I would like to enable dashboards in kibana for metricbeat, heartbeat, filebeat and winlogbeat.
On the documentation it says to pass these commands when logstash is in output.
What are the settings when SSL is enabled on the whole stack?
@legoguy1000 Thanks for your answer.
I have already tried these settings without success
instance/beat.go:989 Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at https://node1.ad-it.fr:9300: Get "https://node1.ad-it.fr:9300": x509: certificate signed by unknown authority]
That's because you're using an untrusted or self signed certificate. You either need to copy the CA to the system running Filebeat and set the output.elasticsearch.ssl.certificate_authorities setting or set output.elasticsearch.ssl.verification_mode: none
ERROR [esclientleg] eslegclient/connection.go:261 error connecting to Elasticsearch at http://node1.ad-it.fr:9200: Get "http://node1.ad-it.fr:9200": EOF
2021-07-18T17:57:43.858+0200 ERROR instance/beat.go:989 Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at http://node1.ad-it.fr:9200: Get "http://node1.ad-it.fr:9200": EOF]
2021-07-18T18:23:38.483+0200 INFO [index-management] idxmgmt/std.go:261 Auto ILM enable success.
2021-07-18T18:23:38.992+0200 INFO [index-management.ilm] ilm/std.go:170 ILM policy heartbeat successfully created.
2021-07-18T18:23:38.992+0200 INFO [index-management] idxmgmt/std.go:401 Set setup.template.name to '{heartbeat-7.13.3 {now/d}-000001}' as ILM is enabled.
2021-07-18T18:23:38.992+0200 INFO [index-management] idxmgmt/std.go:406 Set setup.template.pattern to 'heartbeat-7.13.3-*' as ILM is enabled.
2021-07-18T18:23:38.992+0200 INFO [index-management] idxmgmt/std.go:440 Set settings.index.lifecycle.rollover_alias in template to {heartbeat-7.13.3 {now/d}-000001} as ILM is enabled.
2021-07-18T18:23:38.992+0200 INFO [index-management] idxmgmt/std.go:444 Set settings.index.lifecycle.name in template to {heartbeat {"policy":{"phases":{"hot":{"actions":{"rollover":{"max_age":"30d","max_size":"50gb"}}}}}}} as ILM is enabled.
2021-07-18T18:23:39.119+0200 INFO template/load.go:228 Existing template will be overwritten, as overwrite is enabled.
2021-07-18T18:23:39.206+0200 INFO template/load.go:131 Try loading template heartbeat-7.13.3 to Elasticsearch
2021-07-18T18:23:39.657+0200 INFO template/load.go:123 template with name 'heartbeat-7.13.3' loaded.
2021-07-18T18:23:39.657+0200 INFO [index-management] idxmgmt/std.go:297 Loaded index template.
2021-07-18T18:23:40.738+0200 INFO [index-management.ilm] ilm/std.go:135 Index Alias heartbeat-7.13.3 successfully created.
Index setup finished.
Indeed dashboards are disabled for heartbeat so I downloaded on the github repo.
Now I want to activate them for filebeat and metricbeat with logstash but my license has expired. So I got an extend trial that I added via the GUI. I still have to activate it to make it take effect.
But I can't activate it with the ssl in place.
Could you help me?
I tried this command :
curl -X POST -cacert /etc/elasticsearch/certs/ca.crt -u elastic "https://node1.ad-it.fr:9200/_xpack/license/start_trial?acknowledge=true"
Output :
curl: (3) <url> malformed
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above
Add -k or --insecure to your curl command to ignore ssl verification. Even though you are providing the path to the CA, I suspect the something doesn't match like the fqdn isn't in the list of SANs...
@legoguy1000
I tried this command, the output looks good but in GUI it still says "Your Trial license is inactive" curl -XPUT -u elastic 'htContent-Type: application/json" -d @licence.json --insecure
Output :
{"acknowledged":true,"license_status":"valid"}
And when I want to activate filebeat dashboards with logtash I make :
2021-07-19T18:58:19.460+0200 ERROR elasticsearch/elasticsearch.go:252 Error connecting to Elasticsearch at https://node1.ad-it.fr:9200: Connection marked as failed because the onConnect callback failed: cannot retrieve the elasticsearch license: could not extract license information from the server response: unknown state, received: 'invalid'
2021-07-19T18:58:19.460+0200 ERROR instance/beat.go:906 Exiting: Couldn't connect to any of the configured Elasticsearch hosts. Errors: [Error connection to Elasticsearch https://node1.ad-it.fr:9200: Connection marked as failed because the onConnect callback failed: cannot retrieve the elasticsearch license: could not extract license information from the server response: unknown state, received: 'invalid']
Exiting: Couldn't connect to any of the configured Elasticsearch hosts. Errors: [Error connection to Elasticsearch https://node1.ad-it.fr:9200: Connection marked as failed because the onConnect callback failed: cannot retrieve the elasticsearch license: could not extract license information from the server response: unknown state, received: 'invalid']
I don't understand this line
cannot retrieve the elasticsearch license: could not extract license information from the server response: unknown state, received: 'invalid'
Can you get to Kibana? What version of Elasticsearch? In the latest versions the /_xpack isn't needed. IDK if thats an issue. If you do curl -X GET -cacert /etc/elasticsearch/certs/ca.crt -u elastic "https://node1.ad-it.fr:9200/_license", what do you get?
Did you have a real license previously? If so you may not be able to downgrade to the trial. Are you using any feature that requires a paid license? or will the basic license work which includes a lot of the "xpack" features like security/ssl/...? See Start basic API | Elasticsearch Guide [7.13] | Elastic
@legoguy1000
Before I had a trial license that I activated.
If you tell me that the basic license allows me to use the security features, ssl is enough for me.
But I thought I needed the trial license for these functions.
ERROR instance/beat.go:906 Exiting: fail to create the Kibana loader: Error creating Kibana client: Error creating Kibana client: fail to get the Kibana version: HTTP GET request to /api/status fails: fail to execute the HTTP GET request: Get https://kibana.ad-it.fr:5601/api/status: x509: certificate signed by unknown authority. Response: .
Exiting: fail to create the Kibana loader: Error creating Kibana client: Error creating Kibana client: fail to get the Kibana version: HTTP GET request to /api/status fails: fail to execute the HTTP GET request: Get https://kibana.ad-it.fr:5601/api/status: x509: certificate signed by unknown authority. Response: .
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.