Unable to Access Kibana UI Dashboard Getting Below Error, Getting Please upgrade browser in Google Chrome/Edge/Firefox
Kibana - 8.3.3
Elasticsearch - 8.3.3
No Domain Mapped Trying to Access using kibana-ip:5601
Hi @Money welcome to the community.
How did you install Kibana and Elastic?
Are you sure elastic is running this error is Usually when Kibana can not Communicate with Elasticsearch
From the server your kibana is running on ... or from this desktop
Run
curl -v -k -u elastic https://<elasticip>:9200
Hi @stephenb,
Thanks for your promptness
I am Running Kibana and Elasticsearch in Centos 8 Stream Linux Server
As Mentioned Below is the Screenshot of the curl command, Please check once
Please don't post pictures of text...also.please show the exact command that was run.
Is Elasticsearch configured with security/ SSL
You can see the connection / SSL failed...
Seems like perhaps the server has old SSL./ TLS ...
Hi @stephenb,
Thanks for your Time, sorry security was disabled by me at the time of troubleshooting, I have enabled security after your Reply below is the text output from curl command
[root@ELK ~]# curl -v -k -u elastic https://172.27.100.230:9200
Enter host password for user 'elastic':
* Rebuilt URL to: https://172.27.100.230:9200/
* Trying 172.27.100.230...
* TCP_NODELAY set
* Connected to 172.27.100.230 (172.27.100.230) port 9200 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=ELK
* start date: Dec 9 17:25:32 2023 GMT
* expire date: Dec 8 17:25:32 2025 GMT
* issuer: CN=Elasticsearch security auto-configuration HTTP CA
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
* Server auth using Basic with user 'elastic'
* TLSv1.3 (OUT), TLS app data, [no content] (0):
> GET / HTTP/1.1
> Host: 172.27.100.230:9200
> Authorization: Basic ZWxhc3RpYzplbGFzdGlj
> User-Agent: curl/7.61.1
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS app data, [no content] (0):
< HTTP/1.1 200 OK
< X-elastic-product: Elasticsearch
< content-type: application/json
< content-length: 528
<
{
"name" : "node1",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "Hj4xPelUSMGQgGBMHvxy1A",
"version" : {
"number" : "8.3.3",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "801fed82df74dbe537f89b71b098ccaff88d2c56",
"build_date" : "2022-07-23T19:30:09.227964828Z",
"build_snapshot" : false,
"lucene_version" : "9.2.0",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
* Connection #0 to host 172.27.100.230 left intact
I am Unable to Access the Kibana Dashboard from Any Browser because of CSP Error
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
Thanks.
Yeah I don't think that browser error is the issue.
The Kibana Server Not Ready Yet error Is generally the Kibana server cannot connect to elasticsearch server.
You are going need to look at the Kibana Logs and perhaps share you Kibana.yml
Hi @stephenb,
Please find below
# For more configuration options see the configuration guide for Kibana in
# https://www.elastic.co/guide/index.html
# =================== System: Kibana Server ===================
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601
# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "172.27.100.230"
# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""
# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# Defaults to `false`.
#server.rewriteBasePath: false
# Specifies the public URL at which Kibana is available for end users. If
# `server.basePath` is configured this URL should end with the same basePath.
server.publicBaseUrl: "http://172.27.100.230:5601"
# The maximum payload size in bytes for incoming server requests.
#server.maxPayload: 1048576
# The Kibana server's name. This is used for display purposes.
#server.name: "your-hostname"
# =================== System: Kibana Server (Optional) ===================
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key
# =================== System: Elasticsearch ===================
# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["https://172.27.100.230:9200"]
# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "kibana_system"
elasticsearch.password: "DFGyvb456txcV"
