问题[elasticsearch](server)

我有一个配置了 calico 作为网络系统的 k8s 集群。我正在运行启用了安全性的 helm elastic/elasticsearch 和 elastic/kibana 的略微定制版本。为了安全起见，我使用 Let's Encrypt 证书。启动 kibana 时，与 elasticsearch 实例的连接失败并出现此错误

{"type":"log","@timestamp":"2021-06-01T13:09:55+00:00","tags":["debug","elasticsearch","query","data"],"pid":952,"message":"[ConnectionError]: unable to get issuer certificate"}

我可以通过在 kibana 中禁用证书验证来解决此问题。任何人都可以看到，为什么它会失败？

密钥库创建

cat cert1.pem > store.pem
cat privkey1.pem >> store.pem
cat chain1.pem >> store.pem
cat fullchain1.pem >> store.pem
openssl pkcs12 -export -in store.pem -out keystore.pkcs12

values_elastic.yaml

replicas: 1
minimumMasterNodes: 1

esConfig:
   elasticsearch.yml: |
     xpack.security.transport.ssl.enabled: true
     xpack.security.transport.ssl.verification_mode: certificate
     xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs-gen/keystore.pkcs12
     xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs-gen/keystore.pkcs12
     xpack.security.http.ssl.enabled: true
     xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs-gen/keystore.pkcs12
     xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs-gen/keystore.pkcs12
     xpack.security.enabled: true
extraEnvs:
  - name: ELASTIC_PASSWORD
    valueFrom:
      secretKeyRef:
        name: elastic-credentials
        key: password
  - name: ELASTIC_USERNAME
    valueFrom:
      secretKeyRef:
        name: elastic-credentials
        key: username
secretMounts:
  - name: elastic-certificates
    secretName: elastic-certificates
    path: /usr/share/elasticsearch/config/certs-gen/
protocol: https
service:
  labels: {}
  labelsHeadless: {}
  type: NodePort
  nodePort: 30001
  annotations: {}
  httpPortName: http
  transportPortName: transport
  loadBalancerIP: ""
  loadBalancerSourceRanges: []
  externalTrafficPolicy: ""
clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s"

values_kibana.yaml

elasticsearchHosts: "redacted its a TLD with appropriate port"

extraEnvs:
  - name: "NODE_OPTIONS"
    value: "--max-old-space-size=1800"
  - name: 'ELASTICSEARCH_USERNAME'
    valueFrom:
      secretKeyRef:
        name: elastic-credentials
        key: username
  - name: 'ELASTICSEARCH_PASSWORD'
    valueFrom:
      secretKeyRef:
        name: elastic-credentials
        key: password
  - name: 'KIBANA_ENCRYPTION_KEY'
    valueFrom:
      secretKeyRef:
        name: kibana
        key: encryptionkey
  - name: 'LOGGING_VERBOSE'
    value: "true"


secretMounts:
  - name: elastic-certificates
    secretName: elastic-certificates
    path: /usr/share/kibana/config/certs-gen/


kibanaConfig:
  kibana.yml: |
    server.ssl:
      enabled: true
      key: /usr/share/kibana/config/certs-gen/privkey1.pem
      certificate: /usr/share/kibana/config/certs-gen/fullchain1.pem
    elasticsearch.ssl:
      certificateAuthorities: /usr/share/kibana/config/certs-gen/fullchain1.pem
      verificationMode: certificate
    xpack.reporting.encryptionKey: ${KIBANA_ENCRYPTION_KEY}
    xpack.security.encryptionKey: ${KIBANA_ENCRYPTION_KEY}
    xpack.encryptedSavedObjects.encryptionKey: ${KIBANA_ENCRYPTION_KEY}

protocol: https

service:
  type: NodePort
  loadBalancerIP: ""
  port: 5601
  nodePort: 30002
  labels: {}
  annotations: {}
    # cloud.google.com/load-balancer-type: "Internal"
    # service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
    # service.beta.kubernetes.io/azure-load-balancer-internal: "true"
    # service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
    # service.beta.kubernetes.io/cce-load-balancer-internal-vpc: "true"
  loadBalancerSourceRanges: []
    # 0.0.0.0/0
  httpPortName: HTTP

kubectl 获取 pv,pvc,nodes,pods,svc

NAME                        CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                                                 STORAGECLASS   REASON   AGE
persistentvolume/elk-data   30Gi       RWO            Retain           Bound    default/elasticsearch-master-elasticsearch-master-0                           40m

