Kibana Server is Not Yet Ready

Hello! I have trouble setting up my ELK stack as I have faced an issue regarding Kibana. Btw, I have 3 different servers where I will install Elasticsearch, Kibana, and Logstash, separately.

Here are some details:

  1. Installation: I used tar.gz

  2. Version: 8.3.0

  3. Installation method: I've used the website documentation to install.

  4. elasticsearch.yml file

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch/data
#
# Path to log files:
#
path.logs: /var/lib/elasticsearch/log
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 151.208.205.35
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["node-1"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# --------------------------------- Readiness ----------------------------------
#
# Enable an unauthenticated TCP readiness endpoint on localhost
#
#readiness.port: 9399
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false

#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically      
# generated to configure Elasticsearch security features on 07-09-2022 13:51:40
#
# --------------------------------------------------------------------------------

# Enable security features
xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
#cluster.initial_master_nodes: ["ctl"]

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------`
  1. kibana.yml file
# For more configuration options see the configuration guide for Kibana in
# https://www.elastic.co/guide/index.html

# =================== System: Kibana Server ===================
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "151.208.205.36"

# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""

# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# Defaults to `false`.
#server.rewriteBasePath: false

# Specifies the public URL at which Kibana is available for end users. If
# `server.basePath` is configured this URL should end with the same basePath.
#server.publicBaseUrl: ""

# The maximum payload size in bytes for incoming server requests.
#server.maxPayload: 1048576

# The Kibana server's name. This is used for display purposes.
#server.name: "your-hostname"

# =================== System: Kibana Server (Optional) ===================
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key

# =================== System: Elasticsearch ===================
# The URLs of the Elasticsearch instances to use for all your queries.
#elasticsearch.hosts: ["http://151.208.205.35:9200"]

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "kibana_system"
elasticsearch.password: "hUgn0zosYU-a8gcVCyX3"

# Kibana can also authenticate to Elasticsearch via "service account tokens".
# Service account tokens are Bearer style tokens that replace the traditional username/password based configuration.
# Use this token instead of a username/password.
# elasticsearch.serviceAccountToken: "my_token"

# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000

# The maximum number of sockets that can be used for communications with elasticsearch.
# Defaults to `Infinity`.
#elasticsearch.maxSockets: 1024

# Specifies whether Kibana should use compression for communications with elasticsearch
# Defaults to `false`.
#elasticsearch.compression: false

# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]

# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000

# =================== System: Elasticsearch (Optional) ===================
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key

# Enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full

# =================== System: Logging ===================
# Set the value of this setting to off to suppress all logging output, or to debug to log everything. Defaults to 'info'
logging.root.level: info

# Enables you to specify a file where Kibana stores log output.
logging.appenders.default:
  type: file
  fileName: /etc/kibana-8.3.0/logs/kibana.log
  layout:
    type: json

# Logs queries sent to Elasticsearch.
#logging.loggers:
#  - name: elasticsearch.query
#    level: debug

# Logs http responses.
#logging.loggers:
#  - name: http.server.response
#    level: debug

# Logs system usage information.
#logging.loggers:
#  - name: metrics.ops
#    level: debug

# =================== System: Other ===================
# The path where Kibana stores persistent data not saved in Elasticsearch. Defaults to data
#path.data: data

# Specifies the path where Kibana creates the process ID file.
#pid.file: /run/kibana/kibana.pid

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000ms.
#ops.interval: 5000

# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English (default) "en", Chinese "zh-CN", Japanese "ja-JP", French "fr-FR".
#i18n.locale: "en"

# =================== Frequently used (Optional)===================

# =================== Saved Objects: Migrations ===================
# Saved object migrations run at startup. If you run into migration-related issues, you might need to adjust these settings.

