No logs after enabling Xpack in Kibana and Orchestrator

Hi Guys,

I'm new on a forum, so if I'm writing in a wrong subforum, please let me know where I should do it.

We have decided to use ElasticSearch and Kibana to read our logs from Orchestrator. After doing fresh instalation of ElasticSearcg and Kibana in version 7.5.0 and running both as services everything was working smoothly. Logs were appearing in Orchestrator and Kibana.

Few days ago we have decided to enable xpack feature to have different login and different type of permissions in Kibana.

I have done following things:

  1. added true key to the elasticsearch.yml file
  2. run elasticsearch-setup-password and changed default password
  3. added elasticsearch user and password to the kibana.yml file (kibana user)
  4. updated key in the web.config file for Orchestrator like below:

target name="robotElasticBuffer" xsi:type="BufferingWrapper" flushTimeout="5000"
target xsi:type="ElasticSearch" name="robotElastic1" requireAuth="false" username="elastic" password="" index="{event-properties:item=indexName}-{date:format=yyyy.MM}" documentType="logEvent" includeAllProperties="true" layout="{message}" excludedProperties="agentSessionId,tenantId,organizationUnitId,indexName" uri="http://XXXX:9200" / /target !--log to disk -- target xsi:type="File" name="executionFile" fileName="D:\Logs\text.txt" layout="{time} {level} {message}" concurrentWrites="true" /
target name="serverElasticBuffer" xsi:type="BufferingWrapper" flushTimeout="5000"
target xsi:type="ElasticSearch" name="serverElastic" uri="http://XXXX:9200" requireAuth="false" username="elastic" password="
" index="serverdiagnostics-{date:format=yyyy.MM}" documentType="logEvent" includeAllProperties="true" layout="{machinename} ${message}" /

Unfortunately after doing it, new logs stopped appearing in Kibana and they are not visible Orchestrator as well (however there are no errors, so I guess Orchestrator is reading logs from ElasticSearch). I can see that logs are present in the Orchestrator database. It looks like I'm missing some step, and after password change and enabling xpack security feature logs are not appearing. I have to admit that all other things are working fine, I can login to Kibana, services are running fine. Only one issue is with logs which are not appearing.

Could you help me?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.