Hello,
I've been trying for hours to get an ELK stack setup so I can start learning it. I attempted the docker guide, but the Kibana container was always unhealthy, and I couldn't find a fix for it here or on the internet.
So I've attempted a bare metal install on Ubuntu Server 20.04 using the repositories and commands listed here -
Install Elasticsearch with Debian Package | Elasticsearch Guide [8.1] | Elastic
Install Kibana with Debian package | Kibana Guide [8.1] | Elastic
However, I have had no luck with that working either. From what I can gather Kibana is not communicating with the elastic instance correctly; but I haven't found a guide that can tell me what to change to get it to work. I'm assuming it's a https issue given the elastic logs. Searching for those errors, with variations of "kibana" have not proved fruitful.
I've spent about 6 hours on this, and am very frustrated. If there's a guide, documentation, or some reading that'll help me figure it out, I'd appreciate it. Thank you for your time.
I can connect to the elastic instance and get the following:
When I attempt to connect to Kibana using the latest instance of Firefox I get this:
Using Edge I get this:
Here's a tail of logs for Kibana
-- Logs begin at Sat 2022-03-05 22:01:24 UTC, end at Wed 2022-03-16 07:08:14 UTC. --
Mar 16 06:27:11 ubuntuserver systemd[1]: Started Kibana.
Mar 16 06:27:37 ubuntuserver kibana[19988]: [2022-03-16T06:27:37.258+00:00][INFO ][plugins-service] Plugin "metricsEntities" is disabled.
Mar 16 06:27:37 ubuntuserver kibana[19988]: [2022-03-16T06:27:37.482+00:00][INFO ][http.server.Preboot] http server running at http://localhost:5601
Mar 16 06:27:37 ubuntuserver kibana[19988]: [2022-03-16T06:27:37.571+00:00][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup]
Mar 16 06:27:37 ubuntuserver kibana[19988]: [2022-03-16T06:27:37.576+00:00][INFO ][preboot] "interactiveSetup" plugin is holding setup: Validating Elasticsearch connection configuration…
Mar 16 06:27:37 ubuntuserver kibana[19988]: [2022-03-16T06:27:37.650+00:00][INFO ][root] Holding setup until preboot stage is completed.
Mar 16 06:27:37 ubuntuserver kibana[19988]: i Kibana has not been configured.
Mar 16 06:27:37 ubuntuserver kibana[19988]: Go to http://localhost:5601/?code=687563 to get started.
Mar 16 06:34:07 ubuntuserver systemd[1]: Stopping Kibana...
Mar 16 06:34:07 ubuntuserver kibana[19988]: [2022-03-16T06:34:07.937+00:00][INFO ][plugins-system.preboot] Stopping all plugins.
Mar 16 06:34:07 ubuntuserver systemd[1]: kibana.service: Succeeded.
Mar 16 06:34:07 ubuntuserver systemd[1]: Stopped Kibana.
Mar 16 06:34:30 ubuntuserver systemd[1]: Started Kibana.
Mar 16 06:34:54 ubuntuserver kibana[24488]: [2022-03-16T06:34:54.010+00:00][INFO ][plugins-service] Plugin "metricsEntities" is disabled.
