Why can't i connect kibana with Elasticsearch?

Elastic Stack Kibana
,
1

Hi there,
Currently i trying hard to connect kibana with ES, by using Docker, through a docker-compose.yml. Here my docker-compose.yml

services:
  elastic:
    container_name: elastic
    image: docker.elastic.co/elasticsearch/elasticsearch:8.18.0
    ports:
    - 9200:9200
    environment:
    - discovery.type=single-node
    - xpack.security.enabled=true
    - xpack.security.http.ssl.enabled=true
    - ELASTIC_PASSWORD=Cu213lona1993
    - xpack.security.http.ssl.keystore.path=/usr/share/elasticsearch/config/certs/elastic.keystore.jks
    - xpack.security.http.ssl.keystore.password=changeit
    healthcheck:
      test: ["CMD-SHELL", "curl -s -k -u elastic:Cu213lona1993 https://localhost:9200 | grep -q 'cluster_name'"]
      interval: 10s
      timeout: 5s
      retries: 10
    volumes:
    - ./certs:/usr/share/elasticsearch/config/certs  
  kibana:
    container_name: kibana
    image: docker.elastic.co/kibana/kibana:8.18.0
    ports:
    - 5601:5601
    environment:
    - ELASTICSEARCH_HOSTS=https://elastic:9200
    - ELASTICSEARCH_SERVICEACCOUNT_TOKEN=AAEAAWVsYXN0aWMva2liYW5hL2tpYmFuYS1zZXJ2aWNlLXRva2VuOmZGZ0RWeVF4UmlTZVZaOEJHbThMR1E
    - SERVER_SSL_ENABLED=false
    - SERVER_PUBLICBASEURL=http://localhost:5601
    - ELASTICSEARCH_SSL_VERIFICATIONMODE=none  # Para ignorar el certificado autofirmado
    depends_on:
      elastic:
        condition: service_healthy

and the error i got from kibana is all the time the following:

[2025-06-28T00:25:10.706+00:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. security_exception
        Root causes:
                security_exception: missing authentication credentials for REST request [/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip]
[2025-06-28T00:25:15.530+00:00][INFO ][plugins.screenshotting.chromium] Browser executable: /usr/share/kibana/node_modules/@kbn/screenshotting-plugin/chromium/headless_shell-linux_x64/headless
_shell

needless to say the kibana token is a brand new. At this point ES is up and running successfully and i'm able to work perfectly between ES and my REST service in spring boot, but kibana simply is not cooperating at all. And all i need to be happy is that kibana is active with ES.

Thanks in advance for any help

2

Exec into the Kibana Container

Run

curl -s -k -u elastic:Cu213lona1993 https://elastic:9200

What do you get?

1 Like
3

Thanks for reply @stephenb

When running your command it doesn´t return nothing:

mzamo@Venom-2025 MINGW64 /c/Elastic
$ curl -s -k -u elastic:Cu213lona1993 https://elastic:9200

mzamo@Venom-2025 MINGW64 /c/Elastic
$
4

@cherokeexxx Welcome to the community.

Did you exec into the Kibana Container?

Mine works (I have SSL and auth off on this)

Try

$ bash
kibana@84dafc31cf1a:~$ 
kibana@84dafc31cf1a:~$ curl -k http://es01:9200
{
  "name" : "cd55d0b261e8",
  "cluster_name" : "docker-cluster",
  "cluster_uuid" : "JecMctoZRyCyBRx_ohcnOA",
  "version" : {
    "number" : "8.6.1",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "180c9830da956993e59e2cd70eb32b5e383ea42c",
    "build_date" : "2023-01-24T21:35:11.506992272Z",
    "build_snapshot" : false,
    "lucene_version" : "9.4.2",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}
$ hostname
84dafc31cf1a
$ uname -a
Linux 84dafc31cf1a 6.10.14-linuxkit #1 SMP PREEMPT_DYNAMIC Tue Apr 15 16:05:22 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
$
5