# The number of documents migrated at a time.
# If Kibana can't start up or upgrade due to an Elasticsearch `circuit_breaking_exception`,
# use a smaller batchSize value to reduce the memory pressure. Defaults to 1000 objects per batch.
#migrations.batchSize: 1000

# The maximum payload size for indexing batches of upgraded saved objects.
# To avoid migrations failing due to a 413 Request Entity Too Large response from Elasticsearch.
# This value should be lower than or equal to your Elasticsearch cluster’s `http.max_content_length`
# configuration option. Default: 100mb
#migrations.maxBatchSizeBytes: 100mb

# The number of times to retry temporary migration failures. Increase the setting
# if migrations fail frequently with a message such as `Unable to complete the [...] step after
# 15 attempts, terminating`. Defaults to 15
#migrations.retryAttempts: 15

# =================== Search Autocomplete ===================
# Time in milliseconds to wait for autocomplete suggestions from Elasticsearch.
# This value must be a whole number greater than zero. Defaults to 1000ms
#unifiedSearch.autocomplete.valueSuggestions.timeout: 1000

# Maximum number of documents loaded by each shard to generate autocomplete suggestions.
# This value must be a whole number greater than zero. Defaults to 100_000
#unifiedSearch.autocomplete.valueSuggestions.terminateAfter: 100000



#xpack.security.encryptionKey: "#-n!ql1lst421k2s$a#e!r+hUcid_cre"



# This section was automatically generated during setup.
#elasticsearch.hosts: ['https://adlg3646:9200']
#elasticsearch.serviceAccountToken: AAEAAWVsYXN0aWMva2liYW5hL2Vucm9sbC1wcm9jZXNzLXRva2VuLTE2NjI1MzkyMTIxMjY6aE1XdzRHQmFRN3lDeEtfVXI5bDBRdw
#elasticsearch.ssl.certificateAuthorities: [/etc/kibana-8.3.0/data/ca_1662539209845.crt]
#xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://adlg3646:9200'], ca_trusted_fingerprint: a04039763a1e51752b75b328a9dce069f9596252d0589756e6aed084b965f409}]



# This section was automatically generated during setup.
#elasticsearch.hosts: ['https://151.208.205.35:9200']
#elasticsearch.username: kibana_system
#elasticsearch.password: hUgn0zosYU-a8gcVCyX3
#elasticsearch.ssl.certificateAuthorities: [/etc/kibana-8.3.0/data/ca_1662542620236.crt]
#xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://151.208.205.35:9200'], ca_trusted_fingerprint: a04039763a1e51752b75b328a9dce069f9596252d0589756e6aed084b965f409}]



