Kibana unable to connect to Elasticsearch

sg: 6.2.2 ; elasticsearch: 6.2.2 ; kibana: 6.2.2 ; debian 9.4 ; jvm 8

elasticsearch.yml, kibana.yml and the .pem file for the vm running kibana attached

no other elasticsearch or kibana plugins are installed

Hi,

I am trying to implement searchguard in an elasticsearch-cluster of three data nodes and one client-only node that also runs kibana and nginx as a proxy to kibana.

With my current configuration I was able to use sgadmin to build the initial searchguard index, so the elasticsearch communication between all the nodes seems to work.

However - Kibana, for some reason, won’t connect to the cluster. This is the message on kibana webfrontend.

plugin:elasticsearch@6.2.2
Unable to connect to Elasticsearch at https://localhost:9200.

The kibana service reports:

Apr 03 08:53:52 kibana-1 kibana[25456]: {“type”:“log”,"@timestamp":“2018-04-03T08:53:52Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:25456,“message”:“Unable to revive connection: https://localhost:9200/”}

The issue seems to be related to the searchguard configuration on my nodes or the certificates I generated, I can’t really tell what exactly it is and how to fix it though.

I am using the community version. Will it be possible to use the searchguard plugin for kibana without an enterprise license?

Because according to a previous post the configuration GUI for kibana is a commercial-only feature.

I’d really appreciate any help I can get as I’ve been a little stuck on this for a while.

kibana.yml (4.68 KB)

kibana-1.pem (2.13 KB)

elasticsearch.yml (13 KB)

I guess these entries here maybe cause the problem:

elasticsearch.ssl.certificate: /etc/kibana/certs/kibana-1.pem

elasticsearch.ssl.key: /etc/kibana/certs/kibana-1_key.pem

If you set this, Kibana will add this certificate to all requests to Elasticsearch. Can you first try to remove these entries and check if the error persists?

Also, is there anything in the Elasticsearch logfiles?

···

On Tuesday, April 3, 2018 at 11:22:20 AM UTC+2, Lukas Schauhuber wrote:

sg: 6.2.2 ; elasticsearch: 6.2.2 ; kibana: 6.2.2 ; debian 9.4 ; jvm 8

elasticsearch.yml, kibana.yml and the .pem file for the vm running kibana attached

no other elasticsearch or kibana plugins are installed

Hi,

I am trying to implement searchguard in an elasticsearch-cluster of three data nodes and one client-only node that also runs kibana and nginx as a proxy to kibana.

With my current configuration I was able to use sgadmin to build the initial searchguard index, so the elasticsearch communication between all the nodes seems to work.

However - Kibana, for some reason, won’t connect to the cluster. This is the message on kibana webfrontend.

plugin:elasticsearch@6.2.2
Unable to connect to Elasticsearch at https://localhost:9200.

The kibana service reports:

Apr 03 08:53:52 kibana-1 kibana[25456]: {“type”:“log”,"@timestamp":“2018-04-03T08:53:52Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:25456,“message”:“Unable to revive connection: https://localhost:9200/”}

The issue seems to be related to the searchguard configuration on my nodes or the certificates I generated, I can’t really tell what exactly it is and how to fix it though.

I am using the community version. Will it be possible to use the searchguard plugin for kibana without an enterprise license?

Because according to a previous post the configuration GUI for kibana is a commercial-only feature.

I’d really appreciate any help I can get as I’ve been a little stuck on this for a while.

After commenting these entries out it still wasn’t working.
Running netstat I also noticed that my server was listening to Port 9200/9300 but only from it’s IP while kibana was accessing elasticsearch with it’s loopback address, so I went ahead and changed network.host and transport.host in the elasticsearch.yml on my kibana node to something more generic. That did the trick.

Thanks a bunch for your assistance. I’m happy now.

···

Am Dienstag, 3. April 2018 23:59:42 UTC+2 schrieb Jochen Kressin:

I guess these entries here maybe cause the problem:

elasticsearch.ssl.certificate: /etc/kibana/certs/kibana-1.pem

elasticsearch.ssl.key: /etc/kibana/certs/kibana-1_key.pem

If you set this, Kibana will add this certificate to all requests to Elasticsearch. Can you first try to remove these entries and check if the error persists?

