Kibana Unable to retrieve version information from Elasticsearch nodes. socket hang up

Dear Team,

kindly advise why error occurs when starting Kibana?

da46c1"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-04-28T18:37:07.516+04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 10.242.1.117:55900, Remote: 10.242.1.117:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":725},"trace":{"id":"5cf278f8304fc40f9e6804aadd2c09b0"},"transaction":{"id":"2fd52efe15da46c1"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-04-28T18:37:10.009+04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 10.242.1.117:55908, Remote: 10.242.1.117:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":725},"trace":{"id":"5cf278f8304fc40f9e6804aadd2c09b0"},"transaction":{"id":"2fd52efe15da46c1"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-04-28T18:37:12.593+04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 10.242.1.117:55916, Remote: 10.242.1.117:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":725},"trace":{"id":"5cf278f8304fc40f9e6804aadd2c09b0"},"transaction":{"id":"2fd52efe15da46c1"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-04-28T18:37:15.039+04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 10.242.1.117:55924, Remote: 10.242.1.117:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":725},"trace":{"id":"5cf278f8304fc40f9e6804aadd2c09b0"},"transaction":{"id":"2fd52efe15da46c1"}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-04-28T18:37:17.589+04:00","message":"Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 10.242.1.117:55932, Remote: 10.242.1.117:9200","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":725},"trace":{"id":"5cf278f8304fc40f9e6804aadd2c09b0"},"transaction":{"id":"2fd52efe15da46c1"}}

When accessing ES on browser I am being prompted for username and password.

version 8.0

Kindly advise.

Roshan

Can you access Elasticsearch yourself?

Yes
[elastic@rb-in-prod-esearch-01 Elasticsearch]$ curl -u elastic:JXk68mXZ6*XZOyeZ -k https://10.242.1.119:9200/
{
"name" : "rb-in-prod-esearch-02",
"cluster_name" : "elasticmt",
"cluster_uuid" : "J3NV6OU_SR-FrlMEIxdn9g",
"version" : {
"number" : "8.1.3",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "39afaa3c0fe7db4869a161985e240bd7182d7a07",
"build_date" : "2022-04-19T08:13:25.444693396Z",
"build_snapshot" : false,
"lucene_version" : "9.0.0",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}

image

This is where you queried Elasticsearch directly.

This is what you have configured in Kibana. They do not match?

Elasticsearch is installed on 3 nodes. Kibana is installed on the master node of ES. For 1 node I am able to access.

image

Elasticsearch.hosts: ["https://10.242.1.117:9200","https://10.242.1.118:9200","https://10.242.1.119:9200"]

Can you curl Elasticsearch from the Kibana host?

Yes I can curl.
image

Please find below Kibana yml entry:

server.publicBaseUrl: "https://10.242.1.117:5601"

The maximum payload size in bytes for incoming server requests.

server.maxPayload: 1048576

The Kibana server's name. This is used for display purposes.

server.name: "your-hostname"

=================== System: Kibana Server (Optional) ===================

Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.

These settings enable SSL for outgoing requests from the Kibana server to the browser.

server.ssl.enabled: false
server.ssl.certificate: /path/to/your/server.crt
server.ssl.key: /path/to/your/server.key

=================== System: Elasticsearch ===================

The URLs of the Elasticsearch instances to use for all your queries.

elasticsearch.hosts: ["http://localhost:9200"]
elasticsearch.hosts: [ "https://10.242.1.117:9200","https://10.242.1.118:9200","https://10.242.1.119:9200"]

If your Elasticsearch is protected with basic authentication, these settings provide

the username and password that the Kibana server uses to perform maintenance on the Kibana

index at startup. Your Kibana users still need to authenticate with Elasticsearch, which

is proxied through the Kibana server.

elasticsearch.username: "kibana_system"
elasticsearch.password: "pass"
elasticsearch.username: "elastic"
elasticsearch.password: "JXk6ma=T8mXZ6*XZOyeZ"

Kibana can also authenticate to Elasticsearch via "service account tokens".

Service account tokens are Bearer style tokens that replace the traditional username/password based configuration.

Use this token instead of a username/password.

elasticsearch.serviceAccountToken: "eyJ2ZXIiOiI4LjEuMyIsImFkciI6WyIxMC4yNDIuMS4xMTc6OTIwMCJdLCJmZ3IiOiJlMTFmNmI2MTNmYmQwZGUwODIzYmZlZWYwYTk1ZmFlMjg4YWQwM2UzNzAzNTk3ODU3ODk5NGE4NWNkODQ3ZjNlIiwia2V5IjoiSnJfN2c0QUJZR1pPd21xUHJWNGg6b25UM25WVjBSS2E4MF9rdEd6dThUdyJ9"

Kindly advise if entries correct?

[elastic@rb-in-prod-kibana-01 kibana]$ curl -X GET "https://10.242.1.117:9200/_cat/health?v=true&pretty"
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: curl - SSL CA Certificates

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.