# This section was automatically generated during setup.
elasticsearch.hosts: ['https://151.208.205.35:9200']
elasticsearch.username: kibana_system
elasticsearch.password: '*9Q5bROOZdx+=qVxhQ4_'
elasticsearch.ssl.certificateAuthorities: [/etc/kibana-8.3.0/data/ca_1662559573051.crt]
xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://151.208.205.35:9200'], ca_trusted_fingerprint: 2a5491ed0956b3cb1469579ab4b7c62606f8e9913a3d4ca70dc83cbb03489fa4}]
  1. kibana.log result
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:03.193-04:00","message":"Stopping all plugins.","log":{"level":"INFO","logger":"plugins-system.preboot"},"process":{"pid":4122}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:03.195-04:00","message":"Stopping all plugins.","log":{"level":"INFO","logger":"plugins-system.standard"},"process":{"pid":4122}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:03.198-04:00","message":"Monitoring stats collection is stopped","log":{"level":"INFO","logger":"plugins.monitoring.monitoring.kibana-monitoring"},"process":{"pid":4122}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:33.206-04:00","message":"\"eventLog\" plugin didn't stop in 30sec., move on to the next.","log":{"level":"WARN","logger":"plugins-system.standard"},"process":{"pid":4122}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:48.485-04:00","message":"Plugin \"cloudSecurityPosture\" is disabled.","log":{"level":"INFO","logger":"plugins-service"},"process":{"pid":4608},"trace":{"id":"98d977f34903e3210cf7bcccd48b42c1"},"transaction":{"id":"3beb76f2b35ae603"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:48.639-04:00","message":"http server running at http://151.208.205.36:5601","log":{"level":"INFO","logger":"http.server.Preboot"},"process":{"pid":4608},"trace":{"id":"98d977f34903e3210cf7bcccd48b42c1"},"transaction":{"id":"3beb76f2b35ae603"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:48.732-04:00","message":"Setting up [1] plugins: [interactiveSetup]","log":{"level":"INFO","logger":"plugins-system.preboot"},"process":{"pid":4608},"trace":{"id":"98d977f34903e3210cf7bcccd48b42c1"},"transaction":{"id":"3beb76f2b35ae603"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:48.816-04:00","message":"The default mechanism for Reporting privileges will work differently in future versions, which will affect the behavior of this cluster. Set \"xpack.reporting.roles.enabled\" to \"false\" to adopt the future behavior before upgrading.","log":{"level":"WARN","logger":"config.deprecation"},"process":{"pid":4608},"trace":{"id":"46f1acf823bb180b46b589435eb8e907"},"transaction":{"id":"0a7d2928ea2b24d9"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:49.118-04:00","message":"Setting up [118] plugins: [translations,monitoringCollection,licensing,globalSearch,globalSearchProviders,features,mapsEms,licenseApiGuard,usageCollection,taskManager,telemetryCollectionManager,telemetryCollectionXpack,share,embeddable,uiActionsEnhanced,screenshotMode,banners,newsfeed,fieldFormats,expressions,eventAnnotation,dataViews,charts,esUiShared,customIntegrations,home,searchprofiler,painlessLab,grokdebugger,management,advancedSettings,spaces,security,lists,encryptedSavedObjects,cloud,snapshotRestore,screenshotting,telemetry,licenseManagement,kibanaUsageCollection,eventLog,actions,console,bfetch,data,watcher,reporting,fileUpload,ingestPipelines,alerting,aiops,unifiedSearch,savedObjects,triggersActionsUi,transform,stackAlerts,ruleRegistry,graph,savedObjectsTagging,savedObjectsManagement,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,controls,dataViewFieldEditor,visualizations,canvas,visTypeXy,visTypeVislib,visTypeVega,visTypeTimeseries,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypeMetric,visTypeHeatmap,visTypeMarkdown,dashboard,dashboardEnhanced,expressionXY,expressionTagcloud,expressionPartitionVis,visTypePie,expressionMetricVis,expressionHeatmap,expressionGauge,visTypeGauge,sharedUX,discover,lens,maps,dataVisualizer,ml,cases,timelines,sessionView,observability,fleet,synthetics,osquery,securitySolution,infra,upgradeAssistant,monitoring,logstash,enterpriseSearch,apm,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,discoverEnhanced,dataViewManagement]","log":{"level":"INFO","logger":"plugins-system.standard"},"process":{"pid":4608},"trace":{"id":"46f1acf823bb180b46b589435eb8e907"},"transaction":{"id":"0a7d2928ea2b24d9"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:49.140-04:00","message":"TaskManager