But when I restart the three services- Elastic, logstash, kibana I have these as last looping logs. So what am I doing wrong?
[2020-01-23T19:38:47,264][INFO ][o.e.c.r.a.AllocationService] [mehak-VirtualBox] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[mehak][0]]]).
[2020-01-23T19:41:14,547][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://localhost:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://localhost:9200/'"}
log [03:41:18.861] [warning][license][xpack] License information from the X-Pack plugin could not be obtained from Elasticsearch for the [data] cluster. [security_exception] missing authentication credentials for REST request [/_xpack], with { header={ WWW-Authenticate="Basic realm=\"security\" charset=\"UTF-8\"" } } :: {"path":"/_xpack","statusCode":401,"response":"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/_xpack]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/_xpack]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}},\"status\":401}","wwwAuthenticateDirective":"Basic realm=\"security\" charset=\"UTF-8\""}
The first message is simply because you have a single ES node and your index mehak is most likely setup with a replica and there are no other nodes to host them.
The 401 status indicates that the connections from Logstash and Kibana are unauthorized. Since you have enabled security, you will need to passwords for the different usernames with the elasticsearch-setup-passwordscommand. You can specify your own passwords using interactive option or let it choose for you via the auto option (please take note of them if you use the auto option). Once this is done, you can configure Logstash and Kibana with the appropriate auth information and they should be able to connect.
Do I have to fix this replica index node to go through with setting roles in Kibana?
So while elastic, logstash, kibana are closed, I change the elasticsearch.yml file, and then I should just do the password setups and then start Elasticsearch, logstash, kibana? Or should I keep it running in background?
Basically to I keep the three running during setting password users or stop them until I set them?
Do I have to fix this replica index node to go through with setting roles in Kibana?
If you only plan on using a single node, you could simply set the number of replicas to 0 to avoid ES continuing to log message like that and allow the cluster to report a 'GREEN' status.
So while elastic, logstash, kibana are closed, I change the elasticsearch.yml file, and then I should just do the password setups and then start Elasticsearch, logstash, kibana? Or should I keep it running in background?
Basically to I keep the three running during setting password users or stop them until I set them?
You will need to have ES running when you run the elasticsearch-setup-passwords command so that it can store the passwords. You will then need to set the username/password in Logstash for the elasticsearch output configuration in your pipeline and for Kibana in the kibana.yml file. These 2 will have to be (re)started to pick up the new auth information.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.