Hi, I'm using a docker compose file for ELK setup and using the latest version (above 7) for kibana. Now I set the xpack.encryptedSavedObjects.encryptionKey parameter in the kibana.yml so that i can use the alert and actions feature. But even after that I'm not able to create alert. Can anyone help me please?
PS. I genertaed the 32 character encryption key using python uuid module
Hi @Akanksha_Pandey Welcome to the community
Exactly which version of Kibana are you using? I ask because the image above is not a very recent version. The version can be found on the Stack Management home screen.
Also I assume you restarted Kibana after you made the change, and you shift reloaded the Kibana App in the browser.
Just FYI, In newer / lastest versions enabling security / TLS is required to use Kibana Alerts.
It is still OK to use some of these older versions... but if you are interested in Kibana alerts a lot of new capabilities have been added since they were Beta.
The current version of the Elastic Stack is 7.13.0
Hi @stephenb Thanks for responding.
My Kibana version is 7.9.2
Yes, I restarted Kibana after making the changes and reloaded the Kibana App in the browser as well.
Please tell me what should I do/what I'm doing wrong. It's very urgent
Can you share your kibana.yml
Just as a reminder this is a volunteer forum, so there is no gauruntee of any / or a timely answer.
sure. Here, I have removed elasticsearch username, password, encryption key due to security purpose.
In the future please don't paste screenshots as they are hard to read and cannot be searched on, and do not show up on all devices.
Plus I cannot tell if that's the whole file.
It looks correct assuming you put the encryption key back in.
Did you restart elasticsearch as well?
Sorry for the inconvenience.
Yes, I restarted elastic search as well and encryption key was also present.
And this is the whole kibana.yml file
Hmmmm then there is something else going on as I just took a fresh 7.9.2 stack and only added this line and it came up fine. And Alerts are allowed.
xpack.encryptedSavedObjects.encryptionKey: "asdflkjs-asds-sadf-sadf-sadfasdfsadf"
Seems like your perhaps docker compose is perhaps not picking up the latest kibana.yml
Here is my compose how I do it.
---
version: '3'
services:
elasticsearch:
container_name: es01
image: docker.elastic.co/elasticsearch/elasticsearch:${TAG}
environment: ['ES_JAVA_OPTS=-Xms2g -Xmx2g','bootstrap.memory_lock=true','discovery.type=single-node']
ports:
- 9200:9200
networks:
- elastic
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
kibana:
image: docker.elastic.co/kibana/kibana:${TAG}
container_name: kib01
environment:
XPACK_APM_SERVICEMAPENABLED: "true"
XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: aslkdjfhs-sdfsd-safd-sffd-sdfsadffsafdsdf
ports:
- 5601:5601
networks:
- elastic
networks:
elastic:I added the encryption key in docker-compose.yaml file but it still didn't work
services:
elasticsearch:
build:
context: elasticsearch/
container_name: elasticsearch
volumes:
- type: bind
source: ./elasticsearch/conf/elasticsearch.yml
target: /usr/share/elasticsearch/conf/elasticsearch.yml
read_only: true
- type: volume
source: elasticsearch
target: /usr/share/elasticsearch/data
ports:
- "9200:9200"
environment:
ES_JAVA_OPTS: "-Xmx2g -Xms2g"
ELASTIC_PASSWORD:
ELASTIC_USERNAME :
# Use single node discovery in order to disable production mode and avoid bootstrap checks.
# see: https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html
discovery.type: single-node
networks:
- elastic
restart: always
logstash:
container_name: logstash
build:
context: logstash/
# command: logstash -f /conf/logstash.conf
volumes:
- type: bind
source: ./logstash/conf/logstash.yml
target: /usr/share/logstash/conf/logstash.yml
read_only: true
- type: bind
source: ./logstash/pipeline
target: /usr/share/logstash/pipeline
read_only: true
ports:
- "5043:5043"
- "5044:5044"
environment:
LS_JAVA_OPTS: "-Xmx1g -Xms1g"
networks:
- elastic
depends_on:
- elasticsearch
restart: always
kibana:
build:
context: kibana/
container_name:
environment:
XPACK_APM_SERVICEMAPENABLED: "true"
XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: " "
volumes:
- type: bind
source: ./kibana/conf/kibana.yml
target: /usr/share/kibana/conf/kibana.yml
read_only: true
ports:
- "5601:5601"
networks:
- elastic
depends_on:
- elasticsearch
restart: always
Is there any other way to add the encryption key- maybe using the devtools in the Kibana app?
With your docker compose are you using start / stop or up / down
Try bring down then up (You will lose your DATA)
You are doing this right... you have something else going on.
I'm using this command: docker-compose up --build
This is a production server. If I bring it down- data will be lost
Should I try this: docker-compose stop and then start the container?
I used Ctrl-C to stop the container and started by using this command: docker-compose up --build
docker-compose down
This will destroy the containers
then wait
docker-compose up
This will re-create them.
up = Create
down = Destroy
start = Start
stop = Stop
The typical sequence is to do up
Then you can stop with a control c
Then you can use stop and start as many times as you want
Then you use down to destroy the container when you're done
How to bring down the 3 containers (kibana, logstash, elasticsearch) using docker-compose down? And there are other conatiners as well running on the server. Will they be also stopped?
I don't know your entire docker architecture / infrastructure
Perhaps you need to read more about docker, I'm not a docker expert.
I use
docker-compose -f my-compose.yml [up, down,start, stop]
I can't really comment on the other containers etc if you use the -f option it should apply just that docker compose
If you want new containers you need to use down
My suspicion when you're just using stop and start it's not picking up the new settings because the container is already built.
Or yes you can rebuild it I think but but the settings are not part of that so I think just down then up should work
@Akanksha_Pandey
BTW I was just working on another issues and for me confirmed the settings did not get picked up unless destroyed the container and recreated it i.e.
docker-compose down
then
docker-compose up
@stephenb Sorry for the late response as my limit to send messages here was exceeded. I was prompted to send the message after 22 hours
Yes, you are right. That was the actual issue. I'm able to create the alert when I put the encryption key in docker-compose.yaml file instead of kibana.yml. And recreated the container using docker-compose up -d then docker-compose up --build
Thanks a lot! You saved me 
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.