is identified by the Kibana UUID: 38fd3c98-a76c-49fb-b5b9-600d6e653885","log":{"level":"INFO","logger":"plugins.taskManager"},"process":{"pid":4608},"trace":{"id":"46f1acf823bb180b46b589435eb8e907"},"transaction":{"id":"0a7d2928ea2b24d9"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:49.226-04:00","message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.security.config"},"process":{"pid":4608},"trace":{"id":"46f1acf823bb180b46b589435eb8e907"},"transaction":{"id":"0a7d2928ea2b24d9"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:49.226-04:00","message":"Session cookies will be transmitted over insecure connections. This is not recommended.","log":{"level":"WARN","logger":"plugins.security.config"},"process":{"pid":4608},"trace":{"id":"46f1acf823bb180b46b589435eb8e907"},"transaction":{"id":"0a7d2928ea2b24d9"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:49.260-04:00","message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.security.config"},"process":{"pid":4608},"trace":{"id":"46f1acf823bb180b46b589435eb8e907"},"transaction":{"id":"0a7d2928ea2b24d9"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:49.260-04:00","message":"Session cookies will be transmitted over insecure connections. This is not recommended.","log":{"level":"WARN","logger":"plugins.security.config"},"process":{"pid":4608},"trace":{"id":"46f1acf823bb180b46b589435eb8e907"},"transaction":{"id":"0a7d2928ea2b24d9"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:49.270-04:00","message":"Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.encryptedSavedObjects"},"process":{"pid":4608},"trace":{"id":"46f1acf823bb180b46b589435eb8e907"},"transaction":{"id":"0a7d2928ea2b24d9"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:49.303-04:00","message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.actions"},"process":{"pid":4608},"trace":{"id":"46f1acf823bb180b46b589435eb8e907"},"transaction":{"id":"0a7d2928ea2b24d9"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:49.414-04:00","message":"Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.reporting.config"},"process":{"pid":4608},"trace":{"id":"46f1acf823bb180b46b589435eb8e907"},"transaction":{"id":"0a7d2928ea2b24d9"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:49.422-04:00","message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.alerting"},"process":{"pid":4608},"trace":{"id":"46f1acf823bb180b46b589435eb8e907"},"transaction":{"id":"0a7d2928ea2b24d9"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:49.447-04:00","message":"Installing common resources shared between all indices","log":{"level":"INFO","logger":"plugins.ruleRegistry"},"process":{"pid":4608},"trace":{"id":"46f1acf823bb180b46b589435eb8e907"},"transaction":{"id":"0a7d2928ea2b24d9"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:50.326-04:00","message":"Chromium sandbox provides an additional layer of protection, but is not supported for Linux Red Hat Linux 7.9 OS. Automatically setting 'xpack.screenshotting.browser.chromium.disableSandbox: true'.","log":{"level":"WARN","logger":"plugins.screenshotting.config"},"process":{"pid":4608},"trace":{"id":"46f1acf823bb180b46b589435eb8e907"},"transaction":{"id":"0a7d2928ea2b24d9"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:50.416-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. write EPROTO 139979930023872:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:\n","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":4608},"trace":{"id":"46f1acf823bb180b46b589435eb8e907"},"transaction":{"id":"0a7d2928ea2b24d9"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-11T11:04:51.023-04:00","message":"Browser executable: /etc/kibana-8.3.0/x-pack/plugins/screenshotting/chromium/headless_shell-linux_x64/headless_shell","log":{"level":"INFO","logger":"plugins.screenshotting.chromium"},"process":{"pid":4608},"trace":{"id":"46f1acf823bb180b46b589435eb8e907"},"transaction":{"id":"0a7d2928ea2b24d9"}}
  1. Curl elasticsearch server result
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","ApiKey"]}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","ApiKey"]}},"status":401}
[root@:/etc/kibana-8.3.0/logs]

