Monitor kibana using metricbeat

Elastic Stack Elasticsearch
1

Hi Experts,

I using ELK 7.16.2v. I am doing a cluster stack monitoring using metricbeat.
I have installed metricbeat on kibana server and enable the kibana-xpack module , disbale the system module.

Confgure kibana-xpack module to take datat from kibana and configure metricbeat.yml to send the monitoring data to monitoring cluster.

But my kibana is giving error for certificate.

Below is my metricbeat.yml configuration

#================================ elasticsearch Output ===================================
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["https://****:9200"]
  protocol: "https"
  username: ${monitoring.username}
  password: ${monitoring.password}
  ssl.enabled: true
  ssl.certificate_authorities: ["/etc/metricbeat/certs/root-ca.pem"]
  ssl.verification_mode: none

Below is my kibana-xpack module configuration:

- module: kibana
  metricsets:
    - stats
  xpack.enabled: true
  period: 10s
  hosts: ["http://****:5601"]
  username: "beats_system"
  password: "beats_system"
  ssl.enabled: true
  ssl.certificate_authorities: ["/etc/metricbeat/certs/kibana-dr.crt"]
  ssl.certificate: "/etc/metricbeat/certs/kibana-dr.key"
  ssl.key: "/etc/metricbeat/certs/kibana-dr.key"
  ssl.verification_mode: "none"
  server.ssl.key: "/etc/metricbeat/certs/kibana-dr.key"
  server.ssl.certificate: "/etc/metricbeat/certs/kibana-dr.crt"

My kibana is ssl enabled, I have 2 certificate for kibana "kibana-dr.key" and "kibana-dr.crt"
Or I am doing some mistake in passing the ssl?

Below metricbeat error


2022-08-31T22:43:45.337+0400    ERROR   [tls]   tlscommon/tls.go:65     Failed loading client certificate tls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been switched
2022-08-31T22:43:45.337+0400    ERROR   [kibana.stats]  stats/stats.go:79       1 error: tls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been switched accessing config

Please help to fix the issue.

Thanks,
Tahseen

2

These are not needed in that section ever.

You put a .key where it expects a cert.
ssl.certificate: "/etc/metricbeat/certs/kibana-dr.key"

All you really need is the certificate authority... that use to create the actual certs not the actual .crt and .key

if you are using this you don't need any other ssl setting (although not as secure)

ssl.verification_mode: "none"

I guess I would expect that to be https not http
hosts: ["http://****:5601"]

3

Hi @stephenb

First of all thank you for giving reply.
But now I don't have certs files. I have only to certificate of kibana i.e., .key and .crt

4

Is there a question?

I would think for first test it would look like assuming kibana is actually has ssl enabled

- module: kibana
  metricsets:
    - stats
  xpack.enabled: true
  period: 10s
  hosts: ["https://****:5601"]
  username: "beats_system"
  password: "beats_system"
  ssl.verification_mode: "none"
1 Like
5

Hi @stephenb ,

As per your above suggestion I have made the following changes in my kibana-xpack.
http to https remove the certificates

- module: kibana
  metricsets:
    - stats
  xpack.enabled: true
  period: 10s
  hosts: ["https://****:5601"]
  username: "beats_system"
  password: "beats_system"
  ssl.enabled: true
  ssl.verification_mode: "none"

After the above changes its started working.

Thank you very much for giving solution :smiley:

Regards,
Tahseen

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.