NAME                                                                STATUS   VOLUME     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
persistentvolumeclaim/elasticsearch-master-elasticsearch-master-0   Bound    elk-data   30Gi       RWO                           32m

NAME                 STATUS   ROLES                  AGE   VERSION
node/kubeloadbalan   Ready    control-plane,master   28h   v1.21.1

NAME                                    READY   STATUS    RESTARTS   AGE
pod/elasticsearch-master-0              1/1     Running   0          13m
pod/kibana-kibana-7fdbd7c66d-bg5xb      0/1     Running   0          7m1s
pod/nginx-deployment-868c6bb874-tsbg4   1/1     Running   0          40m

NAME                                    TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                         AGE
service/elasticsearch-master            NodePort    10.97.47.66     <none>        9200:30001/TCP,9300:32185/TCP   13m
service/elasticsearch-master-headless   ClusterIP   None            <none>        9200/TCP,9300/TCP               13m
service/kibana-kibana                   NodePort    10.101.78.90    <none>        5601:30002/TCP                  7m1s
service/kubernetes                      ClusterIP   10.96.0.1       <none>        443/TCP                         28h
service/nginx-service                   NodePort    10.100.231.27   <none>        80:30000/TCP                    40m

从容器内部：

kubectl exec pod/kibana-kibana-7fdbd7c66d-bg5xb -it bash

curl -k -u redacted:redacted https://redacted:30001

{
  "name" : "elasticsearch-master-0",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "iXEuqB7iQ9abptIZ_Gp1yg",
  "version" : {
    "number" : "7.13.0",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "5ca8591c6fcdb1260ce95b08a8e023559635c6f3",
    "build_date" : "2021-05-19T22:22:26.081971330Z",
    "build_snapshot" : false,
    "lucene_version" : "8.8.2",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}


curl  -u redacted:redacted https://redacted:30001
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

这表明，即使 curl 也无法从容器内部验证合法性。这可能表明问题也出在 elasticsearch 上。由于详细程度增加，完整的 Kibana 日志完全是一团糟。我可以根据要求发布。

我为此沉迷了好几天。我筋疲力尽，不知道从哪里继续。

我一直在寻找几天来找到关于 Graylog/Elasticsearch 如何使用索引以及何时创建新索引的一个很好的解释。有很多关于分片索引的信息，但关于索引本身的信息并不多，除了它们是一组关于要保留多少数据以及如何管理它们的设置，但不是为什么。（或者在我看来）

背景：

我们将 Graylog 4.0 与 Elasticsearch 7.10 和 MongoDB 3 一起使用。

我们尝试集中来自 6 个仓库位置的日志（彼此相距数百公里）。每个都有 6 到 20 个 RFID 门，每个门都有日志。每个门都有连接到中央控制器中间件的连接器中间件，并且所有这些中间件都有日志。然后是自动化仓库“AWMS”的控制器、WMS服务器、ERP服务器及其前端。我们还考虑从运行这些服务的服务器的 Windows 事件日志中收集至少一些事件。