Welcome to our community! :smiley:

Putting logs in /etc is not a great idea.

Does it work if you use the details you have configured in your kibana.yml?

1 Like

Hello @warkolm,

Thank you for your time responding to my query.

Putting logs in /etc is not a great idea.

Noted on this. What is the best practice for putting the logs? I've directed my Elasticsearch logs on /var/lib/elasticsearch/log. Should I the do the same?

Does it work if you use the details you have configured in your kibana.yml ?

I'm not sure if I got your question correctly. I've tried to access Kibana however, it is on perpetual "Kibana server not yet ready". Could you help understand this?

Ideally you would use the apt/rpm repos, or the deb/rpm packages if you cannot for some reason. This is because they will create the required directories based on your OS and it's accepted standards.

/var/log/ is usually where logs are stored on linux.

Run a curl -u kibana_system:hUgn0zosYU-a8gcVCyX3 151.208.205.35:9200 to test that your username and password work against Elasticsearch.

1 Like

Thanks for the prompt response, @warkolm.

I didn't knew the ideal installation would be rpm. I'm using Red Hat and I haven't considered it till now. This is good information for practicing accepted standards.

I've run and this is the output.

$ curl -u kibana_system:hUgn0zosYU-a8gcVCyX3 151.208.205.35:920
curl: (7) Failed connect to 151.208.205.35:920; Connection refused

You need to use post 9200, not 920.

1 Like

That was a mistake from my end.

Here's the new output:

$ curl -u kibana_system:hUgn0zosYU-a8gcVCyX3 151.208.205.35:9200
curl: (52) Empty reply from server

Try adding https:// to the start of the IP.

1 Like

Here's the output:

$ curl -u kibana_system:hUgn0zosYU-a8gcVCyX3 https://151.208.205.35:9200
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

Add -k or --insecure

curl -k -u kibana_system:hUgn0zosYU-a8gcVCyX3 https://151.208.205.35:9200

1 Like

Hi @Rios, thank you for your help.

Here's what it returns to:

$ curl -k -u kibana_system:hUgn0zosYU-a8gcVCyX3 https://151.208.205.35:9200
{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [kibana_system] for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}}],"type":"security_exception","reason":"unable to authenticate user [kibana_system] for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}},"status":401}

It seems, your pass is not ok. Test temporarily with elastic user.

If is working, can you reset pass for kibana_system and try again?
You can reset pass on Elasticsearch server:

bin/elasticsearch-reset-password -u kibana_system

You can add -i at the end to set own pass or just use autogenerated.

