Hi there,
I run the following command and always get error message.
sudo filebeat setup -E output.logstash.enabled=false -E output.elasticsearch.hosts=['https://elastic.demo.net:9200'] -E setup.kibana.host=https://kibana.demo.net:5601
Error message:
Overwriting ILM policy is disabled. Set `setup.ilm.overwrite: true` for enabling.
Index setup finished.
Loading dashboards (Kibana must be running and reachable)
Exiting: error connecting to Kibana: fail to get the Kibana version: HTTP GET request to https://kibana.demo.net:5601/api/status fails: fail to execute the HTTP GET request: Get "https://kibana.demo.net:5601/api/status": x509: certificate signed by unknown authority (status=0). Response:
Elasticsearch, Kibana and Filebeat are running on same machine.
Previously, I generated self-signed certificates for Elasticsearch, Kibana and Filebeat using this command to generate certificate: ./elasticsearch-certutil cert --out /etc/filebeat/certs/filebeat.zip --name filebeat --ca-cert /etc/elasticsearch/certs/ca/ca.crt --ca-key /etc/elasticsearch/certs/ca/ca.key --dns filebeat.demo.net --pem
root@parallels-ubuntu:/usr/share/filebeat/bin# ./filebeat test output -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat/ --path.data /var/lib/filebeat
elasticsearch: https://elastic.demo.net:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 127.0.0.1
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 8.10.4
root@parallels-ubuntu:/usr/share/filebeat/bin# ./filebeat test config -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat/ --path.data /var/lib/filebeat
Config OK
root@parallels-ubuntu:/usr/share/filebeat/bin# cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 ubuntu-linux-22-04-desktop
127.0.0.1 elastic.demo.net
127.0.0.1 kibana.demo.net
127.0.0.1 filebeat.demo.net
elasticsearch.yml
cluster.name: my-application
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: elastic.demo.net
http.port: 9200
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: true
certificate: certs/elastic/elastic.crt
key: certs/elastic/elastic.key
certificate_authorities: certs/ca/ca.crt
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["parallels-ubuntu"]
http.host: 0.0.0.0
kibana.yml
server.port: 5601
server.host: "0.0.0.0"
server.publicBaseUrl: "https://kibana.demo.net"
server.ssl.enabled: true
server.ssl.certificateAuthorities: ["/etc/kibana/certs/ca.crt"] # copied from Elasticsearch directory
server.ssl.certificate: /etc/kibana/certs/kibana.crt
server.ssl.key: /etc/kibana/certs/kibana.key
elasticsearch.hosts: ["https://elastic.demo.net:9200"]
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/certs/ca.crt" ] # copied from Elasticsearch directory
elasticsearch.ssl.verificationMode: full
logging:
appenders:
file:
type: file
fileName: /var/log/kibana/kibana.log
layout:
type: json
root:
appenders:
- default
- file
pid.file: /run/kibana/kibana.pid
filebeat.yml
filebeat.inputs:
- type: filestream
id: my-filestream-id
enabled: true
paths:
- /var/log/*.log
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
reload.period: 10s
setup.template.settings:
index.number_of_shards: 1
setup.dashboards.enabled: false
setup.kibana:
host: "https://kibana.demo.net:5601"
output.elasticsearch:
hosts: ["elastic.demo.net:9200"]
ssl.certificate_authorities: "/etc/filebeat/certs/ca.crt" # copied from Elasticsearch directory
ssl.certificate: "/etc/filebeat/certs/filebeat.crt"
ssl.key: "/etc/filebeat/certs/filebeat.key"
protocol: "https"
username: "elastic"
password: "fdfdsfdsfdsfdfdsfda"
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
Elasticsearch and Kibana work well, I am able to login.
{
"name" : "parallels-ubuntu",
"cluster_name" : "my-application",
"cluster_uuid" : "r8N4Y-5vTMGtNvG7WNrXbg",
"version" : {
"number" : "8.10.4",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "b4a62ac808e886ff032700c391f45f1408b2538c",
"build_date" : "2023-10-11T22:04:35.506990650Z",
"build_snapshot" : false,
"lucene_version" : "9.7.0",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}