Thank you for the great tuto. Appreciated. Subscribed! Can you also check for the newest version of Elasticsearch with new features like AI. Since there are alot of changes with Elastic 8. it is good idea to stick to the newer version. Maybe, it will be also great idea to use fleet and elastic agents instead of beats. I will wait your great contents. Have a lovely day.
I get an error: [WARN ][logstash.outputs.elasticsearch][test] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"elastic:xxxxxx@ipad:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [elastic:xxxxxx@ipad:9200/][Manticore::SocketException] Connection refused (Connection refused)"}
Hello excellent presentation indeed!!!!!!! ;). Just two questions that really confuse me... 1st) Why you configure kibana only on node3 and not on nodes 1 and 2 as well? 2nd) Why you put elasticsearch.ssl.verificationMode: none in the kibana yaml file of node 3. Shouldn't it be like : elasticsearch.ssl.verificationMode: full so that you set up mutual tls security between kibana and elasticsearch? Thank you a lot. Excellent video really!!!!
Thank you for your questions @Alezi8 1. For the purpose of the video I think that it’s enough for Kibana to be installed on one of the nodes doesn’t matter on which one, of course you can install it on a different VM... Decision is yours. 2) When Kibana is installed on the same node like 3th node of the elasticsearch cluster you only need the password for the elasticsearch user to make it functional because it connects via localhost, again this is for the purpose of the video and I don’t wanted to complicate it, of course you are right about possibility to secure connection between elasticsearch and kibana and of course if you have production environment it’s a must but here things are explained as simple as I can explain them, so that’s it :) Cheers!
Thank you for this video @HRISTONESTOROV. I have a question about the vagrant file zip archive: what is the password of crypted files (elastic, kibana and vagrantfile) ? Thanks
Hristo, These are great video's thank you! We have a 3 node cluster set up on prem with log data loaded with a basic license. We had a consultant set up the cluster and some of these things weren't configured. The SIEM tab returns "set up detections". I am guessing that we need to enable TLS/HTTPS for the cluster, and add the pack encryption key? The doc is kind of choppy and I can't determine if the tab function will be enabled after we add the SSL? Do we also need the API keys set up?
@@nbglink thanks for the reply. had some issues about the certification with the ca.crt ,ca.key and instances.crt and instances.key but now it has been resolved . this video is very helpful
After the configuration changes I started running the password command and getting the below error. Could you please help on that? ./elasticsearch-setup-passwords auto Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user. The passwords will be randomly generated and printed to the console. Please confirm that you would like to continue [y/N]y Unexpected response code [403] from calling PUT x.x.x.x:9200/_security/user/apm_system/_password?pretty Cause: index [.security-7] blocked by: [FORBIDDEN/12/index read-only / allow delete (api)]; Possible next steps: * Try running this tool again. * Try running with the --verbose parameter for additional messages. * Check the elasticsearch logs for additional error details. * Use the change password API manually. ERROR: Failed to set password for user [apm_system].
Try to use interactive passwords and tell me what is happening. Make sure that you doing the steps one by one exactly how they are on the video. I am sure that if you do it you will not have any problem.
Something else, when you are using “automatic passwords” make sure that you provide automatically generated passwords in appropriate places like elasticsearch.yml, kinana.yml and testpipe.conf files
I don't use elasticsearch for this type of cases, but a quick search in google take me to this www.elastic.co/guide/en/logstash/current/plugins-inputs-tcp.html
Try this article - blogs.mulesoft.com/dev-guides/how-to-tutorials/externalize-logs-to-the-elastic-stack/ And if you have questions reach me by the channels provided in the description.
@@nbglink thank u so much for the quick reply, I have some more doubts, sry I could not find the source to reach out you in the description, can u plz mention here, so that I can send my query to you. Thank in advance 😊
thanks you.
amazing tutorial. Complete and understandable.
Thank you!
Why can't Elastic themselves give instructions as good as yours? Thank you!
Excuse me, for which version of elasticsearch does it work?
7.10 I think that there is no so much changes in the newer versions
Thank you for the great tuto. Appreciated. Subscribed! Can you also check for the newest version of Elasticsearch with new features like AI. Since there are alot of changes with Elastic 8. it is good idea to stick to the newer version. Maybe, it will be also great idea to use fleet and elastic agents instead of beats. I will wait your great contents. Have a lovely day.
Wow! After searching and searching information I found your video, superb!
nice tutorial, can do a tutorial on enabling "Alerts and Actions"? tq
Can't open the file hn.zip
The password is 123
This was absolutely amazing! GOLD, subscribed. Great job.
I am glad that helped :)
if I don't have Elasticsearch in etc. directory, how should I continue?