1 Like

Hi @Rios,

Resetting the password worked. It returned this output.

$ curl -k -u kibana_system:DwjmDAsxIY-1PqFp-c6m https://151.208.205.35:9200
{
  "name" : "node-1",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "6JkMWEnIR82BxmnsL8g6cQ",
  "version" : {
    "number" : "8.3.0",
    "build_type" : "tar",
    "build_hash" : "5b8b981647acdf1ba1d88751646b49d1b461b4cc",
    "build_date" : "2022-06-23T22:48:49.607492124Z",
    "build_snapshot" : false,
    "lucene_version" : "9.2.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}

I've restarted the service and here are the logs being returned by:
1.

journalctl -u kibana.service

Sep 12 09:54:22 adlg3647.na.pg.com systemd[1]: [/etc/systemd/system/kibana.service:3] Unknown lvalue 'StartLimitIntervalSec' in section 'Unit'
Sep 12 09:54:22 adlg3647.na.pg.com systemd[1]: [/etc/systemd/system/kibana.service:4] Unknown lvalue 'StartLimitBurst' in section 'Unit'
Sep 12 09:54:28 adlg3647.na.pg.com systemd[1]: Stopping Kibana...
Sep 12 09:54:58 adlg3647.na.pg.com kibana[30732]: FATAL  EmptyError: no elements in sequence
Sep 12 09:54:58 adlg3647.na.pg.com systemd[1]: kibana.service: main process exited, code=exited, status=1/FAILURE
Sep 12 09:54:58 adlg3647.na.pg.com systemd[1]: Stopped Kibana.
Sep 12 09:54:58 adlg3647.na.pg.com systemd[1]: Unit kibana.service entered failed state.
Sep 12 09:54:58 adlg3647.na.pg.com systemd[1]: kibana.service failed.
Sep 12 09:54:58 adlg3647.na.pg.com systemd[1]: Started Kibana.