Mar 16 06:34:54 ubuntuserver kibana[24488]: [2022-03-16T06:34:54.245+00:00][INFO ][http.server.Preboot] http server running at http://192.168.1.6:5601
Mar 16 06:34:54 ubuntuserver kibana[24488]: [2022-03-16T06:34:54.356+00:00][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup]
Mar 16 06:34:54 ubuntuserver kibana[24488]: [2022-03-16T06:34:54.435+00:00][WARN ][config.deprecation] The default mechanism for Reporting privileges will work differently in future versions, which will affect the behavior of this cluster. Set "xpack.reporting.roles.enabled" to "false" to adopt the future behavior >
Mar 16 06:34:54 ubuntuserver kibana[24488]: [2022-03-16T06:34:54.787+00:00][INFO ][plugins-system.standard] Setting up [112] plugins: [translations,licensing,globalSearch,globalSearchProviders,features,mapsEms,licenseApiGuard,usageCollection,taskManager,telemetryCollectionManager,telemetryCollectionXpack,kibanaUsag>
Mar 16 06:34:54 ubuntuserver kibana[24488]: [2022-03-16T06:34:54.832+00:00][INFO ][plugins.taskManager] TaskManager is identified by the Kibana UUID: c8ab2572-2727-44c7-816f-5cddc313ac80
Mar 16 06:34:55 ubuntuserver kibana[24488]: [2022-03-16T06:34:55.169+00:00][WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys>
Mar 16 06:34:55 ubuntuserver kibana[24488]: [2022-03-16T06:34:55.171+00:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
Mar 16 06:34:55 ubuntuserver kibana[24488]: [2022-03-16T06:34:55.212+00:00][WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys>
Mar 16 06:34:55 ubuntuserver kibana[24488]: [2022-03-16T06:34:55.213+00:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
Mar 16 06:34:55 ubuntuserver kibana[24488]: [2022-03-16T06:34:55.251+00:00][WARN ][plugins.reporting.config] Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-k>
Mar 16 06:34:55 ubuntuserver kibana[24488]: [2022-03-16T06:34:55.275+00:00][WARN ][plugins.encryptedSavedObjects] Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys comma>
Mar 16 06:34:55 ubuntuserver kibana[24488]: [2022-03-16T06:34:55.306+00:00][WARN ][plugins.actions] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
Mar 16 06:34:55 ubuntuserver kibana[24488]: [2022-03-16T06:34:55.342+00:00][WARN ][plugins.alerting] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
Mar 16 06:34:55 ubuntuserver kibana[24488]: [2022-03-16T06:34:55.378+00:00][INFO ][plugins.ruleRegistry] Installing common resources shared between all indices
Mar 16 06:34:56 ubuntuserver kibana[24488]: [2022-03-16T06:34:56.940+00:00][INFO ][plugins.screenshotting.config] Chromium sandbox provides an additional layer of protection, and is supported for Linux Ubuntu 20.04 OS. Automatically enabling Chromium sandbox.
Mar 16 06:35:04 ubuntuserver kibana[24488]: [2022-03-16T06:35:04.514+00:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 127.0.0.1:50634, Remote: 127.0.0.1:9200
Mar 16 06:35:07 ubuntuserver kibana[24488]: [2022-03-16T06:35:07.834+00:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 127.0.0.1:50650, Remote: 127.0.0.1:9200
Mar 16 06:35:11 ubuntuserver kibana[24488]: [2022-03-16T06:35:11.000+00:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 127.0.0.1:50670, Remote: 127.0.0.1:9200
Mar 16 06:35:13 ubuntuserver kibana[24488]: [2022-03-16T06:35:13.574+00:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 127.0.0.1:50682, Remote: 127.0.0.1:9200
Mar 16 06:35:16 ubuntuserver kibana[24488]: [2022-03-16T06:35:16.965+00:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 127.0.0.1:50702, Remote: 127.0.0.1:9200
Mar 16 06:35:18 ubuntuserver kibana[24488]: [2022-03-16T06:35:18.856+00:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 127.0.0.1:50718, Remote: 127.0.0.1:9200
Mar 16 06:35:19 ubuntuserver kibana[24488]: [2022-03-16T06:35:19.055+00:00][INFO ][plugins.screenshotting.chromium] Browser executable: /usr/share/kibana/x-pack/plugins/screenshotting/chromium/headless_shell-linux_x64/headless_shell
Mar 16 06:35:21 ubuntuserver kibana[24488]: [2022-03-16T06:35:21.559+00:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 127.0.0.1:50734, Remote: 127.0.0.1:9200
Mar 16 06:35:24 ubuntuserver kibana[24488]: [2022-03-16T06:35:24.170+00:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 127.0.0.1:50752, Remote: 127.0.0.1:9200
The logs for Elastic
Elastic log
[2022-03-16T06:57:15,255][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [ubuntuserver] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:52970}
[2022-03-16T06:57:17,734][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [ubuntuserver] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:52972}
[2022-03-16T06:57:17,741][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [ubuntuserver] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:52974}
[2022-03-16T06:57:17,755][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [ubuntuserver] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:52976}
[2022-03-16T06:57:17,779][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [ubuntuserver] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:52978}
[2022-03-16T06:57:20,234][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [ubuntuserver] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:52980}
The Kibana.yml
kibana.yml
# For more configuration options see the configuration guide for Kibana in
# https://www.elastic.co/guide/index.html
# =================== System: Kibana Server ===================
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601
# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "192.168.1.6"
# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""
# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# Defaults to `false`.
