Unable to open Kibana 5.6.15 GUI

Ihave installed ELK 5.6.15 & x-pack 5.6.15. After installation ,kibana GUI is not accessible. Below are the trace log in Kibana.log file.
I have "xpack.security.audit.enabled" set to false explicitly in kibana.yml but still not able to recover from this issue.Can someone please suggest what could the issue here:

"type":"error","@timestamp":"2019-07-12T16:55:54Z","tags":["fatal"],"pid":22117,"level":"fatal","error":{"message":"child "xpack" fails because [child "security" fails because ["audit" is not allowed]]","name":"ValidationError","stack":"ValidationError: child "xpack" fails because [child "security" fails because ["audit" is not allowed]]\n at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n at Config._commit (/usr/share/kibana/src/server/config/config.js:114:35)\n at Config.set (/usr/share/kibana/src/server/config/config.js:84:10)\n at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:57:10)\n at /usr/share/kibana/src/server/plugins/plugin_collection.js:19:12\n at next (native)\n at step (/usr/share/kibana/src/server/plugins/plugin_collection.js:49:191)\n at /usr/share/kibana/src/server/plugins/plugin_collection.js:49:361"},"message":"child "xpack" fails because [child "security" fails because ["audit" is not allowed]]"}

Did you disable security in elasticsearch and restart?

I got rid of that error by removing xpack.security.audit.enabled from kibana.yml.but there is onemore issue left. I have x-pack installed successfully.Verified using comman(/elasticsearch-plugin list --verbose & ./kibana-plugin list)

I have xpack.security.enabled:true in both kibana.yml & elasticsearch.yml but still I am not getting Login prompt. When i access Kibana URL it directly open the landing page instead of giving me login prompt.Just FYI,I have both elasticsearch.username & elasticsearch.password configured in kibana.yml file.

What are elasticsearch logs?

Hi David,I just ran reinstall script since i was not able to fix that issue(not getting kibana login prompt) inspite of doing so many changes . I will share the elasticsearch.log once it will be resinstalled. We have automated the installation of ELK so our kibana.yml & elasticsearch.yml doesnot have xpack.security.enabled.Since its default True so I dont need to set it up explicitly. I will update you as soon as my installation will finish and if I still do not get login prompt.

Hi David,
I didnt got the Login prompt .Just FYI,I dont have xpack.security.enabled in either of file(kibana.yml & elasticsearch.yml) since its defaults to TRUE.I dont see any error log in Elasticsearch.log.PFA logs

2019-07-12T15:36:24,979][INFO ][o.e.n.Node ] initializing ...
[2019-07-12T15:36:25,092][INFO ][o.e.e.NodeEnvironment ] [vdS_UIV] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [43gb], net total_space [49.9gb], spins? [unknown], types [rootfs]
[2019-07-12T15:36:25,092][INFO ][o.e.e.NodeEnvironment ] [vdS_UIV] heap size [1.9gb], compressed ordinary object pointers [true]
[2019-07-12T15:36:25,116][INFO ][o.e.n.Node ] node name [vdS_UIV] derived from node ID [vdS_UIV1Tkq_GB9tpvbJrA]; set [node.name] to override
[2019-07-12T15:36:25,117][INFO ][o.e.n.Node ] version[5.6.15], pid[2084], build[fe7575a/2019-02-13T16:21:45.880Z], OS[Linux/3.10.0-693.el7.x86_64/amd64], JVM[Oracle Corporation/Java HotSpot(TM) 64-Bit Server VM/1.8.0_131/25.131-b11]
[2019-07-12T15:36:25,117][INFO ][o.e.n.Node ] JVM arguments [-Xms2g, -Xmx2g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -Djdk.io.permissionsUseCanonicalPath=true, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j.skipJansi=true, -XX:+HeapDumpOnOutOfMemoryError, -Des.path.home=/usr/share/elasticsearch]
[2019-07-12T15:36:27,083][INFO ][o.e.p.PluginsService ] [vdS_UIV] loaded module [aggs-matrix-stats]
[2019-07-12T15:36:27,083][INFO ][o.e.p.PluginsService ] [vdS_UIV] loaded module [ingest-common]
[2019-07-12T15:36:27,083][INFO ][o.e.p.PluginsService ] [vdS_UIV] loaded module [lang-expression]
[2019-07-12T15:36:27,083][INFO ][o.e.p.PluginsService ] [vdS_UIV] loaded module [lang-groovy]
[2019-07-12T15:36:27,083][INFO ][o.e.p.PluginsService ] [vdS_UIV] loaded module [lang-mustache]
[2019-07-12T15:36:27,083][INFO ][o.e.p.PluginsService ] [vdS_UIV] loaded module [lang-painless]
[2019-07-12T15:36:27,083][INFO ][o.e.p.PluginsService ] [vdS_UIV] loaded module [parent-join]
[2019-07-12T15:36:27,083][INFO ][o.e.p.PluginsService ] [vdS_UIV] loaded module [percolator]
[2019-07-12T15:36:27,083][INFO ][o.e.p.PluginsService ] [vdS_UIV] loaded module [reindex]
[2019-07-12T15:36:27,083][INFO ][o.e.p.PluginsService ] [vdS_UIV] loaded module [transport-netty3]
[2019-07-12T15:36:27,083][INFO ][o.e.p.PluginsService ] [vdS_UIV] loaded module [transport-netty4]
[2019-07-12T15:36:27,084][INFO ][o.e.p.PluginsService ] [vdS_UIV] loaded plugin [x-pack]
[2019-07-12T15:36:29,618][DEBUG][o.e.a.ActionModule ] Using REST wrapper from plugin org.elasticsearch.xpack.XPackPlugin
[2019-07-12T15:36:30,756][INFO ][o.e.x.m.j.p.l.CppLogMessageHandler] [controller/2245] [Main.cc@128] controller (64 bit): Version 5.6.15 (Build bbd204010bbfc5) Copyright (c) 2019 Elasticsearch BV
[2019-07-12T15:36:30,780][INFO ][o.e.d.DiscoveryModule ] [vdS_UIV] using discovery type [zen]
[2019-07-12T15:36:32,034][INFO ][o.e.n.Node ] initialized
[2019-07-12T15:36:32,034][INFO ][o.e.n.Node ] [vdS_UIV] starting ...
[2019-07-12T15:36:32,362][INFO ][o.e.t.TransportService ] [vdS_UIV] publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, {127.0.0.1:9300}
[2019-07-12T15:36:35,523][INFO ][o.e.c.s.ClusterService ] [vdS_UIV] new_master {vdS_UIV}{vdS_UIV1Tkq_GB9tpvbJrA}{bERGY0SkTGaSa3WJcCWuMQ}{127.0.0.1}{127.0.0.1:9300}{ml.max_open_jobs=10, ml.enabled=true}, reason: zen-disco-elected-as-master ([0] nodes joined)
[2019-07-12T15:36:35,556][INFO ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [vdS_UIV] publish_address {127.0.0.1:9200}, bound_addresses {[::1]:9200}, {127.0.0.1:9200}
[2019-07-12T15:36:35,556][INFO ][o.e.n.Node ] [vdS_UIV] started
[2019-07-12T15:36:36,334][INFO ][o.e.l.LicenseService ] [vdS_UIV] license [b82f52f6-1e8f-4f94-978f-de68012f02f7] mode [basic] - valid
[2019-07-12T15:36:36,348][INFO ][o.e.g.GatewayService ] [vdS_UIV] recovered [5] indices into cluster_state
[2019-07-12T15:36:36,725][INFO ][o.e.c.r.a.AllocationService] [vdS_UIV] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[.security][0], [.monitoring-es-6-2019.07.12][0], [.watches][0], [.kibana][0]] ...]).
[2019-07-12T15:36:36,756][WARN ][o.e.x.s.a.s.m.NativeRoleMappingStore] [vdS_UIV] Failed to clear cache for realms []
[2019-07-12T15:39:13,766][INFO ][o.e.c.m.MetaDataMappingService] [vdS_UIV] [.kibana/6ymd9ycaRCewde5FPy_6iA] update_mapping [config]

