I've been troubleshooting a Kibana issue for a several hours now and I'm at a dead end.
Kibana is not running. When I go to start Kibana, it looks like it does, if I systemctl status kibana it will say running for a few seconds but then if I run it again, it says failed.
I will include my config files below, for reference.
kibana.yml
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["https://0.0.0.0:9200"]
logging:
appenders:
file:
type: file
fileName: /var/log/kibana/kibana.log
layout:
type: json
root:
appenders:
- default
- file
pid.file: /run/kibana/kibana.pid
xpack.encryptedSavedObjects.encryptionKey: mykey
xpack.reporting.encryptionKey: mykey
xpack.security.encryptionKey: mykey
elasticsearch.hosts: ['https://192.168.253.6:9200']
elasticsearch.serviceAccountToken: mytoken
elasticsearch.ssl.certificateAuthorities: [/var/lib/kibana/ca_1680987510447.crt]
xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://192.168.253.6:9200'], ca_trusted_fingerprint: ec46451962624a>
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/kibana-server.crt
server.ssl.key: /etc/kibana/kibana-server.key
server.publicBaseUrl: "https://192.168.253.6:5601"
elasticsearch.yml
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
#cluster.initial_master_nodes: ["kali-purple.localdomain"]
http.host: 0.0.0.0
discovery.type: single-node
metricbeat.yml
metricbeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 1
index.codec: best_compression
setup.kibana:
host: "https://192.168.253.6"
setup.kibana.ssl.enabled: true
ssl.certificate_authorities: ["/etc/kibana/kibana-server_ca.crt"]
setup.kibana.ssl.certificate: "/etc/kibana/kibana-server.crt"
setup.kibana.ssl.key: "/etc/kibana/kibana-server.key"
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["https://192.168.253.6"]
username: "elastic"
password: "mypass"
ssl.ca_trusted_fingerprint: myfingerprint
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
/etc/hosts
/etc/hosts
127.0.0.1 localhost
192.168.253.6 kali-purple.localdomain kali-purple
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
rough tail output of kibana.log
"X-Pack Monitoring Cluster Alerts will not be available: connect ECONNREFUSED 192.168.253.6:9200"
"Kibana is now unavailable (was critical)"
"Starting monitoring stats collection"
"Kibana is now available (was unavailable)"
"Fleet Usage: {\"agents_enabled\":true,\"agents\":{\"total_enrolled\":1,\"healthy\...
"Stopping all plugins."
"Monitoring stats collection is stopped",
"Unable to retrieve version information from Elasticsearch nodes. connect ECONNREFUSED 192.168.253.6:9200"
"error writing bulk events: \"connect ECONNREFUSED 192.168.253.6:9200\"
I can include any additionally needed info; I thought this was the most pertinent for now. Would really appreciate any insight or pointers.