通常我们需要分析一个子系统中的问题，因此需要搜索其中一个日志。有时我们需要查看从 RFID 门到 AWMS、WMS 和 ERP 的整个流程。

目前，我考虑为每个日志创建一个流，并在搜索中使用相关的流。（或者这种方法是否已经存在缺陷，如果是，为什么？）

问题：

1. Graylog中设置的索引是否只是保留策略的设置？
2. 如果我有很多或几个索引，会有什么影响？
   • 在Elasticsearch Index Model中，听起来分片大小及其分布对搜索性能有主要影响，而索引只是管理分片的框架
3. 我的用例应该有多少个索引集？
   • 每个流多个？
   • 每个流一个？
   • 每个位置一个？
   • 每个子系统一个？
   • 每个保留时间或大小间隔一个？
   • 一个全球的？
   • 从性能的角度来看，这重要吗？
4. 我在哪里可以找到关于这些东西的更多信息，这解释了“为什么”，而不仅仅是“如何”来管理索引？（我一直在研究Graylog 索引模型、Elasticsearch 索引模型、Elasticsearch 索引模板）

根据 ElasticSearch 的 CLI 帮助，您可以在后台使用elasticsearch -d或启动 ElasticSearch elasticsearch --daemonize。这是我在本地一直使用的，因为它似乎需要更少的资源并且不需要保持终端打开。

但是如何使用 CLI停止守护进程呢？

我正在尝试向 Elastic.co 托管的 ElasticSearch 实例发出请求。我收到此错误：

AuthorizationException(403, 'security_exception', 'action [indices:monitor/stats] is unauthorized for user [my-username]')

这具体告诉我我无法访问的内容是什么？是什么indices:意思，是什么monitor意思monitor/stats？此错误消息试图告诉我什么？

我需要在我的 Portainer 实例上设置一个 SonarQube 容器。SonarQube 使用 Elasticsearch，它需要从主机传递的内核设置。正如这个问题中提到的，这个问题有据可查 ，但不幸的是，发布者没有详细说明他们的解决方案。

显然，这个问题可以通过在你的主机上运行来解决（？）

sysctl -w vm.max_map_count=262144

但是，如果有办法只为这个容器指定它，我会喜欢它。这样的事情是否可能，在 Portainer 中是如何完成的？我尝试了一个环境变量，但它没有效果。

我有一个带有 xpack 基本许可证的 elasticsearch 集群，并且启用了本机用户身份验证（当然是 ssl）。我正在尝试在 docker 容器上设置 kibana，但在浏览器中访问 kibana 时不断出现错误：
{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred."}
在 kibana 日志中我有消息：（
"missing authentication credentials for REST request"下面的完整日志）

我的 kibana.yml 文件是：

server.name: kibana
server.host: "0.0.0.0"
elasticsearch.hosts:
 - https://server:9200
server.ssl.certificate: "cert.crt"
server.ssl.key: "vert.key"
server.ssl.enabled: true
elasticsearch.ssl.certificateAuthorities: ["root-ca.crt"]
elasticsearch.username: "kibana"
elasticsearch.password: "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"

手动请求（使用浏览器或邮递员获取\发布请求）工作正常。任何以(eg )
开头的配置设置都将失败，并出现一些关于无法识别密钥的错误。 使用的容器版本：docker.elastic.co/kibana/kibana-oss:7.7.0xpack.*xpack.security.enabled

