Kibana will not start with the plugin installed.

[MrrWhoo]

Hello,

Kibana fails to start with plugin installed. Kibana 7.6.0, I'm utilizing existing build of ELK

Thx

[S03D4-164]

Hello MrrWhoo,

Could you please provide more information about:

• What is the Kibana error message?
• Did you check following setup guides?
  • https://github.com/JPCERTCC/SysmonSearch/wiki/Install#Kibana-Server-Setup
  • https://github.com/JPCERTCC/SysmonSearch/wiki/Install-the-React-version

Please don't hesitate to contact us if you have any questions.

[de-npolkowske]

I can confirm this behavior.

Steps to reproduce the issue:

git clone
cd docker
docker-compose up

after pulling down the images and elastic start up, kibana detects the plugin and tries to compile, but fails during optimization and produces the following fatal:

...
docker-sysmonsearch-kibana | {"type":"log","@timestamp":"2020-07-15T17:50:08Z","tags":["info","plugins","canvas"],"pid":6,"message":"Stopping plugin"}
docker-sysmonsearch-kibana | {"type":"log","@timestamp":"2020-07-15T17:50:08Z","tags":["info","plugins","metrics"],"pid":6,"message":"Stopping plugin"}
docker-sysmonsearch-kibana | {"type":"log","@timestamp":"2020-07-15T17:50:08Z","tags":["info","plugins","usageCollection"],"pid":6,"message":"Stopping plugin"}
docker-sysmonsearch-kibana | {"type":"log","@timestamp":"2020-07-15T17:50:08Z","tags":["info","plugins","code"],"pid":6,"message":"Stopping plugin"}
docker-sysmonsearch-kibana | {"type":"log","@timestamp":"2020-07-15T17:50:08Z","tags":["info","plugins","encryptedSavedObjects"],"pid":6,"message":"Stopping plugin"}
docker-sysmonsearch-kibana | {"type":"log","@timestamp":"2020-07-15T17:50:08Z","tags":["info","plugins","infra"],"pid":6,"message":"Stopping plugin"}
docker-sysmonsearch-kibana | {"type":"log","@timestamp":"2020-07-15T17:50:08Z","tags":["info","plugins","licensing"],"pid":6,"message":"Stopping plugin"}
docker-sysmonsearch-kibana | {"type":"log","@timestamp":"2020-07-15T17:50:08Z","tags":["info","plugins","siem"],"pid":6,"message":"Stopping plugin"}
docker-sysmonsearch-kibana | {"type":"log","@timestamp":"2020-07-15T17:50:08Z","tags":["info","plugins","taskManager"],"pid":6,"message":"Stopping plugin"}
docker-sysmonsearch-kibana | 
docker-sysmonsearch-kibana |  FATAL  Error: Optimizations failure.
docker-sysmonsearch-kibana |    9331 modules
docker-sysmonsearch-kibana |     
docker-sysmonsearch-kibana |     ERROR in ./plugins/sysmon_search_r/public/components/main/react-visjs-timeline.js
docker-sysmonsearch-kibana |     Module not found: Error: Can't resolve 'lodash/assign' in '/usr/share/kibana/plugins/sysmon_search_r/public/components/main'
docker-sysmonsearch-kibana |     
docker-sysmonsearch-kibana |     ERROR in ./plugins/sysmon_search_r/public/components/main/react-visjs-timeline.js
docker-sysmonsearch-kibana |     Module not found: Error: Can't resolve 'lodash/difference' in '/usr/share/kibana/plugins/sysmon_search_r/public/components/main'
docker-sysmonsearch-kibana |     
docker-sysmonsearch-kibana |     ERROR in ./plugins/sysmon_search_r/public/components/main/react-graph-vis.js
docker-sysmonsearch-kibana |     Module not found: Error: Can't resolve 'lodash/differenceWith' in '/usr/share/kibana/plugins/sysmon_search_r/public/components/main'
docker-sysmonsearch-kibana |     
docker-sysmonsearch-kibana |     ERROR in ./plugins/sysmon_search_r/public/components/main/react-visjs-timeline.js
docker-sysmonsearch-kibana |     Module not found: Error: Can't resolve 'lodash/each' in '/usr/share/kibana/plugins/sysmon_search_r/public/components/main'
docker-sysmonsearch-kibana |     
docker-sysmonsearch-kibana |     ERROR in ./plugins/sysmon_search_r/public/components/main/react-graph-vis.js
docker-sysmonsearch-kibana |     Module not found: Error: Can't resolve 'lodash/fp/defaultsDeep' in '/usr/share/kibana/plugins/sysmon_search_r/public/components/main'
docker-sysmonsearch-kibana |     
docker-sysmonsearch-kibana |     ERROR in ./plugins/sysmon_search_r/public/components/main/react-visjs-timeline.js
docker-sysmonsearch-kibana |     Module not found: Error: Can't resolve 'lodash/intersection' in '/usr/share/kibana/plugins/sysmon_search_r/public/components/main'
docker-sysmonsearch-kibana |     
docker-sysmonsearch-kibana |     ERROR in ./plugins/sysmon_search_r/public/components/main/react-graph-vis.js
docker-sysmonsearch-kibana |     Module not found: Error: Can't resolve 'lodash/isEqual' in '/usr/share/kibana/plugins/sysmon_search_r/public/components/main'
docker-sysmonsearch-kibana |     
docker-sysmonsearch-kibana |     ERROR in ./plugins/sysmon_search_r/public/components/main/react-visjs-timeline.js
docker-sysmonsearch-kibana |     Module not found: Error: Can't resolve 'lodash/keys' in '/usr/share/kibana/plugins/sysmon_search_r/public/components/main'
docker-sysmonsearch-kibana |     
docker-sysmonsearch-kibana |     ERROR in ./plugins/sysmon_search_r/public/components/main/react-visjs-timeline.js
docker-sysmonsearch-kibana |     Module not found: Error: Can't resolve 'lodash/omit' in '/usr/share/kibana/plugins/sysmon_search_r/public/components/main'

[S03D4-164]

Please execute setup.sh in docker directory. It will install dependent node modules.

Please refer to the following wiki: https://github.com/JPCERTCC/SysmonSearch/wiki/Setup-with-Docker#how-to-set-up