Unable to access monitoring tab in Kibana

Hy

I try to combined SearchGuard with X-Pack Monitoring Basic Edition

Everyting are well expect when I go to Kibana with the built-in admin user:

    You are not authorized to access Monitoring. To use Monitoring, you

need the privileges granted by both the kibana_user and
monitoring_user roles.

The ES metric collection works, I can see it as

both

.monitoring-es-6-yyyy.MM.dd

and

.monitoring-kibana-6-yyyy.MM.dd

get documents

What role to set for the built-in admin in SG?

Thanks

Jozsef

The admin user has all permissions on all indices, so you should be able to use monitoring with this user without any problem. If you try to access monitoring and the error message appears, what error message do you see in the elasticsearch logs? Can you post the logfile?

If you use SG6, the monitoring user needs the following two roles:

  • sg_kibana_user

  • sg_xp_monitoring

But like I said, the admin user should work as well.

···

On Friday, December 29, 2017 at 1:41:11 PM UTC+1, Jozsef Basa wrote:

Hy

I try to combined SearchGuard with X-Pack Monitoring Basic Edition

Everyting are well expect when I go to Kibana with the built-in admin user:

    You are not authorized to access Monitoring. To use Monitoring, you

need the privileges granted by both the kibana_user and
monitoring_user roles.

The ES metric collection works, I can see it as

both

.monitoring-es-6-yyyy.MM.dd

and

.monitoring-kibana-6-yyyy.MM.dd

get documents

What role to set for the built-in admin in SG?

Thanks

Jozsef

Hi Jochen,

Happy New Year!!!

Please help me otherwise I go mad :slight_smile:

I attached the es log

and kibana log:

{“type”:“response”,"@timestamp":“2018-01-03T06:37:11Z”,“tags”:,“pid”:28407,“method”:“post”,“statusCode”:403,“req”:{“url”:"/api/monitoring/v1/clusters",“method”:“post”,“headers”:{“host”:“new-elastic-act4:5601”,“user-agent”:“Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0”,“accept”:“application/json, text/plain, /”,“accept-language”:“hu-HU,hu;q=0.8,en-US;q=0.5,en;q=0.3”,“accept-encoding”:“gzip, deflate”,“referer”:“http://new-elastic-act4:5601/app/monitoring",“content-type”:“application/json;charset=utf-8”,“kbn-version”:“5.6.2”,“content-length”:“81”,“connection”:“keep-alive”},“remoteAddress”:“10.112.236.64”,“userAgent”:“10.112.236.64”,“referer”:“http://new-elastic-act4:5601/app/monitoring”},“res”:{“statusCode”:403,“responseTime”:14,“contentLength”:9},“message”:"POST /api/monitoring/v1/clusters 403 14ms - 9.0B”}
{“type”:“request”,"@timestamp":“2018-01-03T06:37:14Z”,“tags”:[“monitoring-ui”,“error”],“pid”:28407,“level”:“error”,“message”:“Authentication Exception”,“error”:{“message”:“Authentication Exception”,“name”:“Error”,“stack”:“Authentication Exception :: {“path”:”/.monitoring-es-2-%2C.monitoring-es-6-/_search",“query”:{“filter_path”:“hits.hits._source.cluster_uuid,hits.hits._source.cluster_name,hits.hits._source.version,hits.hits._source.license,hits.hits._source.cluster_stats,hits.hits._source.cluster_state”},“body”:"{\“size\”:10000,\“query\”:{\“bool\”:{\“filter\”:[{\“bool\”:{\“should\”:[{\“term\”:{\"_type\":\“cluster_stats\”}},{\“term\”:{\“type\”:\“cluster_stats\”}}]}},{\“range\”:{\“timestamp\”:{\“format\”:\“epoch_millis\”,\“gte\”:1514957834822,\“lte\”:1514961434822}}}]}},\“collapse\”:{\“field\”:\“cluster_uuid\”},\“sort\”:{\“timestamp\”:{\“order\”:\“desc\”}}}",“statusCode”:401,“response”:“Unauthorized”,“wwwAuthenticateDirective”:“Basic realm=\“Search Guard\””}\n at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:295:15)\n at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:254:7)\n at HttpConnector. (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)\n at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)\n at emitNone (events.js:91:20)\n at IncomingMessage.emit (events.js:185:7)\n at endReadableNT (_stream_readable.js:974:12)\n at _combinedTickCallback (internal/process/next_tick.js:80:11)\n at process._tickDomainCallback (internal/process/next_tick.js:128:9)"}}
{“type”:“response”,"@timestamp":“2018-01-03T06:37:14Z”,“tags”:,“pid”:28407,“method”:“post”,“statusCode”:403,“req”:{“url”:"/api/monitoring/v1/clusters",“method”:“post”,“headers”:{“host”:“new-elastic-act4:5601”,“user-agent”:“Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0”,“accept”:“application/json, text/plain, /”,“accept-language”:“hu-HU,hu;q=0.8,en-US;q=0.5,en;q=0.3”,“accept-encoding”:“gzip, deflate”,“referer”:“http://new-elastic-act4:5601/app/monitoring",“content-type”:“application/json;charset=utf-8”,“kbn-version”:“5.6.2”,“content-length”:“81”,“connection”:“keep-alive”},“remoteAddress”:“10.112.236.64”,“userAgent”:“10.112.236.64”,“referer”:“http://new-elastic-act4:5601/app/monitoring”},“res”:{“statusCode”:403,“responseTime”:12,“contentLength”:9},“message”:"POST /api/monitoring/v1/clusters 403 12ms - 9.0B”}

Best Regards

new-act-elastic.7z (152 KB)