logAlias does not appear to be taking effect in 7.6

Elastic Stack Kibana
1

Hi

I am attempting to configure the (default) logging indices in Kibana 7.6. Im aware you can specify it via the UI (and that appears to work), however configuring it via kibana.yml does not appear to be taking effect. According to https://www.elastic.co/guide/en/kibana/current/xpack-logs-configuring.html, this should still be supported.

In order to test this I am wiping all ELK related data (Currently using a single docker volume, and just removing that volume each time), so that default values should be active. I am importing indices via a ndjson file (This works fine), and setting the below value in kibana.yml:

xpack.infra.sources.default.logAlias: "logs-*"

When I navigate to the Logging tab, I am still being met with "Looks like you don't have any logging indices." When I click "Change source configuration", the Log indices specify "filebeat-*,kibana_sample_data_logs*". If i was to change it to "logs-*" and click apply, everything works. However this suggests that "xpack.infra.sources.default.logAlias" is not taken effect. I have also tried disabling the logging tab with "xpack.infra.enabled" and that did take effect, so the config file is being read correctly, the setting just does not seem to be getting applied.

My goal is to have all Kibana settings driven from configuration files, and not require the admin to go in and reconfigure the settings. Which is why I would prefer to set this via kibana.yml

I have read the 7.6 documentation and looked at the Github code base, there are still references to the setting, so I would assume it is still working.

Any help would be greatly appreciated.

Thanks,
Emmet

2

I have just tested this on 6.8.6 and it appears to work on that, but fails on 7.6.0. As such I suspect this is either a bug (The new settings UI, incorrectly ignores this setting), or incorrect documentation (The new settings UI was never meant to support this setting, despite it be documented as an either/or option under the 7.6 docs).

I have raised an issue on the GitHub page https://github.com/elastic/kibana/issues/58356, however is anybody aware of any potential workarounds for this? I have tried extracting the "object" using Infrastructure UI issue, and importing it via the ndjson file, but it appears to be the wrong format. Basically is there an alternative way to set the defaults values, or import the value for this setting.

i.e. Something like:

{"type":"infrastructure-ui-source","id":"infrastructure-ui-source:default","attributes":{"name":"Default", "logAlias":"logs-*"}}

Thanks,
Emmet

3

Below is a workaround in the mean time.

curl -fX POST "elasticsearch:9200/.kibana_1/_update/infrastructure-ui-source:default" -H 'Content-Type: application/json' -d '
{
    "doc" : {
        "infrastructure-ui-source" : {
            "name" : "Default",
            "description" : "",
            "metricAlias" : "metricbeat-*",
            "logAlias" : "saltdna-*",
            "fields" : {
                "container" : "container.id",
                "host" : "host.name",
                "pod" : "kubernetes.pod.uid",
                "tiebreaker" : "_doc",
                "timestamp" : "@timestamp"
            },
            "logColumns" : [
                {
                "timestampColumn" : {
                    "id" : "5e7f964a-be8a-40d8-88d2-fbcfbdca0e2f"
                }
                },
                {
                "messageColumn" : {
                    "id" : "b645d6da-824b-4723-9a2a-e8cece1645c0"
                }
                }
            ]
        },
        "type" : "infrastructure-ui-source",
        "references" : [ ],
        "updated_at" : "2020-02-25T09:57:21.417Z"
    },
    "doc_as_upsert" : true
}
' > /dev/null 2>&1;

You will need to run this command at startup. I achieved this via:

FROM docker.elastic.co/kibana/kibana:7.6.0
COPY ./objects.ndjson ./import.sh ./
ENTRYPOINT [ "/bin/sh", "-c" ]
CMD ["./import.sh & /usr/local/bin/dumb-init /usr/local/bin/kibana-docker"]

import.sh

#!/bin/sh
until curl -fX POST "localhost:5601/api/saved_objects/_import?overwrite=true" -H "kbn-xsrf: true" --form file=@objects.ndjson > /dev/null 2>&1; do
    echo "Attempting to import objects - retrying"
    sleep 10
done

# Until https://github.com/elastic/kibana/issues/58356 is resolved
curl -fX POST "elasticsearch:9200/.kibana_1/_update/infrastructure-ui-source:default" -H 'Content-Type: application/json' -d'
{
    "doc" : {
        "infrastructure-ui-source" : {
            "name" : "Default",
            "description" : "",
            "metricAlias" : "metricbeat-*",
            "logAlias" : "saltdna-*",
            "fields" : {
                "container" : "container.id",
                "host" : "host.name",
                "pod" : "kubernetes.pod.uid",
                "tiebreaker" : "_doc",
                "timestamp" : "@timestamp"
            },
            "logColumns" : [
                {
                "timestampColumn" : {
                    "id" : "5e7f964a-be8a-40d8-88d2-fbcfbdca0e2f"
                }
                },
                {
                "messageColumn" : {
                    "id" : "b645d6da-824b-4723-9a2a-e8cece1645c0"
                }
                }
            ]
        },
        "type" : "infrastructure-ui-source",
        "references" : [ ],
        "updated_at" : "2020-02-25T09:57:21.417Z"
    },
    "doc_as_upsert" : true
}
' > /dev/null 2>&1;

echo "Objects successfully imported"
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.