Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    khawlamakhzoumi
    @khawlamakhzoumi
    yees inside elasticsearch
    Antoine Cotten
    @antoineco
    Yes, how?
    Could you describe the procedure? Because right now I'm not sure what you're referring to.
    khawlamakhzoumi
    @khawlamakhzoumi
    add data to kibana---metrics----MYSQL metrics after that i look to discover the dashboard is empty
    didn't understand whyy
    khawlamakhzoumi
    @khawlamakhzoumi

    Error in visualization

    [tsvb] > Unauthorized

    Antoine Cotten
    @antoineco
    image.png
    Here?
    khawlamakhzoumi
    @khawlamakhzoumi
    yeees
    i configure it with metricbeat and filebeat
    Antoine Cotten
    @antoineco
    image.png
    The description says it works with the Elastic Agent, not with Beats.
    image.png
    However, there is this little panel on the right side that shows you how to configure it with Beats.
    image.png
    Or are you referring to those two?
    2 replies
    i find this in the documentation
    i didn't find the configuration with beats
    Antoine Cotten
    @antoineco
    That is Beats, Metricbeat more specifically.
    If you don't see any data, I suspect that the agent isn't configured correctly.
    Could you please share your Metricbeat config? Or did you already validate that data was being ingested into Elasticsearch?
    MySickSi
    @MySickSi
    Im trying to run docker-elk but logstast does not start
    Attaching to docker-elk_elasticsearch_1, docker-elk_setup_1, docker-elk_logstash_1, docker-elk_kibana_1
    setup_1 | -------- Sat May 21 02:17:26 UTC 2022 --------
    setup_1 | [+] State file exists at '//state/.done', skipping setup
    logstash_1 | 2022/05/21 02:17:28 error: yaml: line 8: could not find expected ':'
    docker-elk_setup_1 exited with code 0
    docker-elk_logstash_1 exited with code 1
    Does anyone know which yml file to check?
    Antoine Cotten
    @antoineco
    @MySickSi logstash/config/logstash.yml most likely.
    MySickSi
    @MySickSi
    @antoineco Hi Antonie, yep that fixed it. I checked your file on github vs mine and forgot I tried to add the syslog plugin. Still fairly new to ELK. Thanks again for your help! Danke!
    Abdulkareem Aldeek
    @DeekCS
    Hello All , I'm new at elastic search , I'm asking about how could I get the data from MySQL to ES using the docker file
    Tyson
    @LongTaiJun
    Is there a yml file for swarm multi-node startup? who can share this file ,thinks~
    Antoine Cotten
    @antoineco
    @LongTaiJun we used to have one at https://github.com/deviantony/docker-elk/blob/641290c2/docker-stack.yml, in case you want to take a look.
    We eventually removed it from the repository because running the Elastic stack in Swarm and with Compose aren't exactly the same thing. Docker-ELK builds its own images locally and mounts its configuration from the local filesystem. Both of these can't be achieved on Swarm, so we would have to maintain two totally different approaches.
    Tyson
    @LongTaiJun
    ok, thinks
    Tyson
    @LongTaiJun
    I see it is a server runing ,Is there a case with three servers running
    Tyson
    @LongTaiJun
    Shailendra Singh
    @ishailendra

    Hi All,
    I am getting this error on starting the docker container, i am using the template code as it is and hasn't made much changes. From the error it seems the creds are wrong but I havent change the default values as there in the template. I am new to ELK so i am not able to figure out the problem.

    [2022-06-13T11:02:06,434][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"http://logstash_internal:xxxxxx@elasticsearch:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'"}

    Please find the logstash.conf file for my code at: -
    https://github.com/ishailendra/logstash

    Antoine Cotten
    @antoineco
    @ishailendra what does docker-compose up setup print?
    Shailendra Singh
    @ishailendra
    @antoineco i have attached the container respective logs in the git link
    https://github.com/ishailendra/logstash
    Antoine Cotten
    @antoineco
    @ishailendra I can't see the logs for the setup container, only Elasticsearch, Kibana and Logstash. Did I look in the wrong place?
    Shailendra Singh
    @ishailendra
    @antoineco seems like something went wrong while uploading the files. I have added the setup log file in the git.
    https://github.com/ishailendra/logstash
    Antoine Cotten
    @antoineco
    @ishailendra looks like the setup hasn't been run before. According to the logs it initialized users properly, so everything should work now.
    Shailendra Singh
    @ishailendra
    thanks a lot @antoineco , its working now, seems like setup was initially not working; (maybe my system issue)
    Antoine Cotten
    @antoineco
    Perfect! :ok_hand:
    Guruleenyc
    @Guruleenyc
    Hi all! I just stood up this docker container stack using docker-compose 1.29.2 and after bringing up the containers, I am seeing Kibana not able to auth with default creds. I did not try generating new passwords yet.
    {"@timestamp":"2022-07-27T16:48:38.723Z", "log.level": "INFO", "message":"Authentication of [kibana_system] was terminated by realm [reserved] - failed to authenticate user [kibana_system]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[a5d21186f755][system_critical_read][T#2]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","trace.id":"d08491d9cce982e117ef6b446f98cffe","elasticsearch.cluster.uuid":"C1ZgZ2JnQCeJ3WCr9NQpWw","elasticsearch.node.id":"VfuMZPAUQpO73HBRpyqliw","elasticsearch.node.name":"a5d21186f755","elasticsearch.cluster.name":"docker-cluster"}
    Guruleenyc
    @Guruleenyc
    When I try to generate a new password for the kibana_system, I get:
    root@elk:/home/lseeman/docker-elk# /usr/local/bin/docker-compose exec elasticsearch bin/elasticsearch-reset-password --batch --user kibana_system
    WARNING: Owner of file [/usr/share/elasticsearch/config/users] used to be [root], but now is [elasticsearch]
    WARNING: Owner of file [/usr/share/elasticsearch/config/users_roles] used to be [root], but now is [elasticsearch]
    17:25:10.128 [main] WARN org.elasticsearch.common.ssl.DiagnosticTrustManager - failed to establish trust with server at ...
    Antoine Cotten
    @antoineco
    @Guruleenyc what is the output of docker-compose logs setup?
    16 replies
    And if you switched branch, e.g. between main and ssl, did you follow the docs and run docker-compose build after each change? (ignore this if you didn't switch branch, but it can't hurt to run that command anyway)
    Shailendra Singh
    @ishailendra

    Hi Everyone,
    I am trying to deploy ELK on azure container instance, over there while deployment its giving error for environment variable discovery.type: single-node; as it doesn't fit the naming convention.

    Code: InvalidContainerEnvironmentVariable Message: The environment variable name in container 'elasticsearch' of container group 'logwatcher' is invalid. A valid environment variable name must start with alphabetic character or '_', followed by a string of alphanumeric characters or '_' (e.g. 'my_name', or 'MY_NAME', or 'MyName').

    Any idea how to resolve this? Or can i set the discovery.type:single-node directly in some config file for elasticsearch?

    2 replies
    Shailendra Singh
    @ishailendra
    hi everyone, does the username 'elastic' and password 'changeme' only works on local? I am trying to use the same creds while running it on azure vm and i have not changed the creds in .env file but still getting error username or password incorrect
    Antoine Cotten
    @antoineco
    @ishailendra if your Compose version is lower than 1.26.0 your password will contain quotes. 'changeme' instead of changeme. This is mentioned with a warning sign in the README.
    1 reply
    Ismail Yushaw
    @iyushaw
    hello
    I have an issue with the ELK Docker script... I cant seem to find the kibana username and password
    @ishailendra thanks for the support