# Kibana can also authenticate to Elasticsearch via "service account tokens".
# Service account tokens are Bearer style tokens that replace the traditional username/password based configuration.
# Use this token instead of a username/password.
# elasticsearch.serviceAccountToken: "my_token"
# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500
# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000
# The maximum number of sockets that can be used for communications with elasticsearch.
# Defaults to `Infinity`.
#elasticsearch.maxSockets: 1024
# Specifies whether Kibana should use compression for communications with elasticsearch
# Defaults to `false`.
#elasticsearch.compression: false
# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]
# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}
# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000
# =================== System: Elasticsearch (Optional) ===================
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key
# Enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/certs/http_ca.crt" ]
# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full
# =================== System: Logging ===================
# Set the value of this setting to off to suppress all logging output, or to debug to log everything. Defaults to 'info'
#logging.root.level: debug
# Enables you to specify a file where Kibana stores log output.
logging:
appenders:
file:
type: file
fileName: /var/log/kibana/kibana.log
layout:
type: json
root:
appenders:
- default
- file
# layout:
# type: json
# Logs queries sent to Elasticsearch.
#logging.loggers:
# - name: elasticsearch.query
# level: debug
# Logs http responses.
#logging.loggers:
# - name: http.server.response
# level: debug
# Logs system usage information.
#logging.loggers:
# - name: metrics.ops
# level: debug
# =================== System: Other ===================
# The path where Kibana stores persistent data not saved in Elasticsearch. Defaults to data
#path.data: data
# Specifies the path where Kibana creates the process ID file.
pid.file: /run/kibana/kibana.pid
# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000ms.
#ops.interval: 5000
# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English (default) "en", Chinese "zh-CN", Japanese "ja-JP", French "fr-FR".
#i18n.locale: "en"
# =================== Frequently used (Optional)===================
# =================== Saved Objects: Migrations ===================
# Saved object migrations run at startup. If you run into migration-related issues, you might need to adjust these settings.