#server.rewriteBasePath: false
# Specifies the public URL at which Kibana is available for end users. If
# `server.basePath` is configured this URL should end with the same basePath.
#server.publicBaseUrl: ""
# The maximum payload size in bytes for incoming server requests.
#server.maxPayload: 1048576
# The Kibana server's name. This is used for display purposes.
#server.name: "your-hostname"
# =================== System: Kibana Server (Optional) ===================
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key
# =================== System: Elasticsearch ===================
# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["https://localhost:9200"]
# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
#elasticsearch.username: "kibana_system"
#elasticsearch.password: "pass"
# Kibana can also authenticate to Elasticsearch via "service account tokens".
# Service account tokens are Bearer style tokens that replace the traditional username/password based configuration.
# Use this token instead of a username/password.
#elasticsearch.serviceAccountToken: ""
# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500
# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000
# Specifies whether Kibana should use compression for communications with elasticsearch
# Defaults to `false`.
#elasticsearch.compression: false
# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]
# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}
# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000
# =================== System: Elasticsearch (Optional) ===================
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key
# Enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full
# =================== System: Logging ===================
# Set the value of this setting to off to suppress all logging output, or to debug to log everything. Defaults to 'info'
#logging.root.level: debug
# Enables you to specify a file where Kibana stores log output.
logging:
appenders:
file:
type: file
fileName: /var/log/kibana/kibana.log
layout:
type: json
root:
appenders:
- default
- file
# layout:
# type: json
# Logs queries sent to Elasticsearch.
#logging.loggers:
# - name: elasticsearch.query
# level: debug
# Logs http responses.
#logging.loggers:
# - name: http.server.response
# level: debug
# Logs system usage information.
#logging.loggers:
# - name: metrics.ops
# level: debug
# =================== System: Other ===================
# The path where Kibana stores persistent data not saved in Elasticsearch. Defaults to data
#path.data: data
# Specifies the path where Kibana creates the process ID file.
pid.file: /run/kibana/kibana.pid
# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000ms.
#ops.interval: 5000
# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English - en , by default , Chinese - zh-CN .
#i18n.locale: "en"
# =================== Frequently used (Optional)===================
# =================== Saved Objects: Migrations ===================
# Saved object migrations run at startup. If you run into migration-related issues, you might need to adjust these settings.
# The number of documents migrated at a time.
# If Kibana can't start up or upgrade due to an Elasticsearch `circuit_breaking_exception`,
# use a smaller batchSize value to reduce the memory pressure. Defaults to 1000 objects per batch.
#migrations.batchSize: 1000
# The maximum payload size for indexing batches of upgraded saved objects.
# To avoid migrations failing due to a 413 Request Entity Too Large response from Elasticsearch.
# This value should be lower than or equal to your Elasticsearch cluster’s `http.max_content_length`
# configuration option. Default: 100mb
#migrations.maxBatchSizeBytes: 100mb
# The number of times to retry temporary migration failures. Increase the setting
# if migrations fail frequently with a message such as `Unable to complete the [...] step after
# 15 attempts, terminating`. Defaults to 15
#migrations.retryAttempts: 15
# =================== Search Autocomplete ===================
# Time in milliseconds to wait for autocomplete suggestions from Elasticsearch.
# This value must be a whole number greater than zero. Defaults to 1000ms
#data.autocomplete.valueSuggestions.timeout: 1000
# Maximum number of documents loaded by each shard to generate autocomplete suggestions.
# This value must be a whole number greater than zero. Defaults to 100_000
#data.autocomplete.valueSuggestions.terminateAfter: 100000
Elastic.yml
elastic.yml
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
#network.host: 192.168.0.1
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 16-03-2022 06:16:29
#
# --------------------------------------------------------------------------------
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["ubuntuserver"]
# Allow HTTP API connections from localhost and local networks
# Connections are encrypted and require user authentication
http.host: [_local_, _site_]
# Allow other nodes to join the cluster from localhost and local networks
# Connections are encrypted and mutually authenticated
#transport.host: [_local_, _site_]