Is there a way to write an Elastic Agent policy *with* integrations in a file ahead of time instead of using Kibana? I found an Stack OverFlow post mentioning a GitHub Issue, but it seems the conversation has gone stale: https://github.com/elastic/kibana/issues/88956 submitted by /u/cyberphor [visit reddit] [comments ..read more

The error Unable to retrieve version information from Elasticsearch nodes. security_exception: unable to authenticate user [kibana_system] for REST request I googled this and found as many noobs as myself with this error. None of their fixes worked for me. I haven't set up an ELK stack in over two years and feel like a caveman now. I can curl with my ca cert and creds to the cluster. I can get information and even create users. I can't however get Kibana to connect to elasticsearch. Can you provide me with some direction? Elasticsearch seems happy and fine. Kibana is running but reads "Kibana ..read more

I'm trying to create a rest api so fetch all data from my elastic index, which are products, so that they can be loaded on a webpage. I'm using Elasticsearch .NET api for elastic 8.x, but the docs are very limited. I'm able to get 1 product on id, but it's too hard for me to make it fetch all products. Can anyone point me to a repo that solves this issue with the new .NET client and not NEST. If you dont know about .NET, maybe you have it in another language? It's important that it works with elastic 8.13.2. repo for my elastic .net client app: https://github.com/OnlineShoppen-dk/catalog-serv ..read more

Hello Everyone, I'm currently planning the deployment of Elasticsearch for a production environment and I’m looking for suggestions on the best deployment method. The requirement is for a 500 TB dataset with 300 users. We are deciding between installing on bare metal servers, using Docker, or Kubernetes. We want to ensure stability, scalability, and ease of management. Deployment Options: 1. Bare Metal Servers: Pros: Direct hardware access, potentially maximizing performance. Greater control over the environment. No overhead from virtualization. Cons: Manual scaling and maintenance. Lack ..read more

I am using kibana 7.10, In my kibana.yml, this is mentioned: opendistro_security_session.ttl: 60000 // smaller value for testing Now after the said time of inactivity I want kibana to autologout but what's happening is, I have to click a button or refresh or do anything that updates the state and then it logs out. Basically I have to interact with kibana then it logs out. Is there any fix for this. Thank you. submitted by /u/satyamnoob [visit reddit] [comments ..read more

How can a company utilize Elasticsearch and Kibana? Are they still open-source, or do we need to engage with Elastic before implementation? - What about patching/upgrade and disaster recovery? submitted by /u/Sufficient_Exam_2104 [visit reddit] [comments ..read more

I've elastic before for log processing, and I thought I'd spin up an instance to try ingesting some netflow data. Stock ubuntu OS. Elastic, Kibana and Elastic-Agent running 8.13.2. Everything works fine, except my source and destination IPs from netflow (be it v5,v9 or ipfix, Cisco or junos) get parsed as arrays rather than Ip addresses, which completely screws things up. I've followed the docs to the letter. What am I doing wrong here? https://preview.redd.it/zoezlf5f3nvc1.png?width=1694&format=png&auto=webp&s=8a03bcb3df7a38987db6a4e18d92764737be54f8 ​ submitted by /u/dsdhall [v ..read more

Hi All I've been using Heartbeat for a long time, to monitor a pings and webpage response times, exporting the data to file, which is then picked up and shipped elsewhere. I'm looking to upgrade from v7 to v8, and suddenly most of the data is no longer written to file - I'm aware that they changed the file naming scheme and a few other minor bits, but I'm noticing things like the monitor name is no longer included The monitor tags are missing etc.. Events seem to be getting logged seperately, for example an entry for the "Start" of the monitor, then another for the "End" Has anybody else co ..read more

Hello Gurus, This might be a rudimentary question, and I believe I'm missing something trivial here, but unable to figure it out. I'm trying to use an ingestion pipeline that would perform the following: If the field IP_ADDR is a valid IP address, then use IP2Geo processor However, if the field contains values such as "" or " " or "-" then I want a new field say ERR_MSG to be created and have value IP addr not found But, let's say if the field contains a malformed input such as "1.1.1.1.1.1.1.1.1" or "1.1.............1.1.1" then I want the default error handler for service to run ..read more

So my manager suddenly assigned me to build and setup Elasticsearch, logstash and Kibana and fluentd. The idea is 6 servers will have fluentd to send logs to logstash (7th server) then logstash will receive it then visualize it in kibana. The problem is I have no prior experience whatsoever in infra. All this is in development environment. Mind you that I’m a newly hire here at 8 months and I’m just astounded that I have been assigned a stack that I have never heard of before. My main job is supposed to be testing and web frontend but the management is just all over the place ? I’ve been stuc ..read more