我正在使用 Elastic 7.9.2 版本并希望使用安全性。所以我跑了:
bin/elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass ""
然后添加
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p1
在config/elasticsearch.yaml
现在当我运行 ES 时
bin/elasticsearch
出现以下错误:
"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials
for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-
8\""}}],"type":"security_exception","reason":"missing authentication credentials for REST
request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-
8\""}},"status":401}root@ip-localhost:/var/log/elasticsearch
任何人都可以帮忙吗!
elasticsearch kibana amazon-elastic-beanstalk elastic-stack elasticsearch-x-pack
我正在尝试根据此线程中的信息将iFrame中受密码保护的Kibana仪表板嵌入到我的Node驱动的Express应用程序中.Kibana使用X-Pack进行保护,并要求用户登录以查看其可视化数据.
这当前要求用户登录两次,一次登录应用程序并再次访问Kibana仪表板,这不是目标.
根据这个帖子中的信息,我实现了一些代码,这些代码在飞行前的POST请求https://elk-stack.my.domain:5601/api/security/v1/login中获取cookie
这个客户端请求......
function preFlightKibanaAuth () {
...
$.ajax({
type: 'POST',
url: '/kibana-auth',
datatype: 'json',
success: function (response) {
if (response && response.authenticated) {
$('iframe#kibana-dashboard').prop('src', 'https://elk-stack.my.domain:5601/s/spacename/app/kibana#/dashboards?_g=()')
}
},
error: function (err) {
console.log(err)
}
})
}
被路由到这条路线......
router
.route('/kibana-auth')
.post((req, res, next) => {
...
if (authorised) {
...
authenticateKibana(req)
.then(cookie => {
if (cookie && cookie.name && cookie.value) {
res.set('Set-Cookie', `${cookie.name}=${cookie.value}; Domain=my.domain; Path=/; Secure; HttpOnly`)
res.send({ 'authenticated': true })
} else {
res.send({ 'authenticated': …我正在尝试 x pack 中的新机器学习模块。我正在尝试及时识别 HTTP 访问日志中的罕见响应代码。我的日志存储在 elasticsearch 中,如下所示:
{
"_index": "logstash-2017.05.18",
"_type": "Accesslog",
"_id": "AVxvVfFGdMmRr-0X-J5P",
"_version": 1,
"_score": null,
"_source": {
"request": "/web/Q123/images/buttons/asdf.gif",
"server": "91",
"auth": "-",
"ident": "-",
"verb": "GET",
"type": "Accesslog",
"path": "/path/to/log",
"@timestamp": "2017-05-18T10:20:00.000Z",
"response": "304",
"clientip": "1.1.1.1",
"@version": "1",
"host": "ip-10-10-10-10",
"httpversion": "1.1",
"timestamp": "18/May/2017:10:20:00 +0530"
},
"fields": {
"@timestamp": [
1495102800000
]
}
我添加了一个检测器,我将函数选择为“罕见”,将 by_field_name 选择为“响应”。但是当我保存作业时,出现以下错误:
Save failed: [illegal_argument_exception] Can't merge a non object mapping [response] with an object mapping [response]
请帮忙。
我想问一下我如何才能启用身份验证(x-pack)。就我而言,我使用的是 elasticsearch v.6.2.4 的 docker 镜像。我的问题是 xpack 已安装,但它不要求提供凭据。
感谢您的帮助!
我知道在我的 kibana 中安装了 xpack,因此请在此处 输入图像描述
我正在创建一个应用程序,我需要为我的日志发送电子邮件警报.以下是创建观察者的输入:
PUT _xpack/watcher/watch/log_error_watch
{
"trigger" : {
"schedule" : { "interval" : "10s" }
},
"input" : {
"search" : {
"request" : {
"indices" : [ "testindexv4" ],
"body" : {
"query" : {
"match" : { "log_level": "ERROR" }
}
}
}
}
}
,
"actions" : {
"send_email" : {
"email" : {
"to" : "<mailId>@gmail.com",
"subject" : "Watcher Notification",
"body" : "error logs found"
}
}
}
}
这是elasticsearch.yml的配置
xpack.security.enabled: false
xpack.notification.email.account:
standard_account:
profile: standard
smtp: …我正在努力让 Docker LogStash 连接到 Docker ElasticSearch 并启用 xpack 安全性。
主要日志有:
logstash_1 | [2020-05-20T22:41:03,950][WARN ][deprecation.logstash.monitoringextension.pipelineregisterhook] Internal collectors option for Logstash monitoring is deprecated and targeted for removal in the next major version.