oh i see. sorry i didn't catch you. Here the reply into kibana's container

PS C:\Elastic> docker exec -it kibana /bin/bash
kibana@2a514017cb89:~$ curl -s -k -u elastic:Cu213lona1993 https://elastic:9200
{
  "name" : "b2b81b73aa9d",
  "cluster_name" : "docker-cluster",
  "cluster_uuid" : "OXI7OGDXROSwX1A9PnZIIw",
  "version" : {
    "number" : "8.18.0",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "04e979aa50b657bebd4a0937389308de82c2bdad",
    "build_date" : "2025-04-10T10:09:16.444104780Z",
    "build_snapshot" : false,
    "lucene_version" : "9.12.1",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}
kibana@2a514017cb89:~$
6

OK that is Good!!

So it looks like you service account token is probable not valid / typo etc

SO try .....

curl -s -k -H "Authorization: Bearer <yourtoken>" https://localhost:9200/_cat/health?v

curl -s -k -H "Authorization: Bearer AAEAAWVsYXN0aWMva2liYW5hL2tpYmFuYS1zZXJ2aWNlLXRva2VuOmZGZ0RWeVF4UmlTZVZaOEJHbThMR1E" https://elastic:9200/_cat/health?v

7

here the answer @stephenb

kibana@2a514017cb89:~$ curl -H "Authorization: Bearer AAEAAWVsYXN0aWMva2liYW5hL2tpYmFuYS1zZXJ2aWNlLXRva2VuOmZGZ0RWeVF4UmlTZVZaOEJHbThMR1E" https://localhost:9200/_cat/health?v -k
curl: (7) Failed to connect to localhost port 9200: Connection refused
kibana@2a514017cb89:~$
8

You have https://localhost:9200 but it should be https://elastic:9200

I updated the command try again

curl -s -k -H "Authorization: Bearer AAEAAWVsYXN0aWMva2liYW5hL2tpYmFuYS1zZXJ2aWNlLXRva2VuOmZGZ0RWeVF4UmlTZVZaOEJHbThMR1E" https://elastic:9200/_cat/health?v

Fixed missing "

Also exactly what command did you run to create the service token

9

Thanks. I don't know to interpret the result:

kibana@2a514017cb89:~$ curl -s -k -H "Authorization: Bearer AAEAAWVsYXN0aWMva2liYW5hL2tpYmFuYS1zZXJ2aWNlLXRva2VuOmZGZ0RWeVF4UmlTZVZaOEJHbThMR1E" https://elastic:9200/_cat/health?v
epoch      timestamp cluster        status node.total node.data shards pri relo init unassign unassign.pri pending_tasks max_task_wait_time active_shards_percent
1751073616 01:20:16  docker-cluster yellow          1         1      4   4    0    0        1            0             0                  -                 80.0%
kibana@2a514017cb89:~$
10

Thats is good it is connected .... look valid!

I think I see it....

I think

ELASTICSEARCH_SERVICEACCOUNT_TOKEN
Should be

ELASTICSEARCH_SERVICEACCOUNTTOKEN

Setting is
elasticsearch.serviceAccountToken
which equals

ELASTICSEARCH_SERVICEACCOUNTTOKEN

11

oohh, do you mean the huge error was that underscore only ?

12

Huge Error :slight_smile: ... Typos Typos Typos :slight_smile: Syntax Sytax Sytax :slight_smile: ... did it work?

13

Well, i don't know if i must wait for a while, but here is the logs:

