoring.enabled=false
      - ELASTIC_USER=elastic
      - ELASTIC_PASSWORD={ELASTIC_PASSWORD}
      - ELASTIC_HOSTS=https://es01:9200
    command: logstash -f /usr/share/logstash/pipeline/logstash.conf
    ports:
      - "5044:5044/udp"
    mem_limit: ${LS_MEM_LIMIT}

What was the edit u made here?

Just the port for the es01 container, but nevermind, I don't think this is the issue as this is just related to the port on the host, and kibana uses the internal port.

I'm trying to run your compose to see if I catch the error.

In ubuntu CLI, the Kib container threw Error

But in Docker, Kib Container is still running.

image1274×425 221 KB

2023-11-11 22:57:15 [2023-11-11T14:57:15.128+00:00][WARN ][environment] Detected an unhandled Promise rejection: TimeoutError: Request timed out
2023-11-11 22:57:15     at KibanaTransport.request (/usr/share/kibana/node_modules/@elastic/transport/lib/Transport.js:527:31)
2023-11-11 22:57:15     at processTicksAndRejections (node:internal/process/task_queues:95:5)
2023-11-11 22:57:15     at runNextTicks (node:internal/process/task_queues:64:3)
2023-11-11 22:57:15     at listOnTimeout (node:internal/timers:538:9)
2023-11-11 22:57:15     at processTimers (node:internal/timers:512:7)
2023-11-11 22:57:15     at KibanaTransport.request (/usr/share/kibana/node_modules/@kbn/core-elasticsearch-client-server-internal/src/create_transport.js:51:16)
2023-11-11 22:57:15     at ClientTraced.GetApi [as get] (/usr/share/kibana/node_modules/@elastic/elasticsearch/lib/api/api/get.js:36:12)
2023-11-11 22:57:15 [2023-11-11T14:57:15.162+00:00][WARN ][process] UnhandledPromiseRejectionWarning: TimeoutError: Request timed out
2023-11-11 22:57:15     at KibanaTransport.request (/usr/share/kibana/node_modules/@elastic/transport/lib/Transport.js:527:31)
2023-11-11 22:57:15     at processTicksAndRejections (node:internal/process/task_queues:95:5)
2023-11-11 22:57:15     at runNextTicks (node:internal/process/task_queues:64:3)
2023-11-11 22:57:15     at listOnTimeout (node:internal/timers:538:9)
2023-11-11 22:57:15     at processTimers (node:internal/timers:512:7)
2023-11-11 22:57:15     at KibanaTransport.request (/usr/share/kibana/node_modules/@kbn/core-elasticsearch-client-server-internal/src/create_transport.js:51:16)
2023-11-11 22:57:15     at ClientTraced.GetApi [as get] (/usr/share/kibana/node_modules/@elastic/elasticsearch/lib/api/api/get.js:36:12)
2023-11-11 22:57:15     at emitUnhandledRejectionWarning (node:internal/process/promises:200:15)
2023-11-11 22:57:15     at processPromiseRejections (node:internal/process/promises:279:11)
2023-11-11 22:57:15     at processTicksAndRejections (node:internal/process/task_queues:96:32)
2023-11-11 22:57:15     at runNextTicks (node:internal/process/task_queues:64:3)
2023-11-11 22:57:15     at listOnTimeout (node:internal/timers:538:9)
2023-11-11 22:57:15     at processTimers (node:internal/timers:512:7)
2023-11-11 22:57:15 [2023-11-11T14:57:15.167+00:00][WARN ][process] TimeoutError: Request timed out
2023-11-11 22:57:15     at KibanaTransport.request (/usr/share/kibana/node_modules/@elastic/transport/lib/Transport.js:527:31)
2023-11-11 22:57:15     at processTicksAndRejections (node:internal/process/task_queues:95:5)
2023-11-11 22:57:15     at runNextTicks (node:internal/process/task_queues:64:3)
2023-11-11 22:57:15     at listOnTimeout (node:internal/timers:538:9)
2023-11-11 22:57:15     at processTimers (node:internal/timers:512:7)
2023-11-11 22:57:15     at KibanaTransport.request (/usr/share/kibana/node_modules/@kbn/core-elasticsearch-client-server-internal/src/create_transport.js:51:16)
2023-11-11 22:57:15     at ClientTraced.GetApi [as get] (/usr/share/kibana/node_modules/@elastic/elasticsearch/lib/api/api/get.js:36:12)
2023-11-11 22:57:15 [2023-11-11T14:57:15.184+00:00][ERROR][plugins.reporting] Error in Reporting start, reporting may not function properly
2023-11-11 22:57:15 [2023-11-11T14:57:15.186+00:00][ERROR][plugins.reporting] TimeoutError: Request timed out
2023-11-11 22:57:15     at KibanaTransport.request (/usr/share/kibana/node_modules/@elastic/transport/lib/Transport.js:527:31)
