Hi,
I'm trying to set up Metricbeat dashboards in our Kibana, but I'm getting authorization failures:
metricbeat setup --dashboards
Loading dashboards (Kibana must be running and reachable)
Exiting: Error importing Kibana dashboards: fail to create the Kibana loader: Error creating Kibana client: Error creating Kibana client: fail to get the Kibana version: HTTP GET request to /api/status fails: <nil>. Response: {"statusCode":401,"error":"Unauthorized","message":"[security_exception] unable to authenticate user [] for REST request [/_xpack/security/_authenticate], with { header={ WWW-Authenticate=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" } }"}
My Metricbeat config is:
[root@xalnplvapxx metricbeat]# metricbeat export config
fields:
env: production
logging:
level: info
metricbeat:
config:
modules:
path: /etc/metricbeat/modules.d/*.yml
reload:
enabled: false
output:
logstash:
hosts:
- '[2a00:e400:xx::xx]:10104'
path:
config: /etc/metricbeat
data: /var/lib/metricbeat
home: /usr/share/metricbeat
logs: /var/log/metricbeat
setup:
kibana:
host: https://xalzplvapxx.xxx.net:5601
password: xxxx
setup:
dashboards:
index: os-xxx-metricbeat-*
ssl:
certificate_authorities:
- /etc/kibana/certs/xxx.net-wildcard.ca.crt
user: xxxx
template:
settings:
_source:
enabled: false
index:
codec: best_compression
number_of_shards: 1
tags:
- ELK
- kibana
Checking with curl, I don't get authentication errors:
[root@xalnplvapxx metricbeat]# curl -k -u xxxx -p https://xalzplvapxx.xxx.net:5601/api/status
Enter host password for user 'xxxx':
{"name":"kibana.xxx.net","uuid":"21e470b6-439d-4a1d-a78b-4edb1657d500","version":{"number":"6.3.1","build_hash":"cb8398243cee7be0dddd118cd657d1f17be4e4be","build_number":17276,"build_snapshot":false},"status":{"overall":{"state":"green","title":"Green","nickname":"Looking good","icon":"success","since":"2018-10-16T10:00:03.451Z"},"statuses":[{"id":"plugin:kibana@6.3.1","state":"green","icon":"success","message":"Ready","since":"2018-10-16T10:00:03.451Z"},{"id":"plugin:elasticsearch@6.3.1","state":"green","icon":"success","message":"Ready","since":"2018-10-16T10:00:04.213Z"},{"id":"plugin:xpack_main@6.3.1","state":"green","icon":"success","message":"Ready","since":"2018-10-16T10:00:04.267Z"},{"id":"plugin:searchprofiler@6.3.1","state":"green","icon":"success","message":"Ready","since":"2018-10-16T10:00:04.267Z"},{"id":"plugin:tilemap@6.3.1","state":"green","icon":"success","message":"Ready","since":"2018-10-16T10:00:04.267Z"},{"id":"plugin:watcher@6.3.1","state":"green","icon":"success","message":"Ready","since":"2018-10-16T10:00:04.267Z"},{"id":"plugin:license_management@6.3.1","state":"green","icon":"success","message":"Ready","since":"2018-10-16T10:00:03.505Z"},{"id":"plugin:index_management@6.3.1","state":"green","icon":"success","message":"Ready","since":"2018-10-16T10:00:04.267Z"},{"id":"plugin:timelion@6.3.1","state":"green","icon":"success","message":"Ready","since":"2018-10-16T10:00:03.610Z"},{"id":"plugin:graph@6.3.1","state":"green","icon":"success","message":"Ready","since":"2018-10-16T10:00:04.267Z"},{"id":"plugin:monitoring@6.3.1","state":"green","icon":"success","message":"Ready","since":"2018-10-16T10:00:03.614Z"},{"id":"plugin:security@6.3.1","state":"green","icon":"success","message":"Ready","since":"2018-10-16T10:00:04.267Z"},{"id":"plugin:grokdebugger@6.3.1","state":"green","icon":"success","message":"Ready","since":"2018-10-16T10:00:04.267Z"},{"id":"plugin:dashboard_mode@6.3.1","state":"green","icon":"success","message":"Ready","since":"2018-10-16T10:00:03.644Z"},{"id":"plugin:logstash@6.3.1","state":"green","icon":"success","message":"Ready","since":"2018-10-16T10:00:04.267Z"},{"id":"plugin:console@6.3.1","state":"green","icon":"success","message":"Ready","since":"2018-10-16T10:00:03.653Z"},{"id":"plugin:console_extensions@6.3.1","state":"green","icon":"success","message":"Ready","since":"2018-10-16T10:00:03.662Z"},{"id":"plugin:metrics@6.3.1","state":"green","icon":"success","message":"Ready","since":"2018-10-16T10:00:03.664Z"},{"id":"plugin:reporting@6.3.1","state":"green","icon":"success","message":"Ready","since":"2018-10-16T10:00:04.267Z"}]},"metrics":{"last_updated":"2018-10-18T15:10:28.585Z","collection_interval_in_millis":5000,"uptime_in_millis":191433466,"process":{"mem":{"heap_max_in_bytes":138051584,"heap_used_in_bytes":119806920}},"os":{"cpu":{"load_average":{"1m":0.1767578125,"5m":0.08447265625,"15m":0.06103515625}},"cgroup":{"cpuacct":{"control_group":"/","usage_nanos":119891068365322},"cpu":{"control_group":"/","cfs_period_micros":100000,"cfs_quota_micros":-1,"stat":{"number_of_elapsed_periods":0,"number_of_times_throttled":0,"time_throttled_nanos":0}}}},"response_times":{"avg_in_millis":null,"max_in_millis":0},"requests":{"total":0,"disconnects":0,"status_codes":{}},"concurrent_connections":0}}
I'm using Metricbeat 6.4.2, although the Elastic Stack is still at version 6.3.1.
In the Elasticsearch Log I see a Active Directory authentication error, even if I use the elastic user in the metricbeat config:
[2018-10-18T16:47:46,702][WARN ][o.e.x.s.a.AuthenticationService] [xalzplvdbxx.xxx.de] Authentication to realm active_directory failed - authenticate failed (Caused by LDAPException(resultCode=49 (invalid credentials), errorMessage='80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580', diagnosticMessage='80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580'))
This is puzzling to me, as the Native Realm has order 0 and the AD Realm order 5.
Apart from that, everything is working as expected. Can somebody point me in the right direction?