kibana.log

{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:54:28.834-04:00","message":"Stopping all plugins.","log":{"level":"INFO","logger":"plugins-system.preboot"},"process":{"pid":30732}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:54:28.836-04:00","message":"Stopping all plugins.","log":{"level":"INFO","logger":"plugins-system.standard"},"process":{"pid":30732}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:54:28.837-04:00","message":"Monitoring stats collection is stopped","log":{"level":"INFO","logger":"plugins.monitoring.monitoring.kibana-monitoring"},"process":{"pid":30732}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:54:58.844-04:00","message":"\"eventLog\" plugin didn't stop in 30sec., move on to the next.","log":{"level":"WARN","logger":"plugins-system.standard"},"process":{"pid":30732}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:55:14.072-04:00","message":"Plugin \"cloudSecurityPosture\" is disabled.","log":{"level":"INFO","logger":"plugins-service"},"process":{"pid":7340},"trace":{"id":"d228003c5b43cfe1f4df177a5c7eda54"},"transaction":{"id":"a76453727deecd13"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:55:14.175-04:00","message":"http server running at http://151.208.205.36:5601","log":{"level":"INFO","logger":"http.server.Preboot"},"process":{"pid":7340},"trace":{"id":"d228003c5b43cfe1f4df177a5c7eda54"},"transaction":{"id":"a76453727deecd13"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:55:14.224-04:00","message":"Setting up [1] plugins: [interactiveSetup]","log":{"level":"INFO","logger":"plugins-system.preboot"},"process":{"pid":7340},"trace":{"id":"d228003c5b43cfe1f4df177a5c7eda54"},"transaction":{"id":"a76453727deecd13"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:55:14.271-04:00","message":"The default mechanism for Reporting privileges will work differently in future versions, which will affect the behavior of this cluster. Set \"xpack.reporting.roles.enabled\" to \"false\" to adopt the future behavior before upgrading.","log":{"level":"WARN","logger":"config.deprecation"},"process":{"pid":7340},"trace":{"id":"136f1598cbc2f91d63308321031bbf5c"},"transaction":{"id":"365cb995d40884f0"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:55:14.570-04:00","message":"Setting up [118] plugins: [translations,monitoringCollection,licensing,globalSearch,globalSearchProviders,features,mapsEms,licenseApiGuard,usageCollection,taskManager,telemetryCollectionManager,telemetryCollectionXpack,share,embeddable,uiActionsEnhanced,screenshotMode,banners,newsfeed,fieldFormats,expressions,eventAnnotation,dataViews,charts,esUiShared,customIntegrations,home,searchprofiler,painlessLab,grokdebugger,management,advancedSettings,spaces,security,lists,encryptedSavedObjects,cloud,snapshotRestore,screenshotting,telemetry,licenseManagement,kibanaUsageCollection,eventLog,actions,console,bfetch,data,watcher,reporting,fileUpload,ingestPipelines,alerting,aiops,unifiedSearch,savedObjects,triggersActionsUi,transform,stackAlerts,ruleRegistry,graph,savedObjectsTagging,savedObjectsManagement,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,controls,dataViewFieldEditor,visualizations,canvas,visTypeXy,visTypeVislib,visTypeVega,visTypeTimeseries,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypeMetric,visTypeHeatmap,visTypeMarkdown,dashboard,dashboardEnhanced,expressionXY,expressionTagcloud,expressionPartitionVis,visTypePie,expressionMetricVis,expressionHeatmap,expressionGauge,visTypeGauge,sharedUX,discover,lens,maps,dataVisualizer,ml,cases,timelines,sessionView,observability,fleet,synthetics,osquery,securitySolution,infra,upgradeAssistant,monitoring,logstash,enterpriseSearch,apm,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,discoverEnhanced,dataViewManagement]","log":{"level":"INFO","logger":"plugins-system.standard"},"process":{"pid":7340},"trace":{"id":"136f1598cbc2f91d63308321031bbf5c"},"transaction":{"id":"365cb995d40884f0"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:55:14.594-04:00","message":"TaskManager is identified by the Kibana UUID: 38fd3c98-a76c-49fb-b5b9-600d6e653885","log":{"level":"INFO","logger":"plugins.taskManager"},"process":{"pid":7340},"trace":{"id":"136f1598cbc2f91d63308321031bbf5c"},"transaction":{"id":"365cb995d40884f0"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:55:14.685-04:00","message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.security.config"},"process":{"pid":7340},"trace":{"id":"136f1598cbc2f91d63308321031bbf5c"},"transaction":{"id":"365cb995d40884f0"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:55:14.685-04:00","message":"Session cookies will be transmitted over insecure connections. This is not recommended.","log":{"level":"WARN","logger":"plugins.security.config"},"process":{"pid":7340},"trace":{"id":"136f1598cbc2f91d63308321031bbf5c"},"transaction":{"id":"365cb995d40884f0"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:55:14.717-04:00","message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.security.config"},"process":{"pid":7340},"trace":{"id":"136f1598cbc2f91d63308321031bbf5c"},"transaction":{"id":"365cb995d40884f0"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:55:14.718-04:00","message":"Session cookies will be transmitted over insecure connections. This is not recommended.","log":{"level":"WARN","logger":"plugins.security.config"},"process":{"pid":7340},"trace":{"id":"136f1598cbc2f91d63308321031bbf5c"},"transaction":{"id":"365cb995d40884f0"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:55:14.731-04:00","message":"Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.encryptedSavedObjects"},"process":{"pid":7340},"trace":{"id":"136f1598cbc2f91d63308321031bbf5c"},"transaction":{"id":"365cb995d40884f0"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:55:14.768-04:00","message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.actions"},"process":{"pid":7340},"trace":{"id":"136f1598cbc2f91d63308321031bbf5c"},"transaction":{"id":"365cb995d40884f0"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:55:14.892-04:00","message":"Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.reporting.config"},"process":{"pid":7340},"trace":{"id":"136f1598cbc2f91d63308321031bbf5c"},"transaction":{"id":"365cb995d40884f0"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:55:14.900-04:00","message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.alerting"},"process":{"pid":7340},"trace":{"id":"136f1598cbc2f91d63308321031bbf5c"},"transaction":{"id":"365cb995d40884f0"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:55:14.925-04:00","message":"Installing common resources shared between all indices","log":{"level":"INFO","logger":"plugins.ruleRegistry"},"process":{"pid":7340},"trace":{"id":"136f1598cbc2f91d63308321031bbf5c"},"transaction":{"id":"365cb995d40884f0"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:55:15.712-04:00","message":"Chromium sandbox provides an additional layer of protection, but is not supported for Linux Red Hat Linux 7.9 OS. Automatically setting 'xpack.screenshotting.browser.chromium.disableSandbox: true'.","log":{"level":"WARN","logger":"plugins.screenshotting.config"},"process":{"pid":7340},"trace":{"id":"136f1598cbc2f91d63308321031bbf5c"},"transaction":{"id":"365cb995d40884f0"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:55:15.774-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. connect ECONNREFUSED 127.0.0.1:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":7340},"trace":{"id":"136f1598cbc2f91d63308321031bbf5c"},"transaction":{"id":"365cb995d40884f0"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T09:55:16.419-04:00","message":"Browser executable: /etc/kibana-8.3.0/x-pack/plugins/screenshotting/chromium/headless_shell-linux_x64/headless_shell","log":{"level":"INFO","logger":"plugins.screenshotting.chromium"},"process":{"pid":7340},"trace":{"id":"136f1598cbc2f91d63308321031bbf5c"},"transaction":{"id":"365cb995d40884f0"}}