可能是在kibana docker容器中默认没有安装xpack吗？
我做错了什么？

-------- 完整的 kibana 日志 ---------

{"type":"log","@timestamp":"2020-05-25T10:06:03Z","tags":["warning","plugins-discovery"],"pid":6,"message":"Expect plugin \"id\" in camelCase, but found: apm_oss"}
{"type":"log","@timestamp":"2020-05-25T10:06:03Z","tags":["info","plugins-system"],"pid":6,"message":"Setting up [32] plugins: [visTypeVega,usageCollection,metrics,telemetryCollectionManager,telemetry,timelion,kibanaLegacy,devTools,apm_oss,uiActions,savedObjects,share,statusPage,newsfeed,kibanaReact,inspector,embeddable,kibanaUtils,discover,esUiShared,bfetch,expressions,visualizations,data,home,console,management,advancedSettings,telemetryManagementSection,navigation,dashboard,charts]"}
{"type":"log","@timestamp":"2020-05-25T10:06:04Z","tags":["info","savedobjects-service"],"pid":6,"message":"Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations..."}
{"type":"log","@timestamp":"2020-05-25T10:06:04Z","tags":["info","savedobjects-service"],"pid":6,"message":"Starting saved objects migrations"}
{"type":"log","@timestamp":"2020-05-25T10:06:04Z","tags":["info","plugins-system"],"pid":6,"message":"Starting [15] plugins: [visTypeVega,usageCollection,metrics,telemetryCollectionManager,telemetry,timelion,kibanaLegacy,apm_oss,share,bfetch,expressions,visualizations,data,home,console]"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"yellow","message":"Status changed from uninitialized to yellow - Waiting for Elasticsearch","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from yellow to green - Ready","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["listening","info"],"pid":6,"message":"Server running at https://0.0.0.0:5601"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["info","http","server","Kibana"],"pid":6,"message":"http server running at https://0.0.0.0:5601"}
{"type":"log","@timestamp":"2020-05-25T10:06:15Z","tags":["error","http"],"pid":6,"message":"{ [security_exception] missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0], with { header={ WWW-Authenticate={ 0=\"Bearer realm=\\\"security\\\"\" & 1=\"ApiKey\" & 2=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" } } } :: {\"path\":\"/.kibana/_doc/config%3A7.7.0\",\"query\":{},\"statusCode\":401,\"response\":\"{\\\"error\\\":{\\\"root_cause\\\":[{\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":[\\\"Bearer realm=\\\\\\\"security\\\\\\\"\\\",\\\"ApiKey\\\",\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\"]}}],\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":[\\\"Bearer realm=\\\\\\\"security\\\\\\\"\\\",\\\"ApiKey\\\",\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\"]}},\\\"status\\\":401}\",\"wwwAuthenticateDirective\":\"Bearer realm=\\\"security\\\", ApiKey, Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}\n    at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:349:15)\n    at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:306:7)\n    at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:173:7)\n    at IncomingMessage.wrapper (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/lodash.js:4929:19)\n    at IncomingMessage.emit (events.js:203:15)\n    at endReadableNT (_stream_readable.js:1145:12)\n    at process._tickCallback (internal/process/next_tick.js:63:19)\n  status: 401,\n  displayName: 'AuthenticationException',\n  message:\n   '[security_exception] missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0], with { header={ WWW-Authenticate={ 0=\"Bearer realm=\\\\\"security\\\\\"\" & 1=\"ApiKey\" & 2=\"Basic realm=\\\\\"security\\\\\" charset=\\\\\"UTF-8\\\\\"\" } } }',\n  path: '/.kibana/_doc/config%3A7.7.0',\n  query: {},\n  body:\n   { error:\n      { root_cause: [Array],\n        type: 'security_exception',\n        reason:\n         'missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]',\n        header: [Object] },\n     status: 401 },\n  statusCode: 401,\n  response:\n   '{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]\",\"header\":{\"WWW-Authenticate\":[\"Bearer realm=\\\\\"security\\\\\"\",\"ApiKey\",\"Basic realm=\\\\\"security\\\\\" charset=\\\\\"UTF-8\\\\\"\"]}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]\",\"header\":{\"WWW-Authenticate\":[\"Bearer realm=\\\\\"security\\\\\"\",\"ApiKey\",\"Basic realm=\\\\\"security\\\\\" charset=\\\\\"UTF-8\\\\\"\"]}},\"status\":401}',\n  wwwAuthenticateDirective:\n   'Bearer realm=\"security\", ApiKey, Basic realm=\"security\" charset=\"UTF-8\"',\n  toString: [Function],\n  toJSON: [Function],\n  isBoom: true,\n  isServer: false,\n  data: null,\n  output:\n   { statusCode: 401,\n     payload:\n      { statusCode: 401,\n        error: 'Unauthorized',\n        message:\n         '[security_exception] missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0], with { header={ WWW-Authenticate={ 0=\"Bearer realm=\\\\\"security\\\\\"\" & 1=\"ApiKey\" & 2=\"Basic realm=\\\\\"security\\\\\" charset=\\\\\"UTF-8\\\\\"\" } } }' },\n     headers: { 'WWW-Authenticate': [Array] } },\n  reformat: [Function],\n  [Symbol(ElasticsearchError)]: 'Elasticsearch/notAuthorized',\n  [Symbol(SavedObjectsClientErrorCode)]: 'SavedObjectsClient/notAuthorized' }"}
{"type":"error","@timestamp":"2020-05-25T10:06:15Z","tags":[],"pid":6,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Internal Server Error\n    at HapiResponseAdapter.toInternalError (/usr/share/kibana/src/core/server/http/router/response_adapter.js:67:19)\n    at Router.handle (/usr/share/kibana/src/core/server/http/router/router.js:165:34)\n    at process._tickCallback (internal/process/next_tick.js:68:7)"},"url":{"protocol":null,"slashes":null,"auth":null,"host":null,"port":null,"hostname":null,"hash":null,"search":null,"query":{},"pathname":"/","path":"/","href":"/"},"message":"Internal Server Error"}
{"type":"response","@timestamp":"2020-05-25T10:06:15Z","tags":[],"pid":6,"method":"get","statusCode":500,"req":{"url":"/","method":"get","headers":{"host":"KIBANA-SERVER:5601","connection":"keep-alive","cache-control":"max-age=0","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","sec-fetch-site":"none","sec-fetch-mode":"navigate","sec-fetch-user":"?1","sec-fetch-dest":"document","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"XXX.XXX.11.5","userAgent":"XXX.XXX.11.5"},"res":{"statusCode":500,"responseTime":44,"contentLength":9},"message":"GET / 500 44ms - 9.0B"}