2023-11-11 22:57:15     at processTicksAndRejections (node:internal/process/task_queues:95:5)
2023-11-11 22:57:15     at runNextTicks (node:internal/process/task_queues:64:3)
2023-11-11 22:57:15     at listOnTimeout (node:internal/timers:538:9)
2023-11-11 22:57:15     at processTimers (node:internal/timers:512:7)
2023-11-11 22:57:15     at KibanaTransport.request (/usr/share/kibana/node_modules/@kbn/core-elasticsearch-client-server-internal/src/create_transport.js:51:16)
2023-11-11 22:57:15     at ClientTraced.CreateApi [as create] (/usr/share/kibana/node_modules/@elastic/elasticsearch/lib/api/api/create.js:43:12)
2023-11-11 22:57:15 [2023-11-11T14:57:15.201+00:00][WARN ][environment] Detected an unhandled Promise rejection: TimeoutError: Request timed out
2023-11-11 22:57:15     at KibanaTransport.request (/usr/share/kibana/node_modules/@elastic/transport/lib/Transport.js:527:31)
2023-11-11 22:57:15     at processTicksAndRejections (node:internal/process/task_queues:95:5)
2023-11-11 22:57:15     at runNextTicks (node:internal/process/task_queues:64:3)
2023-11-11 22:57:15     at listOnTimeout (node:internal/timers:538:9)
2023-11-11 22:57:15     at processTimers (node:internal/timers:512:7)
2023-11-11 22:57:15     at KibanaTransport.request (/usr/share/kibana/node_modules/@kbn/core-elasticsearch-client-server-internal/src/create_transport.js:51:16)
2023-11-11 22:57:15     at ClientTraced.GetApi [as get] (/usr/share/kibana/node_modules/@elastic/elasticsearch/lib/api/api/get.js:36:12)
2023-11-11 22:57:15 [2023-11-11T14:57:15.204+00:00][WARN ][process] UnhandledPromiseRejectionWarning: TimeoutError: Request timed out
2023-11-11 22:57:15     at KibanaTransport.request (/usr/share/kibana/node_modules/@elastic/transport/lib/Transport.js:527:31)
2023-11-11 22:57:15     at processTicksAndRejections (node:internal/process/task_queues:95:5)
2023-11-11 22:57:15     at runNextTicks (node:internal/process/task_queues:64:3)
2023-11-11 22:57:15     at listOnTimeout (node:internal/timers:538:9)
2023-11-11 22:57:15     at processTimers (node:internal/timers:512:7)
2023-11-11 22:57:15     at KibanaTransport.request (/usr/share/kibana/node_modules/@kbn/core-elasticsearch-client-server-internal/src/create_transport.js:51:16)
2023-11-11 22:57:15     at ClientTraced.GetApi [as get] (/usr/share/kibana/node_modules/@elastic/elasticsearch/lib/api/api/get.js:36:12)
2023-11-11 22:57:15     at emitUnhandledRejectionWarning (node:internal/process/promises:200:15)
2023-11-11 22:57:15     at processPromiseRejections (node:internal/process/promises:279:11)
2023-11-11 22:57:15     at processTicksAndRejections (node:internal/process/task_queues:96:32)
2023-11-11 22:57:15     at runNextTicks (node:internal/process/task_queues:64:3)
2023-11-11 22:57:15     at listOnTimeout (node:internal/timers:538:9)
2023-11-11 22:57:15     at processTimers (node:internal/timers:512:7)
2023-11-11 22:57:15 [2023-11-11T14:57:15.206+00:00][WARN ][process] TimeoutError: Request timed out
2023-11-11 22:57:15     at KibanaTransport.request (/usr/share/kibana/node_modules/@elastic/transport/lib/Transport.js:527:31)
2023-11-11 22:57:15     at processTicksAndRejections (node:internal/process/task_queues:95:5)
2023-11-11 22:57:15     at runNextTicks (node:internal/process/task_queues:64:3)
2023-11-11 22:57:15     at listOnTimeout (node:internal/timers:538:9)
2023-11-11 22:57:15     at processTimers (node:internal/timers:512:7)
2023-11-11 22:57:15     at KibanaTransport.request (/usr/share/kibana/node_modules/@kbn/core-elasticsearch-client-server-internal/src/create_transport.js:51:16)
2023-11-11 22:57:15     at ClientTraced.GetApi [as get] (/usr/share/kibana/node_modules/@elastic/elasticsearch/lib/api/api/get.js:36:12)
2023-11-11 22:57:15 [2023-11-11T14:57:15.228+00:00][ERROR][plugins.apm] Failed to add API keys to APM package policies
2023-11-11 22:57:15 [2023-11-11T14:57:15.229+00:00][ERROR][plugins.apm] TimeoutError: Request timed out
2023-11-11 22:57:15     at KibanaTransport.request (/usr/share/kibana/node_modules/@elastic/transport/lib/Transport.js:527:31)
2023-11-11 22:57:15     at processTicksAndRejections (node:internal/process/task_queues:95:5)
