Setting Alerting configuration on Kibana 7.9

I am using basic license for elastic search with on-premises deployment without security. I want to get started with Alerting and Actions in Kibana 7.9.
I have set xpack.encryptedSavedObjects.encryptionKey value as per documentation here

I restarted kibana after adding encrytionKey in kibana.yml file.

Still I am getting the same error as “You must set an encryption key”

Any leads will be appreciated. I am learning kibana. Thanks.

Can you try it in an incognito window to see if it works ( shouldn't matter but just checking)
Also what do the logs say ? Can you double check the encryption key is set properly in the kibana.yml and you have restarted the service ?
Thanks
Rashmi

Hey Rashmi,

Thanks for the quick response.

I tried incognito- it is still the same.

I restarted kibana once again and confirmed the encryption key is there but it is the same error I am getting.

not sure how to check logs for alerting configuration ?

are there more nodes in the cluster- if so the configuration needs to be in each node. Kibana logs - the default log file location depends on the package. Which package format did you use to install Kibana (deb, rpm, tgz)?
For SysV stdout and stderr of Kibana would be written to /var/log/kibana.{stdout,stderr} . Changing logging.dest to something besides stdout will cause these files to be empty. One thing to keep in mind is that the Kibana process needs to have write access to these files or the file configured in logging.dest . The default init script should take care of that.

Hi Rashmi,

One thing I just noticed is after restarting kibana , it literally crashed and I needed to revert kibana.yml changes regarding encryption key and it started working again.

I am using on-premises Elastic stack deployment without Security licensing (basically Basic License without security)

Could you please confirm whether Kibana Alerting works with the Basic license without security enabled ?

If it is supported, Is there any other place do I need to change settings in order to start alerting ?

What do your actual Kibana logs show?

Hey Mark,

I have installed kibana on windows 10 using .zip folder suggested at - https://www.elastic.co/guide/en/kibana/current/windows.html

Sorry but I am a newbee at kibana and doesn't know where to see kibana logs ?

Could you please guide me where to find kibana logs in windows ?

below is my kibana.yml

@Patrick_Mueller can you shed some light here?

Kibana alerting is included with our Basic license. Please refer to the docs or configuration page for more information on alerting.
It appears the Basic license only includes the in-stack actions per the subscription page.

image

In-stack actions include index and logging. External actions including email, PagerDuty, Slack and webhooks would require a Gold license or higher.

1 Like

Hi Rashmi, thanks for your reply.

Yes in-stack actions is what we need as of now. But the real struggle is to get going with Alerts and Actions page in kibana where I am stuck.

Yes, alerting should work without security. It sounds like the encryption key is not being set; we'll need to see the log messages from kibana. Given the message you see in the browser, I'd expect you'll see the following message in the logs:

APIs are disabled due to the Encrypted Saved Objects plugin using an ephemeral encryption key. 
Please set xpack.encryptedSavedObjects.encryptionKey in kibana.yml.

Can you paste the line in your kibana.yml with the xpack.encryptedSavedObjects.encryptionKey setting? You can replace the values in the key with X's if you want.

One note - the documentation notes the key should be 32 characters or longer. I'm not sure what happens if it's shorter, but it certainly won't used, and I would expect a separate log message about that.

1 Like

Hi @Patrick_Mueller,

I added below line in kibana.yml.

Restarted elasticsearch and kibana both and kibana stopped working. I see below screen on my localhost:5601

Elasticsearch is up and running at - http://localhost:9200/ but kibana stopped.
I reverted encryptionKey value and kibana started working. Not sure what's going on.

Logs are as below:

Hi @Patrick_Mueller,

Sorry for troubling.

At first I restarted kibana from bat file directly - C:\kibana-7.9.2\bin\kibana.bat
and kibana stopped working.

Then I tried calling it from cmd directly.
image

and it started working. Now I am able to create Alert :slight_smile:

Thanks for the help.