I can't understand your question... You have to have elastic installed on the machine
Excelente guía, muchas gracias desde Colombia.
thisss iss aamaazing
I get an error: [WARN ][logstash.outputs.elasticsearch][test] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"elastic:xxxxxx@ipad:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [elastic:xxxxxx@ipad:9200/][Manticore::SocketException] Connection refused (Connection refused)"}
Hello excellent presentation indeed!!!!!!! ;). Just two questions that really confuse me... 1st) Why you configure kibana only on node3 and not on nodes 1 and 2 as well? 2nd) Why you put elasticsearch.ssl.verificationMode: none in the kibana yaml file of node 3. Shouldn't it be like : elasticsearch.ssl.verificationMode: full so that you set up mutual tls security between kibana and elasticsearch? Thank you a lot. Excellent video really!!!!
Thank you for your questions @Alezi8
1. For the purpose of the video I think that it’s enough for Kibana to be installed on one of the nodes doesn’t matter on which one, of course you can install it on a different VM... Decision is yours.
2) When Kibana is installed on the same node like 3th node of the elasticsearch cluster you only need the password for the elasticsearch user to make it functional because it connects via localhost, again this is for the purpose of the video and I don’t wanted to complicate it, of course you are right about possibility to secure connection between elasticsearch and kibana and of course if you have production environment it’s a must but here things are explained as simple as I can explain them, so that’s it :) Cheers!
@@nbglink Thank you a lot for your quick and helpful reply. Best regards :)
that's was amazing man , you're the best thanks
How can we find the tls version is being used by the cluster.
www.elastic.co/guide/en/elasticsearch/reference/current/jdk-tls-versions.html - check this documentation by elastic
Hi,
Followed you steps. I am getting this error
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Thank you.!!!
What is the password for the hn.zip file?
The password is 123
If I want make https elasticsearch url then what steps I need to follow... Can you please help here?
You the best
once the elasticsearch is SSL enabled. what is the settings for winlogbeat?
I already have the same case. How did you resolve?
Thank you for this video @HRISTONESTOROV. I have a question about the vagrant file zip archive: what is the password of crypted files (elastic, kibana and vagrantfile) ? Thanks
The password is 123 from the suggested video in the beginning of this… ;)
buenas noches un favor, estaba instalando elastic search y kibana y me solicitan credenciales, existen algunas por defecto?
Hristo, These are great video's thank you! We have a 3 node cluster set up on prem with log data loaded with a basic license. We had a consultant set up the cluster and some of these things weren't configured. The SIEM tab returns "set up detections". I am guessing that we need to enable TLS/HTTPS for the cluster, and add the pack encryption key? The doc is kind of choppy and I can't determine if the tab function will be enabled after we add the SSL? Do we also need the API keys set up?
hey Heisto,
can we setup https on a windows machine on the basic version
Yes I think that there is no problem for that. :)
@@nbglink thanks for the reply. had some issues about the certification with the ca.crt ,ca.key and instances.crt and instances.key
but now it has been resolved .
this video is very helpful
Hi Hristo, nice work ! Please, do you have a community channel ? Even if it’s a paid one ? Thanks
I have membership plans, so if you’re a member I can support you depending on the membership level :)
in windows the same?
Identical
After the configuration changes I started running the password command and getting the below error. Could you please help on that?
./elasticsearch-setup-passwords auto
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y
Unexpected response code [403] from calling PUT x.x.x.x:9200/_security/user/apm_system/_password?pretty
Cause: index [.security-7] blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];
Possible next steps:
* Try running this tool again.
* Try running with the --verbose parameter for additional messages.
* Check the elasticsearch logs for additional error details.
* Use the change password API manually.
ERROR: Failed to set password for user [apm_system].
Try to use interactive passwords and tell me what is happening. Make sure that you doing the steps one by one exactly how they are on the video. I am sure that if you do it you will not have any problem.
Something else, when you are using “automatic passwords” make sure that you provide automatically generated passwords in appropriate places like elasticsearch.yml, kinana.yml and testpipe.conf files
Expected one .
How do we config logstash input with TCP ( in case my client as rsyslog need to Parse with ssl certificate) ?
I don't use elasticsearch for this type of cases, but a quick search in google take me to this www.elastic.co/guide/en/logstash/current/plugins-inputs-tcp.html
Https error
Try again following the video step-by-step :)
Very helpful Video... thanks a lot..
Can u please help me with parsing mulesoft logs in logstash. I am unable to do it
Try this article - blogs.mulesoft.com/dev-guides/how-to-tutorials/externalize-logs-to-the-elastic-stack/ And if you have questions reach me by the channels provided in the description.
@@nbglink thank u so much for the quick reply, I have some more doubts, sry I could not find the source to reach out you in the description, can u plz mention here, so that I can send my query to you. Thank in advance 😊
@@vinnuoddy I have written my social accounts in the description below the video, try them.
@@nbglink sure thank you, I will reach out u 😊
what is the password?
latest