2023-11-11 22:57:15     at runNextTicks (node:internal/process/task_queues:64:3)
2023-11-11 22:57:15     at listOnTimeout (node:internal/timers:538:9)
2023-11-11 22:57:15     at processTimers (node:internal/timers:512:7)
2023-11-11 22:57:15     at KibanaTransport.request (/usr/share/kibana/node_modules/@kbn/core-elasticsearch-client-server-internal/src/create_transport.js:51:16)
2023-11-11 22:57:15     at ClientTraced.SearchApi [as search] (/usr/share/kibana/node_modules/@elastic/elasticsearch/lib/api/api/search.js:66:12)
2023-11-11 22:57:15 [2023-11-11T14:57:15.401+00:00][ERROR][plugins.apm] Failed to schedule APM source map migration
2023-11-11 22:57:15 [2023-11-11T14:57:15.402+00:00][ERROR][plugins.apm] TimeoutError: Request timed out
2023-11-11 22:57:15     at KibanaTransport.request (/usr/share/kibana/node_modules/@elastic/transport/lib/Transport.js:527:31)
2023-11-11 22:57:15     at processTicksAndRejections (node:internal/process/task_queues:95:5)
2023-11-11 22:57:15     at runNextTicks (node:internal/process/task_queues:64:3)
2023-11-11 22:57:15     at processTimers (node:internal/timers:509:9)
2023-11-11 22:57:15     at KibanaTransport.request (/usr/share/kibana/node_modules/@kbn/core-elasticsearch-client-server-internal/src/create_transport.js:51:16)
2023-11-11 22:57:15     at ClientTraced.CreateApi [as create] (/usr/share/kibana/node_modules/@elastic/elasticsearch/lib/api/api/create.js:43:12)
2023-11-11 22:57:16 [2023-11-11T14:57:16.261+00:00][INFO ][plugins.fleet] Task Fleet-Usage-Logger-Task scheduled with interval 15m
2023-11-11 22:57:16 [2023-11-11T14:57:16.849+00:00][INFO ][status] Kibana is now degraded (was unavailable)
2023-11-11 22:57:18 [2023-11-11T14:57:18.110+00:00][ERROR][plugins.security.authentication] License is not available, authentication is not possible.
2023-11-11 22:57:31 [2023-11-11T14:57:30.968+00:00][INFO ][plugins.monitoring.monitoring.kibana-monitoring] Starting monitoring stats collection
2023-11-11 22:57:31 [2023-11-11T14:57:31.616+00:00][INFO ][plugins.fleet] Beginning fleet setup
2023-11-11 22:57:34 [2023-11-11T14:57:34.614+00:00][INFO ][plugins.telemetry] Telemetry collection is enabled. For more information on telemetry settings, refer to https://www.elastic.co/guide/en/kibana/8.11/telemetry-settings-kbn.html.
2023-11-11 22:57:35 [2023-11-11T14:57:35.228+00:00][INFO ][plugins.ruleRegistry] Installing ILM policy .preview.alerts-security.alerts-policy
2023-11-11 22:57:35 [2023-11-11T14:57:35.354+00:00][INFO ][plugins.observability] Installing SLO index template [.slo-observability.sli]
2023-11-11 22:57:36 [2023-11-11T14:57:36.181+00:00][INFO ][plugins.alerting] Installing component template .alerts-stack.alerts-mappings
2023-11-11 22:57:36 [2023-11-11T14:57:36.268+00:00][INFO ][plugins.alerting] Installing component template .alerts-observability.slo.alerts-mappings
2023-11-11 22:57:36 [2023-11-11T14:57:36.276+00:00][INFO ][plugins.alerting] Installing component template .alerts-observability.threshold.alerts-mappings
2023-11-11 22:57:36 [2023-11-11T14:57:36.305+00:00][INFO ][plugins.alerting] Installing component template .alerts-ml.anomaly-detection.alerts-mappings
2023-11-11 22:57:36 [2023-11-11T14:57:36.422+00:00][INFO ][plugins.alerting] Installing component template .alerts-observability.uptime.alerts-mappings
2023-11-11 22:57:36 [2023-11-11T14:57:36.429+00:00][INFO ][plugins.alerting] Installing component template .alerts-observability.logs.alerts-mappings
2023-11-11 22:57:36 [2023-11-11T14:57:36.435+00:00][INFO ][plugins.alerting] Installing component template .alerts-observability.metrics.alerts-mappings
2023-11-11 22:57:36 [2023-11-11T14:57:36.924+00:00][INFO ][plugins.alerting] Installing component template .alerts-security.alerts-mappings
2023-11-11 22:57:37 [2023-11-11T14:57:37.022+00:00][INFO ][plugins.alerting] Installing component template .alerts-observability.apm.alerts-mappings
2023-11-11 22:57:50 [2023-11-11T14:57:50.295+00:00][WARN ][plugins.kibanaUsageCollection] Average event loop delay threshold exceeded 350ms. Received 376.32139264ms. See https://ela.st/kibana-scaling-considerations for more information about scaling Kibana.

