Kibana login page with 6.5.1 version


I want to use Logstash, ElasticSearch and Kibana. To do so I installed Logstash, ElasticSearch and Kibana in my linux environment with 6.5.1 version.
In elasticsearch 6.5.1 version xpack comes along with the installer. So xpack separate installation for elasticsearch was not needed for me. By default xpack license comes as basic. Although I did the xpack security configuration in elasticsearch.yml file as follows - true true /elasticsearch-6.5.1/config/ssl/server.key /elasticsearch-6.5.1/config/ssl/server.pem [ "/elasticsearch-6.5.1/config/ssl/ca.pem" ] TLSv1.2

After making the changes I restarted elasticsearch server.
Also when ran this curl command I get this -

curl -u elastic -XGET -k ""
Enter host password for user 'elastic':
"license" : {
"status" : "active",
"uid" : "54fc2337-5ce0-49e3-8ddc-383d78d02de2",
"type" : "basic",
"issue_date" : "2019-07-09T08:04:48.782Z",
"issue_date_in_millis" : 1562659488782,
"max_nodes" : 1000,
"issued_to" : "elasticsearch",
"issuer" : "elasticsearch",
"start_date_in_millis" : -1

So this mush is my elasticsearch configuration.
For kibana I have enabled the elasticsearch build in user details in kibana.yml and restarted kibana.
elasticserach.username : "user"
elasticserach.password: "pass"

As I want to have a login page only for Kibana but not for Elasticsearch.
I restarted Kibana server, the Kibana doesn't prompt for any username or password, directly the home page loaded.

Am I missing any other setting in configuration files?

Can clarify what's wrong in the steps I did? Is it the license got to do anything to do with this ?



The security feature is available in the basic license from elastic 6.8.
Before that version you need to activate a trial or buy a license.

I'd upgrade.

Thank you David for your quick reply.. !! Really appreciate.

Hi ..

I have upgraded Logstash, Elastic Search and Kibana from 6.5.1 to 6.8 in order to have login functionality on kibana.
Now connection between Kibana and Elastic search is working as expected.
But now the issue appeared with Logstash and Elastic search connection.

This the error I could see in logstash-plain.log

[2019-07-18T03:49:32,140][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"6.8.0"}
[2019-07-18T03:49:35,957][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Got response code '401' contacting Elasticsearch at URL 'https://lxddv112.test.intranet:9200/_xpack'"}
[2019-07-18T03:49:36,022][ERROR][logstash.monitoring.internalpipelinesource] Failed to fetch X-Pack information from Elasticsearch. This is likely due to failure to reach a live Elasticsearch cluster.

Here is my logstash configuration below -

# X-Pack Monitoring
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: password
xpack.monitoring.elasticsearch.hosts: ["https://lxddv112.test.intranet:9200"]
xpack.monitoring.elasticsearch.ssl.certificate_authority: /ci/ssl/server.pem
#xpack.monitoring.elasticsearch.ssl.truststore.path: /ci/logstash/logstash-6.8.0/config/ssl/server.key
#xpack.monitoring.elasticsearch.ssl.truststore.password: changeit
#xpack.monitoring.elasticsearch.ssl.keystore.path: /ci/ssl/cacerts
#xpack.monitoring.elasticsearch.ssl.keystore.password: "123456"
#xpack.monitoring.elasticsearch.ssl.verification_mode: certificate
#xpack.monitoring.elasticsearch.sniffing: false
#xpack.monitoring.collection.interval: 10s
#xpack.monitoring.collection.pipeline.details.enabled: true
# X-Pack Management
# false ["main", "apache_logs"] logstash_admin_user password ["https://es1:9200", "https://es2:9200"] [ "/path/to/ca.crt" ] /path/to/file password /path/to/file password certificate false 5s

To corss check my certificate viewed the certificate server.pem. It looks like below -

#8: ObjectId: Criticality=false
SubjectAlternativeName [
  DNSName: lxddv112.test.intranet
  DNSName: lxddv113.test.intranet

One more point I would like to mention my logstash, elastic search and kibana are sharing the same jvm.
Am I missing any other setting in configuration files?

Can clarify what's wrong in the steps I did?

Thanks in advance

Hi I am able to solve the issue .. here are the steps below -

How to fix logstash and elastic search issue

Stop logstash
Keep running elastic search
Run curl command to change the build in user credentials as like Kibana, elastic search and logstash

Change password for kibana
curl -u elastic:changeme -XPUT -k "" -H 'Content-Type: application/json' -d '{"password": "password"}'

Change password for elasticseach -- **Note for elasticsearch you can keep the password unchanged
curl -u elastic:changeme -XPUT -k "" -H 'Content-Type: application/json' -d '{"password": "changeme"}'

You likely need to add user and roles to authenticate in elasticsearch license -

Create logstash role-
curl -uelastic:changeme -v -XPOST -k -H "Content-type: application/json" -d '{
"cluster": ["manage_index_templates", "monitor", "manage_ilm"],
"indices": [
"names": [ "logstash-*" ],
"privileges": ["write","delete","create_index","manage","manage_ilm"]
}' 'https://lxddv002.test.intranet:9200/_xpack/security/role/logstash_system'

Create logstash user -

curl -uelastic:changeme -v -XPOST -k -H "Content-type: application/json" -d '{
"password" : "password",
"roles" : [ "superuser","logstash_writer","admin"],
"full_name" : "Internal Logstash User"
}' "https://lxddv002.test.intranet:9200/_xpack/security/user/logstash_internal"

It is recommended that the new user must have the required permission to write on the indices in elastic search.

Use this username / password in logstash.yml file
Change the default elastic search username and password with the new one.
Update logstash-es.conf file as below -

output {
elasticsearch {
hosts => ["https://localhost:9200"]
ssl => true
#if true provide cacert for certificate verification
ssl_certificate_verification => false
keystore => "/opt/hcde/logcentral/ssl/cacerts"
keystore_password => "123456"
stdout { codec => rubydebug }

Restart logstash.yml and logstash-es.conf file and check the logs for elasticseach connectivity.
You shoud see the the license monitoring is ok.

Incase you are facing the similar issue and looking for solution please post on this topic here. I would love to reply and help to resolve your issue.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.