======================
更新
======================

尝试使用具有相同配置的 kibana 版本 6.8（docker image docker.elastic.co/kibana/kibana-oss:6.8.0）（一切都相同 - 只是以前的图像）并且它可以工作，虽然我没有得到kibana 登录屏幕，而是由浏览器提示输入凭据。

我已经在 rhel 上安装了 Kibana，我正在尝试远程访问http://server-url:5601。

我已经安装了 elasticsearch 并且能够在http://server-url:9200上远程访问它

我已经添加

server.host 0.0.0.0

在 kibana.yml 中。

我已确保 nsg 允许它通过并已添加到防火墙中。我还安装了 elasticsearch 并且正在端口：9200 上工作 - 我在防火墙和 nsg 上为 9200 所做的我对 5601 所做的完全相同，所以我觉得这是一个配置问题而不是防火墙问题。

我也可以在本地成功地从机器上卷曲 kibana

当运行 netstat -nlp | grep :5601 我得到以下结果：

tcp        0      0 127.0.0.1:5601          0.0.0.0:*               LISTEN      33072/node

谢谢

我已经grok在我们的 logstash 配置中启用了过滤器，以便使用%{HAPROXYHTTP}and%{HAPROXYTCP}模式解析来自 HAProxy 的日志。这似乎工作得很好，从 haproxy 查看任何日志条目的详细信息，我可以看到各种提取的字段（bytes_read、client_ip、client_port、termination_state、actconn、feconn 等）。

但是在 Kibana 的“创建新的可视化”屏幕中，配置 Y 轴时，“字段”弹出窗口中没有这些字段可用。

我需要做什么才能使这些提取的字段可用于可视化？

我们希望在需要保存多年的财务日志和记录的主要软件系统中使用 Elastic Search。我们正在使用 Elastic Search，但有点担心 Elastic 是否是永久存储的可行解决方案。我被告知它可能会变得腐败。