[2025-06-28T01:28:18.823+00:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. security_exception
        Root causes:
                security_exception: missing authentication credentials for REST request [/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip]
[2025-06-28T01:28:18.915+00:00][INFO ][plugins-system.standard] Setting up [174] plugins: [devTools,translations,share,searchConnectors,screenshotMode,usageCollection,telemetryCollectionManage
r,telemetryCollectionXpack,kibanaUsageCollection,contentManagement,cloud,taskManager,newsfeed,savedObjectsFinder,noDataPage,monitoringCollection,licensing,productDocBase,mapsEms,globalSearch,g
lobalSearchProviders,features,guidedOnboarding,banners,licenseApiGuard,customBranding,ftrApis,fieldsMetadata,fieldFormats,expressions,screenshotting,dataViews,esUiShared,entitiesDataAccess,cus
tomIntegrations,home,searchprofiler,painlessLab,management,spaces,security,telemetry,licenseManagement,snapshotRestore,lists,files,encryptedSavedObjects,entityManager,eventLog,actions,notifica
tions,inference,observabilityAIAssistant,llmTasks,cloudDataMigration,aiAssistantManagementSelection,advancedSettings,grokdebugger,console,searchSynonyms,searchNotebooks,bfetch,data,savedObject
sTagging,globalSearchBar,savedObjectsManagement,unifiedSearch,navigation,inferenceEndpoint,graph,embeddable,uiActionsEnhanced,savedSearch,presentationUtil,expressionShape,expressionRevealImage
,expressionRepeatImage,expressionMetric,expressionImage,controls,alerting,streams,logsDataAccess,fileUpload,ingestPipelines,ecsDataQualityDashboard,dataViewFieldEditor,dataViewManagement,chart
s,watcher,visualizations,visTypeXy,visTypeVislib,visTypeVega,visTypeTimeseries,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypeMetric,visTypeMarkdown,visTypeHeatmap,inputControlVis,express
ionTagcloud,expressionPartitionVis,visTypePie,expressionMetricVis,expressionLegacyMetricVis,expressionHeatmap,expressionGauge,visTypeGauge,eventAnnotation,expressionXY,lens,maps,dataVisualizer
,dashboard,triggersActionsUi,transform,stackConnectors,integrationAssistant,stackAlerts,ruleRegistry,cases,timelines,sessionView,kubernetesSecurity,threatIntelligence,streamsApp,metricsDataAcc
ess,aiops,discover,reporting,canvas,ml,searchPlayground,searchInferenceEndpoints,searchAssistant,observabilityAiAssistantManagement,elasticAssistant,logsExplorer,inventory,fleet,osquery,monito
ring,logstash,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,esql,datasetQuality,dataQuality,cloudSecurityPosture,cloudDefend,securitySolution,securityS
olutionEss,discoverEnhanced,links,dashboardEnhanced,logsShared,upgradeAssistant,observability,uptime,slo,synthetics,observabilityLogsExplorer,observabilityAIAssistantApp,observabilityOnboardin
g,enterpriseSearch,apmDataAccess,infra,apm,ux]
[2025-06-28T01:28:20.779+00:00][INFO ][plugins.taskManager] TaskManager is identified by the Kibana UUID: e51c7908-6b06-4942-839d-589fbf5ad779
[2025-06-28T01:28:23.249+00:00][INFO ][custom-branding-service] CustomBrandingService registering plugin: customBranding
[2025-06-28T01:28:26.741+00:00][WARN ][plugins.screenshotting.config] Chromium sandbox provides an additional layer of protection, but is not supported for Linux Ubuntu 20.04 OS. Automatically
 setting 'xpack.screenshotting.browser.chromium.disableSandbox: true'.
[2025-06-28T01:28:27.945+00:00][WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpac
k.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2025-06-28T01:28:27.946+00:00][INFO ][plugins.security.config] Hashed 'xpack.security.encryptionKey' for this instance: 0lfDqNfsGeLzUTkb0AeBgL+XMzP61nn0RuQWcz2Ejc4=
[2025-06-28T01:28:27.946+00:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
[2025-06-28T01:28:27.991+00:00][WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpac
k.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2025-06-28T01:28:27.992+00:00][INFO ][plugins.security.config] Hashed 'xpack.security.encryptionKey' for this instance: h3f24sBG3hpjqQ6Ygu5VD2klUjmSsFY8QcnR+ejxZs8=
[2025-06-28T01:28:27.993+00:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
[2025-06-28T01:28:29.102+00:00][WARN ][plugins.encryptedSavedObjects] Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObj
ects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2025-06-28T01:28:29.826+00:00][WARN ][plugins.actions] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptio
nKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2025-06-28T01:28:29.876+00:00][INFO ][plugins.notifications] Email Service Error: Email connector not specified.
[2025-06-28T01:28:32.993+00:00][WARN ][plugins.alerting] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encrypti
onKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2025-06-28T01:28:32.994+00:00][INFO ][plugins.alerting] using indexes and aliases for persisting alerts
[2025-06-28T01:28:49.879+00:00][WARN ][plugins.reporting.config] Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xp
ack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2025-06-28T01:28:49.880+00:00][INFO ][plugins.reporting.config] Hashed 'xpack.reporting.encryptionKey' for this instance: +a9MtGySZU6clJ4/te/OHRnGkvY+U9Fw2c45eQcTFyA=
[2025-06-28T01:29:02.152+00:00][INFO ][plugins.cloudSecurityPosture] Registered task successfully [Task: cloud_security_posture-stats_task]
[2025-06-28T01:29:13.576+00:00][INFO ][plugins.securitySolution.endpoint:user-artifact-packager:1.0.0] Registering endpoint:user-artifact-packager task with timeout of [20m], interval of [60s]
 and policy update batch size of [25]
[2025-06-28T01:29:13.576+00:00][INFO ][plugins.securitySolution.endpoint:complete-external-response-actions] Registering task [endpoint:complete-external-response-actions] with timeout of [5m]
 and run interval of [60s]
[2025-06-28T01:29:32.251+00:00][INFO ][plugins.screenshotting.chromium] Browser executable: /usr/share/kibana/node_modules/@kbn/screenshotting-plugin/chromium/headless_shell-linux_x64/headless
_shell
14