# The number of documents migrated at a time.
# If Kibana can't start up or upgrade due to an Elasticsearch `circuit_breaking_exception`,
# use a smaller batchSize value to reduce the memory pressure. Defaults to 1000 objects per batch.
#migrations.batchSize: 1000
# The maximum payload size for indexing batches of upgraded saved objects.
# To avoid migrations failing due to a 413 Request Entity Too Large response from Elasticsearch.
# This value should be lower than or equal to your Elasticsearch cluster’s `http.max_content_length`
# configuration option. Default: 100mb
#migrations.maxBatchSizeBytes: 100mb
# The number of times to retry temporary migration failures. Increase the setting
# if migrations fail frequently with a message such as `Unable to complete the [...] step after
# 15 attempts, terminating`. Defaults to 15
#migrations.retryAttempts: 15
# =================== Search Autocomplete ===================
# Time in milliseconds to wait for autocomplete suggestions from Elasticsearch.
# This value must be a whole number greater than zero. Defaults to 1000ms
#unifiedSearch.autocomplete.valueSuggestions.timeout: 1000
# Maximum number of documents loaded by each shard to generate autocomplete suggestions.
# This value must be a whole number greater than zero. Defaults to 100_000
#unifiedSearch.autocomplete.valueSuggestions.terminateAfter: 100000
Please check the output of /var/log/kibana/kibana.log below once
{"ecs":{"version":"8.0.0"},"@timestamp":"2023-12-10T02:36:00.345-05:00","message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.actions"},"process":{"pid":3808},"trace":{"id":"5e6b7d815b96de47722d2924f8790609"},"transaction":{"id":"7a33958c9cc653bb"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2023-12-10T02:36:00.451-05:00","message":"Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.reporting.config"},"process":{"pid":3808},"trace":{"id":"5e6b7d815b96de47722d2924f8790609"},"transaction":{"id":"7a33958c9cc653bb"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2023-12-10T02:36:00.457-05:00","message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.alerting"},"process":{"pid":3808},"trace":{"id":"5e6b7d815b96de47722d2924f8790609"},"transaction":{"id":"7a33958c9cc653bb"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2023-12-10T02:36:00.495-05:00","message":"Installing common resources shared between all indices","log":{"level":"INFO","logger":"plugins.ruleRegistry"},"process":{"pid":3808},"trace":{"id":"5e6b7d815b96de47722d2924f8790609"},"transaction":{"id":"7a33958c9cc653bb"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2023-12-10T02:36:01.183-05:00","message":"Chromium sandbox provides an additional layer of protection, but is not supported for Linux CentOS 8 OS. Automatically setting 'xpack.screenshotting.browser.chromium.disableSandbox: true'.","log":{"level":"WARN","logger":"plugins.screenshotting.config"},"process":{"pid":3808},"trace":{"id":"5e6b7d815b96de47722d2924f8790609"},"transaction":{"id":"7a33958c9cc653bb"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2023-12-10T02:36:01.648-05:00","message":"Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations...","log":{"level":"INFO","logger":"savedobjects-service"},"process":{"pid":3808},"trace":{"id":"85551baec09a408cff733c0a952eece7"},"transaction":{"id":"f7b05131b2d6e898"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2023-12-10T02:36:01.651-05:00","message":"Starting saved objects migrations","log":{"level":"INFO","logger":"savedobjects-service"},"process":{"pid":3808},"trace":{"id":"85551baec09a408cff733c0a952eece7"},"transaction":{"id":"f7b05131b2d6e898"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2023-12-10T02:36:01.693-05:00","message":"[.kibana] INIT -> CREATE_NEW_TARGET. took: 29ms.","log":{"level":"INFO","logger":"savedobjects-service"},"process":{"pid":3808},"trace":{"id":"85551baec09a408cff733c0a952eece7"},"transaction":{"id":"f7b05131b2d6e898"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2023-12-10T02:36:01.698-05:00","message":"[.kibana_task_manager] INIT -> CREATE_NEW_TARGET. took: 33ms.","log":{"level":"INFO","logger":"savedobjects-service"},"process":{"pid":3808},"trace":{"id":"85551baec09a408cff733c0a952eece7"},"transaction":{"id":"f7b05131b2d6e898"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2023-12-10T02:36:02.198-05:00","message":"Browser executable: /usr/share/kibana/x-pack/plugins/screenshotting/chromium/headless_shell-linux_x64/headless_shell","log":{"level":"INFO","logger":"plugins.screenshotting.chromium"},"process":{"pid":3808},"trace":{"id":"5e6b7d815b96de47722d2924f8790609"},"transaction":{"id":"7a33958c9cc653bb"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2023-12-10T02:38:01.780-05:00","message":"[.kibana_task_manager] Action failed with 'Request timed out'. Retrying attempt 1 in 2 seconds.","log":{"level":"ERROR","logger":"savedobjects-service"},"process":{"pid":3808},"trace":{"id":"85551baec09a408cff733c0a952eece7"},"transaction":{"id":"f7b05131b2d6e898"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2023-12-10T02:38:01.782-05:00","message":"[.kibana_task_manager] CREATE_NEW_TARGET -> CREATE_NEW_TARGET. took: 120082ms.","log":{"level":"INFO","logger":"savedobjects-service"},"process":{"pid":3808},"trace":{"id":"85551baec09a408cff733c0a952eece7"},"transaction":{"id":"f7b05131b2d6e898"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2023-12-10T02:38:01.802-05:00","message":"[.kibana] Action failed with 'Request timed out'. Retrying attempt 1 in 2 seconds.","log":{"level":"ERROR","logger":"savedobjects-service"},"process":{"pid":3808},"trace":{"id":"85551baec09a408cff733c0a952eece7"},"transaction":{"id":"f7b05131b2d6e898"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2023-12-10T02:38:01.803-05:00","message":"[.kibana] CREATE_NEW_TARGET -> CREATE_NEW_TARGET. took: 120110ms.","log":{"level":"INFO","logger":"savedobjects-service"},"process":{"pid":3808},"trace":{"id":"85551baec09a408cff733c0a952eece7"},"transaction":{"id":"f7b05131b2d6e898"}}
You should definitely set saved Objects encryption key but that should not stop Kibana..