是否存在系统可以具有多个区域并且可以在一个节点发生故障或损坏时进行自我修复的解决方案？我们是否必须编写一个系统，将写入 Elastic Search 的每个对象都备份到一个单独的数据库作为备份，并编写一个重新索引器，或者弹性搜索是一个可行的解决方案，而不需要数据库备份？

从过去几天开始，我在一台虚拟机中出现了奇怪的 I/O 峰值。

它的 2.6.32-504.el6.x86_64 #1 SMP Tue Sep 16 01:56:35 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux Red Hat Enterprise Linux Server 6.6 版（圣地亚哥）

大约 50G 的内存和 24 个 CPU 运行 elasticsearch 数据节点。

我们检测到发送到该 elasticsearch 节点的请求超时，并且在检查 vm 之后，我们现在只设法看到偶尔出现磁盘 I/O 卡住。我在虚拟机中的一个磁盘上使用了 ioping

4 KiB <<< /dev/sdf1（块设备 100.0 GiB）：请求=1 时间=3.76 毫秒（预热）

4 KiB <<< /dev/sdf1（块设备 100.0 GiB）：请求=2 时间=1.17 秒

4 KiB <<< /dev/sdf1（块设备 100.0 GiB）：请求=3 时间=131.7 us

4 KiB <<< /dev/sdf1（块设备 100.0 GiB）：请求=4 时间=282.8 us

4 KiB <<< /dev/sdf1（块设备 100.0 GiB）：请求=5 时间=999.4 毫秒

4 KiB <<< /dev/sdf1（块设备 100.0 GiB）：请求=6 时间=632.7 毫秒

4 KiB <<< /dev/sdf1（块设备 100.0 GiB）：请求=7 时间=2.15 秒（慢）

4 KiB <<< /dev/sdf1（块设备 100.0 GiB）：请求=8 时间=400.2 毫秒

4 KiB <<< /dev/sdf1（块设备 100.0 GiB）：请求=9 时间=20.0 秒（慢）

4 KiB <<< /dev/sdf1（块设备 100.0 GiB）：请求=10 时间=1.10 毫秒（快速）

4 KiB <<< /dev/sdf1（块设备 100.0 GiB）：请求=11 时间=1.30 毫秒（快速）

4 KiB <<< /dev/sdf1（块设备 100.0 GiB）：请求=12 时间=2.20 毫秒（快速）

4 KiB <<< /dev/sdf1（块设备 100.0 GiB）：请求=13 时间=2.61 毫秒（快速）

4 KiB <<< /dev/sdf1 (块设备 100.0 GiB): request=14 time=203.6 us (fast)

4 KiB <<< /dev/sdf1（块设备 100.0 GiB）：请求=15 时间=1.09 毫秒（快速）

4 KiB <<< /dev/sdf1 (块设备 100.0 GiB): request=16 time=319.3 us (fast)

4 KiB <<< /dev/sdf1 (块设备 100.0 GiB): request=17 time=249.8 us (fast)

如您所见，某一时刻出现了 20 秒的峰值。虚拟机在 vmware esxi 刀片上。数据存储被另外 3 台虚拟机使用，但没有一个显示出这种延迟问题。我尝试了 fsck 和 tune2fs 并且都在文件系统上显示没有问题。

当这种情况开始发生时，虚拟机上没有更新。任何有关如何调试此问题的提示表示赞赏

编辑：这是-d信息的顶部。似乎 lv 变得 100% 忙而 java （当时正在阅读弹性搜索）

LVM | vg00-lv_data | 忙 100% | | 阅读 8904 | 写 4 | | KiB/r 11 | KiB/w 4 |
| MBr/s 10.03 | MBw/s 0.00 | | avq 21.41 | avio 1.12 毫秒 |

PID TID
RDDSK WRDSK
WCANCL DSK
CMD 1/1

2629 -
100.3M 12K 0K 100%
爪哇