Hi Drive by comments.

First, I would always get Elasticsearch and Kibana working first before adding the other containers.

Second, I would work from the official compose.

And just reduce that down to a single node first. Get that all running before doing anything else.... I think I have a copy of that but I'm not at my desk right now.

Third, this has caused a number of issues with other people.

The setup only runs once because once the files are created it has logic to not run again. If for some reason it did not create the certs correctly, the correct certs will never be created again. The setup only runs the first time.

I would suggest since you haven't really got it running that you purge all the the volumes and try starting it over again.

Just a couple thoughts.

This is peculiar. I now can see the localhost:5601 webpage!

image1486×494 114 KB

But when I send a curl to 9200. I get empty request. When I open localhost:9200, I also dont get a response.

Is this intended behaviour?

=============================================
I would not be sure how to add additional containers. In the beginning, I start by trying to follow the single container arrangement but I kept failing/get stuck because

1. I was setting up docker containers independent of each other. Have to manually start es and kib on sep clicks
2. Cannot get ES and Kib to talk to e/o despite defining them on same network.
3. I didnt know how docker-compose.yml come into the picture nor could I even find templates for it.

A lot of the official ES documentation just arbitrarily puts stuff in CLI format without actually telling clearly where or what to run that specific command, markup and etc. This makes it difficult for beginner as its ambigious which CLI to use - cmd? powershell? ubuntu? or smth else.

Sometimes we also dont even know what markup or language is used when something is written in code format.

PERFECT EG

image876×466 25.2 KB

I had to find YouTube video for easier visualisation.

Thus i resort to YouTube video on this multisetup arrangement where docker-compose.yml was used.

You need to use * https*.

Try curl -k https://localhost:9200 -u elastic:PASSWORD_YOU_USED_THE_ENV_FILE

Not sure what was your issue, I was able to run your docker-compose.yml without any issues.

Oh dear i have been using http coz Chat said so

image797×457 18.1 KB

Yes! Now I can get this finally!

Now I have a next part involving Logstash. I think i create a new Thread about it

Be careful using chat GPT for elasticsearch instructions as the data is several years old and we've had significant changes since then.

Also, what's worse sometimes as you just discovered the results can seem very correct and convincing and yet be incorrect.