Also, is there anything in the Elasticsearch logfiles?

On Tuesday, April 3, 2018 at 11:22:20 AM UTC+2, Lukas Schauhuber wrote:

sg: 6.2.2 ; elasticsearch: 6.2.2 ; kibana: 6.2.2 ; debian 9.4 ; jvm 8

elasticsearch.yml, kibana.yml and the .pem file for the vm running kibana attached

no other elasticsearch or kibana plugins are installed

Hi,

I am trying to implement searchguard in an elasticsearch-cluster of three data nodes and one client-only node that also runs kibana and nginx as a proxy to kibana.

With my current configuration I was able to use sgadmin to build the initial searchguard index, so the elasticsearch communication between all the nodes seems to work.

However - Kibana, for some reason, won’t connect to the cluster. This is the message on kibana webfrontend.

plugin:elasticsearch@6.2.2
Unable to connect to Elasticsearch at https://localhost:9200.

The kibana service reports:

Apr 03 08:53:52 kibana-1 kibana[25456]: {“type”:“log”,"@timestamp":“2018-04-03T08:53:52Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:25456,“message”:“Unable to revive connection: https://localhost:9200/”}

The issue seems to be related to the searchguard configuration on my nodes or the certificates I generated, I can’t really tell what exactly it is and how to fix it though.

I am using the community version. Will it be possible to use the searchguard plugin for kibana without an enterprise license?

Because according to a previous post the configuration GUI for kibana is a commercial-only feature.

I’d really appreciate any help I can get as I’ve been a little stuck on this for a while.

:slight_smile: Glad it worked. Guess we should extend the docs a bit and cover the network settings as well.

···

On Wednesday, April 4, 2018 at 5:04:28 PM UTC+2, Lukas Schauhuber wrote:

After commenting these entries out it still wasn’t working.
Running netstat I also noticed that my server was listening to Port 9200/9300 but only from it’s IP while kibana was accessing elasticsearch with it’s loopback address, so I went ahead and changed network.host and transport.host in the elasticsearch.yml on my kibana node to something more generic. That did the trick.

Thanks a bunch for your assistance. I’m happy now.

Am Dienstag, 3. April 2018 23:59:42 UTC+2 schrieb Jochen Kressin:

I guess these entries here maybe cause the problem:

elasticsearch.ssl.certificate: /etc/kibana/certs/kibana-1.pem

elasticsearch.ssl.key: /etc/kibana/certs/kibana-1_key.pem

If you set this, Kibana will add this certificate to all requests to Elasticsearch. Can you first try to remove these entries and check if the error persists?

Also, is there anything in the Elasticsearch logfiles?

On Tuesday, April 3, 2018 at 11:22:20 AM UTC+2, Lukas Schauhuber wrote:

sg: 6.2.2 ; elasticsearch: 6.2.2 ; kibana: 6.2.2 ; debian 9.4 ; jvm 8

elasticsearch.yml, kibana.yml and the .pem file for the vm running kibana attached

no other elasticsearch or kibana plugins are installed

Hi,

I am trying to implement searchguard in an elasticsearch-cluster of three data nodes and one client-only node that also runs kibana and nginx as a proxy to kibana.

With my current configuration I was able to use sgadmin to build the initial searchguard index, so the elasticsearch communication between all the nodes seems to work.

However - Kibana, for some reason, won’t connect to the cluster. This is the message on kibana webfrontend.

plugin:elasticsearch@6.2.2
Unable to connect to Elasticsearch at https://localhost:9200.

The kibana service reports:

Apr 03 08:53:52 kibana-1 kibana[25456]: {“type”:“log”,"@timestamp":“2018-04-03T08:53:52Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:25456,“message”:“Unable to revive connection: https://localhost:9200/”}

The issue seems to be related to the searchguard configuration on my nodes or the certificates I generated, I can’t really tell what exactly it is and how to fix it though.

I am using the community version. Will it be possible to use the searchguard plugin for kibana without an enterprise license?

Because according to a previous post the configuration GUI for kibana is a commercial-only feature.

I’d really appreciate any help I can get as I’ve been a little stuck on this for a while.