logstash_1 | Please configure Metricbeat to monitor Logstash. Documentation can be found at:
logstash_1 | https://www.elastic.co/guide/en/logstash/current/monitoring-with-metricbeat.html
logstash_1 | [2020-05-20T22:41:11,474][INFO ][logstash.licensechecker.licensereader] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elasticsearch:9200/]}}
logstash_1 | [2020-05-20T22:41:13,084][WARN ][logstash.licensechecker.licensereader] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://elasticsearch:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting …elasticsearch logstash docker docker-compose elasticsearch-x-pack
如何使用 docker elk 堆栈容器为 kibana gui 设置登录凭据。
必须在 docker-compose.yaml 文件中传递哪些参数和环境变量才能使其正常工作。
docker docker-compose docker-swarm elastic-stack elasticsearch-x-pack
我能够连接elasticsearch。但是,我无法在 5601 上访问 kibana。有人可以帮忙解决这个问题吗?提前致谢。
在 kibana.yml 文件中,我修改了 server.host 参数以指向我的域。
kibana.yml
server.port: 5601
server.host: "my_domain"
elasticsearch.hosts: ["http://my_domain:9200"]
Kibana 日志
{"type":"log","@timestamp":"2020-06-02T14:08:03Z","tags":["warning","plugins-discovery"],"pid":2844,"message":"Expect plugin \"id\" in camelCase, but found: apm_oss"}
{"type":"log","@timestamp":"2020-06-02T14:08:03Z","tags":["warning","plugins-discovery"],"pid":2844,"message":"Expect plugin \"id\" in camelCase, but found: file_upload"}
{"type":"log","@timestamp":"2020-06-02T14:08:03Z","tags":["warning","plugins-discovery"],"pid":2844,"message":"Expect plugin \"id\" in camelCase, but found: triggers_actions_ui"}
{"type":"log","@timestamp":"2020-06-02T14:08:09Z","tags":["info","plugins-service"],"pid":2844,"message":"Plugin \"infra\" has been disabled since some of its direct or transitive dependencies are missing or disabled."}
{"type":"log","@timestamp":"2020-06-02T14:08:27Z","tags":["warning","plugins-discovery"],"pid":2941,"message":"Expect plugin \"id\" in camelCase, but found: apm_oss"}
{"type":"log","@timestamp":"2020-06-02T14:08:27Z","tags":["warning","plugins-discovery"],"pid":2941,"message":"Expect plugin \"id\" in camelCase, …我在 Kubernetes 集群上运行了一个 ELK 堆栈,并启用了安全性。一切都运行良好,我能够将数据推送到索引。以管理员用户身份登录 Kibana 后,我“发现”它要求我创建一个索引模式。所以我有一些 metricbeat 数据,我创建了一个模式并保存了它。但是当我回去发现时,它提示我再次创建索引模式!
我在 Kibana/Elastic pods 中没有发现任何错误
真的很感激任何指点
弹性搜索版本:7.10.1
我正在测试ODFE(目前为0.9版),但我发现缺少xpack功能令人讨厌。是否可以在ODFE上激活其中一些(当然是免费的)?例如,我非常感谢监控部分或ILM API。Kibana对ODFE感到有点空:(
我进行了一些搜索,但是由于许多版本xpack不再是插件而是内置的,但是在ODFE中找不到xpack的痕迹。
有什么好的替代品或安装方法吗?
干杯,
elasticsearch kibana elasticsearch-x-pack elasticsearch-opendistro