Hello everyone,
I have been tasked with setting up a self-hosted instance of ELK in a KVM environment using Arch Linux. The root filesystem is write-protected (at runtime) and any directories or files that services need to write to must therefor be sym-linked to another partition (/srv/ in this case). This is standard practice where I work and works well for other servies such as web-based applications and databases etc.
My problem is that, despite having followed the installation and configuration guides, I am getting the following error when attempting to access Kibana. Multiple browsers tested - same result:
I suspect that the error I'm seeing is very likely related to the write-protected root fs that my VM is confined to and I was wondering if anyone could perhaps suggest other directories or files (besides the ones mentioned below) that I should keep in mind...
Here is an overview of the various sym-links crated for Elasticsearch and Kibana:
Here is the contents of my kibana.yml and elasticsearch.yml files:
Here is the output of "netstat -tunpl", which seems fine to me.
I also don't see anything unusual in "/srv/kibana/log/kibana.log" immediately after trying to access the web page.
Also, nothing seemingly out of the ordinary in "/srv/elasticsearch/log/hekseldaja.log".
In terms of systemd (journalctl) output I also don't see anything particularly unusual.
elasticsearch, kibana and jre8 versions:
pacman -Q |grep elasticsearch
elasticsearch 7.10.1-1
pacman -Q |grep kibana
kibana 7.10.1-1
pacman -Q |grep jre
jre8-openjdk-headless 8.u292-1
Output from a variety of (possibly) relevant curl commands on the VM.
Thanks in advance for any helpful comments!