Perhaps look at the Kibana logs when you reload Kibana in the Browser.
You can see that resulted in a 503
Of course your picture on top shows http not https. So did you restart Kibana after you fix the settings??
I would tail the logs from the time you start Kibana and look for errors
You can also try setting this to none to test and debug
Hi @stephenb,
Yes, I am trying for HTTP only getting a service unavailable error from the Browser Inpect/Network/Headers I found this.
Request URL:
http://172.27.100.230:5601/internal/interactive_setup/status
Request Method:
GET
Status Code:
503 Service Unavailable
Remote Address:
172.27.100.230:5601
Referrer Policy:
strict-origin-when-cross-origin
Hi @stephenb,
I have Added in Kibana.yml seems like i am Getting request timedout in kibana.log from earlier also
{"ecs":{"version":"8.0.0"},"@timestamp":"2023-12-10T03:14:20.660-05:00","message":"[.kibana_task_manager] CREATE_NEW_TARGET -> CREATE_NEW_TARGET. took: 120030ms.","log":{"level":"INFO","logger":"savedobjects-service"},"process":{"pid":3859},"trace":{"id":"969967785cf846aa4cf210f8db61cc36"},"transaction":{"id":"1a4cdf941375fd89"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2023-12-10T03:14:20.673-05:00","message":"[.kibana] Action failed with 'Request timed out'. Retrying attempt 1 in 2 seconds.","log":{"level":"ERROR","logger":"savedobjects-service"},"process":{"pid":3859},"trace":{"id":"969967785cf846aa4cf210f8db61cc36"},"transaction":{"id":"1a4cdf941375fd89"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2023-12-10T03:14:20.674-05:00","message":"[.kibana] CREATE_NEW_TARGET -> CREATE_NEW_TARGET. took: 120041ms.","log":{"level":"INFO","logger":"savedobjects-service"},"process":{"pid":3859},"trace":{"id":"969967785cf846aa4cf210f8db61cc36"},"transaction":{"id":"1a4cdf941375fd89"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2023-12-10T03:16:22.687-05:00","message":"[.kibana_task_manager] Action failed with 'Request timed out'. Retrying attempt 2 in 4 seconds.","log":{"level":"ERROR","logger":"savedobjects-service"},"process":{"pid":3859},"trace":{"id":"969967785cf846aa4cf210f8db61cc36"},"transaction":{"id":"1a4cdf941375fd89"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2023-12-10T03:16:22.688-05:00","message":"[.kibana_task_manager] CREATE_NEW_TARGET -> CREATE_NEW_TARGET. took: 122029ms.","log":{"level":"INFO","logger":"savedobjects-service"},"process":{"pid":3859},"trace":{"id":"969967785cf846aa4cf210f8db61cc36"},"transaction":{"id":"1a4cdf941375fd89"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2023-12-10T03:16:22.731-05:00","message":"[.kibana] **Action failed with 'Request timed out'. Retrying attempt 2 in 4 seconds."**,"log":{"level":"ERROR","logger":"savedobjects-service"},"process":{"pid":3859},"trace":{"id":"969967785cf846aa4cf210f8db61cc36"},"transaction":{"id":"1a4cdf941375fd89"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2023-12-10T03:16:22.732-05:00","message":"[.kibana] CREATE_NEW_TARGET -> CREATE_NEW_TARGET. took: 122058ms.","log":{"level":"INFO","logger":"savedobjects-service"},"process":{"pid":3859},"trace":{"id":"969967785cf846aa4cf210f8db61cc36"},"transaction":{"id":"1a4cdf941375fd89"}}
Thanks,
Hello @stephenb,
Thanks for your time, I have Resolved the issue by changing Elasticsearch IPV4 Address to localhost in the kibana.yml file, and working fine now.
Thanks & Regards.
1 Like