I see some error in Kibana.log but those can be ignored as per my understanding from below link.(https://www.elastic.co/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash?ultron=june-2019&blade=newsletter&hulk=email&mkt_tok=eyJpIjoiTlRBM1pqWTJPV0ppWldaaiIsInQiOiJiXC96b2JuZ0pUWEpCUDNzWDNlcmZualRmejM0blBVTk5tWFRsbTVubk9FXC9PNVIzTkIweWRGdXBzdXdmTjhPV0dyOFNPSzRuT3NZVXcwMDd6SFdnUFUxVnhoa29iWHZnRUJRbzd2Y1wveXE1MXUrVzlkdG96dnFcL1dabjNTczlUaXoifQ%3D%3D

kibana .log.error trace:

{"type":"error","@timestamp":"2019-07-12T19:39:00Z","tags":["connection","client","error"],"pid":2155,"level":"error","error":{"message":"140024729728832:error:14094416:SSL routines:ssl3_read_byte s:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/s3_pkt.c:1498:SSL alert number 46\n140024729728832:error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure:../deps/openssl/o penssl/ssl/s3_pkt.c:1216:\n","name":"Error","stack":"Error: 140024729728832:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/s3_pkt.c:1498:SS L alert number 46\n140024729728832:error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure:../deps/openssl/openssl/ssl/s3_pkt.c:1216:\n\n at Error (native)"},"message":"14002472972883 2:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/s3_pkt.c:1498:SSL alert number 46\n140024729728832:error:140940E5:SSL routines:ssl3_read_b ytes:ssl handshake failure:../deps/openssl/openssl/ssl/s3_pkt.c:1216:\n"}

I have basic license for ELK5.6.15.Not sure if get login page with Basic license or do we need trial version for that as suggested in below link.only diff I see there is the link talk about ELK6.X)

I have Basic license for ELK5.6.15.

sudo curl -XGET -u XXXX:YYYY 'http://127.0.0.1:9200/_xpack/license'
{
"license" : {
"status" : "active",
"uid" : "b82f52f6-1e8f-4f94-978f-de68012f02f7",
"type" : "basic",
"issue_date" : "2019-07-12T00:00:00.000Z",
"issue_date_in_millis" : 1562889600000,
"expiry_date" : "2020-07-12T23:59:59.999Z",
"expiry_date_in_millis" : 1594598399999,
"max_nodes" : 100,
"issued_to" : "sandeep (XXXX)",
"issuer" : "Web Form",
"start_date_in_millis" : 1562889600000
}
}

Few things:

Since its default True

Not really.

In 5.x elasticsearch does not have some security features in basic. You need a Gold or a Trial.

In 6.8 or 7.2, you need to activate explicitly security in settings for the basic license.

1 Like

Yes,some security feature are not available in Basic but I think Login page comes by default irrepective of if you have Gold,Trial or Basic license. I saw login page few days back after install but I cant recollect it now what I configuration i had that time.

As I said, in 5.6 you can't have security unless you have a gold+ or a trial.
Upgrade.