What happens when you try to open from your server / desktop

http://localhost:5601

[2025-06-28T01:28:18.823+00:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. security_exception
        Root causes:
                security_exception: missing authentication credentials for REST request [/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip]

This seems to indicate kibana is still not authenticating...

15

When i type http://localhost:5601 it starts loading but never exposes the kibana UI

16

Can you share your updated compose please

17

Sure @stephenb Here you are:

services:
  elastic:
    container_name: elastic
    image: docker.elastic.co/elasticsearch/elasticsearch:8.18.0
    ports:
    - 9200:9200
    environment:
    - discovery.type=single-node
    - xpack.security.enabled=true
    - xpack.security.http.ssl.enabled=true
    - ELASTIC_PASSWORD=Cu213lona1993
    - xpack.security.http.ssl.keystore.path=/usr/share/elasticsearch/config/certs/elastic.keystore.jks
    - xpack.security.http.ssl.keystore.password=changeit
    healthcheck:
      test: ["CMD-SHELL", "curl -s -k -u elastic:Cu213lona1993 https://localhost:9200 | grep -q 'cluster_name'"]
      interval: 10s
      timeout: 5s
      retries: 10
    volumes:
    - ./certs:/usr/share/elasticsearch/config/certs  
  kibana:
    container_name: kibana
    image: docker.elastic.co/kibana/kibana:8.18.0
    ports:
    - 5601:5601
    environment:
    - ELASTICSEARCH_HOSTS=https://elastic:9200
    - ELASTICSEARCH_SERVICEACCOUNTTOKEN=AAEAAWVsYXN0aWMva2liYW5hL2tpYmFuYS1zZXJ2aWNlLXRva2VuOmZGZ0RWeVF4UmlTZVZaOEJHbThMR1E
    - SERVER_SSL_ENABLED=false
    - SERVER_PUBLICBASEURL=http://localhost:5601
    - ELASTICSEARCH_SSL_VERIFICATIONMODE=none  # Para ignorar el certificado autofirmado
    depends_on:
      elastic:
        condition: service_healthy
18

Let me try to reproduce in the mean time exactly what command did you run to create the service token?

19

the token was generated with the following command:

docker exec -it elastic /usr/share/elasticsearch/bin/elasticsearch-service-tokens créate elastic/kibana kibana-service-token
20

I really appreciate your collaboration @stephenb
I've been working in this issue the whole day, and i'm very tired. Do you think is possible i checked your answer tomorrow bro ?