Kibana server is not ready yet and logstash 401 error

@adityasinghal26 @renangenova
I'm new to the ELK stack
I watched a youtube tutorial and setup the ELK in my local using docker, here the youtube video link

This is my docker-compose.yml file

version: '3.6'
services:
 Elasticsearch:
   image: elasticsearch:8.6.2
   container_name: elasticsearch
   restart: always
   volumes:
   - elastic_data:/usr/share/elasticsearch/data/
   environment:
     ES_JAVA_OPTS: "-Xmx256m -Xms256m"
     discovery.type: single-node   
   ports:
   - '9200:9200'
   - '9300:9300'
   networks:
     - elk


 Logstash:
   image: logstash:8.6.2
   container_name: logstash
   restart: always
   volumes:
   - ./logstash/:/logstash_dir
   command: logstash -f /logstash_dir/logstash.conf
   depends_on:
     - Elasticsearch
   ports:
   - '9600:9600'
   environment:
     LS_JAVA_OPTS: "-Xmx256m -Xms256m"   
   networks:
     - elk


 Kibana:
   image: kibana:8.6.2
   container_name: kibana
   restart: always      
   ports:
   - '5601:5601'
   environment:
     - ELASTICSEARCH_URL=http://elasticsearch:9200 
   depends_on:
     - Elasticsearch 
   networks:
     - elk
volumes:
 elastic_data: {}


networks:
 elk:

I had created one more file in my local machine logstash/logstash.conf

input {
    file {
        path => "root/temp/anteater.log"
    }
}
output {
    elasticsearch {
        hosts => ["http://elasticsearch:9200"]
    }
}

after that i ran this command in terminal

docker compose up

I got this error in terminal

logstash       | [2023-03-08T06:46:20,779][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"http://elasticsearch:9200/", 
:exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'"}

elasticsearch host http://localhost:9200/ in that host im getting this output (in chrome)

{
  "name" : "4e1e8f4b954e",
  "cluster_name" : "docker-cluster",
  "cluster_uuid" : "TqKXbDUpRQyJNvD8posibg",
  "version" : {
    "number" : "8.6.2",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "2d58d0f136141f03239816a4e360a8d17b6d8f29",
    "build_date" : "2023-02-13T09:35:20.314882762Z",
    "build_snapshot" : false,
    "lucene_version" : "9.4.2",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}

logstash host http://localhost:9600/ im getting this (in chrome)

{"host":"14a409d312cf","version":"8.6.2","http_address":"0.0.0.0:9600","id":"9fbe55d7-33d8-4218-8d86-0c52dec234a3","name":"14a409d312cf","ephemeral_id":"e0bb3a33-fcdc-4248-9a7e-d8837f6a5cd1","status":"green","snapshot":false,"pipeline":
{"workers":6,"batch_size":125,"batch_delay":50},"build_date":"2023-02-12T05:42:46+00:00","build_sha":"4f0229a28712eb16c78e6c8eaff04560828a6ae2","build_snapshot":false}

kibana host http://localhost:5601/ im getting this in chrome

Kibana server is not ready yet.

After that, I tried to access this http://elasticsearch:9200 host in chrome as mentioned in the docker-compose.yml file, I'm getting this error

This site can’t be reached
Check if there is a typo in elasticsearch.
DNS_PROBE_FINISHED_NXDOMAIN

after inspecting the logstash container
in pipeline/logstash.conf

input {
  beats {
    port => 5044
  }
}

output {
  stdout {
    codec => rubydebug
  }
}

in config/logstash.yml

http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: [ "http://elasticsearch:9200" ]

I had tried so many solutions but still im getting this error, please help me solve this

The tutorial you linked is for version 7.X, which has security disabled by default.

On version 8.X security is enabled by default and you need to configure it both in Logstash and in Kibana.

The 401 error you got on Logstash is an authorization error because you didn't provided the authentication details, probably your issue with Kibana is the same.

Please follow the official documentation.

1 Like

@leandrojmp Thanks for the response here the solution i find

Solution

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.