The most likely you haven't set 127.0.0.1 in network.host (elasticsearch.yml).

network.host: [ "existingIP, "127.0.0.1" ]

or simply set

network.host: 0.0.0.0

3rd option, there are special values:

network.host: [ site , local , global ]

  • local : Any loopback addresses
  • site : Any local (internal) addresses
  • global: Any external IP

Hi @Rios,

I've set my network.host (elasticsearch.yml) to:

network.host: [ "151.208.205.35, "127.0.0.1" ]

This is the what kibana.log returns:

{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:54:22.226-04:00","message":"Stopping all plugins.","log":{"level":"INFO","logger":"plugins-system.preboot"},"process":{"pid":7340}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:54:22.228-04:00","message":"Stopping all plugins.","log":{"level":"INFO","logger":"plugins-system.standard"},"process":{"pid":7340}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:54:22.229-04:00","message":"Monitoring stats collection is stopped","log":{"level":"INFO","logger":"plugins.monitoring.monitoring.kibana-monitoring"},"process":{"pid":7340}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:54:52.237-04:00","message":"\"eventLog\" plugin didn't stop in 30sec., move on to the next.","log":{"level":"WARN","logger":"plugins-system.standard"},"process":{"pid":7340}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:08.093-04:00","message":"Plugin \"cloudSecurityPosture\" is disabled.","log":{"level":"INFO","logger":"plugins-service"},"process":{"pid":8095},"trace":{"id":"9f60983a4dcfc07cf96b5bddd3e4466b"},"transaction":{"id":"2e8cd1ecaa7a3709"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:08.216-04:00","message":"http server running at http://151.208.205.36:5601","log":{"level":"INFO","logger":"http.server.Preboot"},"process":{"pid":8095},"trace":{"id":"9f60983a4dcfc07cf96b5bddd3e4466b"},"transaction":{"id":"2e8cd1ecaa7a3709"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:08.273-04:00","message":"Setting up [1] plugins: [interactiveSetup]","log":{"level":"INFO","logger":"plugins-system.preboot"},"process":{"pid":8095},"trace":{"id":"9f60983a4dcfc07cf96b5bddd3e4466b"},"transaction":{"id":"2e8cd1ecaa7a3709"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:08.325-04:00","message":"The default mechanism for Reporting privileges will work differently in future versions, which will affect the behavior of this cluster. Set \"xpack.reporting.roles.enabled\" to \"false\" to adopt the future behavior before upgrading.","log":{"level":"WARN","logger":"config.deprecation"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:08.591-04:00","message":"Setting up [118] plugins: [translations,monitoringCollection,licensing,globalSearch,globalSearchProviders,features,mapsEms,licenseApiGuard,usageCollection,taskManager,telemetryCollectionManager,telemetryCollectionXpack,share,embeddable,uiActionsEnhanced,screenshotMode,banners,newsfeed,fieldFormats,expressions,eventAnnotation,dataViews,charts,esUiShared,customIntegrations,home,searchprofiler,painlessLab,grokdebugger,management,advancedSettings,spaces,security,lists,encryptedSavedObjects,cloud,snapshotRestore,screenshotting,telemetry,licenseManagement,kibanaUsageCollection,eventLog,actions,console,bfetch,data,watcher,reporting,fileUpload,ingestPipelines,alerting,aiops,unifiedSearch,savedObjects,triggersActionsUi,transform,stackAlerts,ruleRegistry,graph,savedObjectsTagging,savedObjectsManagement,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,controls,dataViewFieldEditor,visualizations,canvas,visTypeXy,visTypeVislib,visTypeVega,visTypeTimeseries,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypeMetric,visTypeHeatmap,visTypeMarkdown,dashboard,dashboardEnhanced,expressionXY,expressionTagcloud,expressionPartitionVis,visTypePie,expressionMetricVis,expressionHeatmap,expressionGauge,visTypeGauge,sharedUX,discover,lens,maps,dataVisualizer,ml,cases,timelines,sessionView,observability,fleet,synthetics,osquery,securitySolution,infra,upgradeAssistant,monitoring,logstash,enterpriseSearch,apm,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,discoverEnhanced,dataViewManagement]","log":{"level":"INFO","logger":"plugins-system.standard"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:08.611-04:00","message":"TaskManager is identified by the Kibana UUID: 38fd3c98-a76c-49fb-b5b9-600d6e653885","log":{"level":"INFO","logger":"plugins.taskManager"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:08.694-04:00","message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.security.config"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:08.694-04:00","message":"Session cookies will be transmitted over insecure connections. This is not recommended.","log":{"level":"WARN","logger":"plugins.security.config"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:08.725-04:00","message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.security.config"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:08.725-04:00","message":"Session cookies will be transmitted over insecure connections. This is not recommended.","log":{"level":"WARN","logger":"plugins.security.config"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:08.734-04:00","message":"Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.encryptedSavedObjects"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:08.764-04:00","message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.actions"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:08.878-04:00","message":"Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.reporting.config"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:08.885-04:00","message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.alerting"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:08.908-04:00","message":"Installing common resources shared between all indices","log":{"level":"INFO","logger":"plugins.ruleRegistry"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:09.694-04:00","message":"Chromium sandbox provides an additional layer of protection, but is not supported for Linux Red Hat Linux 7.9 OS. Automatically setting 'xpack.screenshotting.browser.chromium.disableSandbox: true'.","log":{"level":"WARN","logger":"plugins.screenshotting.config"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:09.761-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:51647, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:10.404-04:00","message":"Browser executable: /etc/kibana-8.3.0/x-pack/plugins/screenshotting/chromium/headless_shell-linux_x64/headless_shell","log":{"level":"INFO","logger":"plugins.screenshotting.chromium"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:12.246-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:51671, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:14.743-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:51697, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:17.243-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:51735, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:19.743-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:51759, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:22.243-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:51791, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:24.744-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:51815, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:27.243-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:51847, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:29.743-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:51871, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:32.245-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:51903, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:34.743-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:51927, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:37.242-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:51959, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:39.743-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:51983, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:42.243-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52015, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:44.741-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52039, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:47.242-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52071, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:49.742-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52095, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:52.244-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52127, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:54.743-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52151, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:57.242-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52183, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:55:59.741-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52207, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:02.243-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52233, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:04.742-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52263, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:07.243-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52287, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:09.744-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52319, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:12.245-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52343, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:14.745-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52377, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:17.245-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52405, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:19.743-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52465, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:22.248-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52489, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:24.746-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52521, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:27.245-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52545, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:29.745-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52577, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:32.245-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52601, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:34.745-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52633, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:37.246-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52657, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:39.746-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52689, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:42.247-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52713, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:44.747-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52745, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:47.247-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52769, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:49.747-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52801, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:52.246-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52825, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:54.748-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52857, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:57.249-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52881, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:56:59.748-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52913, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:57:02.249-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52937, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:57:04.748-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52969, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:57:07.248-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:52993, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:57:09.748-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:53017, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:57:12.248-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:53049, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:57:14.748-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:53075, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:57:17.249-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:53111, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:57:19.748-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:53151, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:57:22.249-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:53183, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:57:24.749-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:53207, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:57:27.249-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:53239, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:57:29.749-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:53263, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:57:32.251-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:53295, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-09-12T21:57:34.751-04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 151.208.205.36:53319, Remote: 151.208.205.35:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":8095},"trace":{"id":"20d292b2de7a8231f91bf474c72722be"},"transaction":{"id":"c91d2529c372a4f8"}}

Have you set https communication in kibana.yml?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.