search

deviantony / docker-elk

The Elastic stack (ELK) powered by Docker and Compose.
MIT License
17.38k stars 6.81k forks source link

Dashboard import fails #511

Closed dobbytheferret closed 4 years ago

dobbytheferret commented 4 years ago

Problem description

When trying to setup dashboards for winlogbeat i get "Failed to import dashboard"

Extra information

.\winlogbeat.exe : Exiting: Failed to import dashboard: Failed to load directory C:\Users\user\Documents\winlogbeat\kibana/7/dashboard:
At line:1 char:1
+ .\winlogbeat.exe setup --dashboards
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (Exiting: Failed...na/7/dashboard::String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError

  error loading C:\Users\user\Documents\winlogbeat\kibana\7\dashboard\01c54730-fee6-11e9-8405-516218e3d268.json: returned 403 to import file: <nil>. Response: {"statusCode":403,"error":"Forbidden","message":"Unable to bulk_cre
ate dashboard,search,visualization"}
  error loading C:\Users\user\Documents\winlogbeat\kibana\7\dashboard\71f720f0-ff18-11e9-8405-516218e3d268.json: returned 403 to import file: <nil>. Response: {"statusCode":403,"error":"Forbidden","message":"Unable to bulk_cre
ate dashboard,search,visualization"}
  error loading C:\Users\user\Documents\winlogbeat\kibana\7\dashboard\8223bed0-b9e9-11e9-b6a2-c9b4015c4baf.json: returned 403 to import file: <nil>. Response: {"statusCode":403,"error":"Forbidden","message":"Unable to bulk_cre
ate dashboard,search,visualization"}
  error loading C:\Users\user\Documents\winlogbeat\kibana\7\dashboard\Winlogbeat-overview.json: returned 403 to import file: <nil>. Response: {"statusCode":403,"error":"Forbidden","message":"Unable to bulk_create dashboard,vis
ualization"}
  error loading C:\Users\user\Documents\winlogbeat\kibana\7\dashboard\bb858830-f412-11e9-8405-516218e3d268.json: returned 403 to import file: <nil>. Response: {"statusCode":403,"error":"Forbidden","message":"Unable to bulk_cre
ate dashboard,search,visualization"}

Stack configuration

Docker setup

Client: Docker Engine - Community
 Version:           19.03.11
 API version:       1.40
 Go version:        go1.13.10
 Git commit:        42e35e61f3
 Built:             Mon Jun  1 09:12:34 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.11
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.10
  Git commit:       42e35e61f3
  Built:            Mon Jun  1 09:11:07 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.13
  GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

docker-compose version 1.26.0, build d4451659
docker-py version: 4.2.1
CPython version: 3.7.7
OpenSSL version: OpenSSL 1.1.0l  10 Sep 2019
antoineco commented 4 years ago

"statusCode":403,"error":"Forbidden" means you didn't provide credentials for Winlogbeat to communicate with Elasticsearch.

From the docs

output.elasticsearch:
  hosts: ['<ELASTICSEARCH_URL>']
  username: kibana
  password: <YOUR_PASSWORD>
dobbytheferret commented 4 years ago

If i write the wrong password and username i get "[indices:admin/aliases/get] is unauthorized for user [kibana]"},"status":403}"

If i use the elastic username and password that was made during password initializing it gives me the error "{"statusCode":403,"error":"Forbidden","message":"Unable to bulk_create dashboard,search,visualization"}"

So theres a different error..

I am 100% sure the password is right.

Even tried to setup a new user with ALL roles added to it. Gets the same error loading C:\Program Files\Winlogbeat\kibana\7\dashboard\8223bed0-b9e9-11e9-b6a2-c9b4015c4baf.json: returned 403 to import file: . Response: {"statusCode":403,"error":"Forbidden","message":"Unable to bulk_create dashboard,search,visualization"}

I have even tried to setup the dashboards with "PS C:\Program Files\Winlogbeat> .\winlogbeat.exe setup -e

-E output.logstash.enabled=false -E output.elasticsearch.hosts=['ip:9200'] -E output.elasticsearch.username=elastic -E output.elasticsearch.password=pass -E setup.kibana.host=ip:5601"

antoineco commented 4 years ago

The elastic user essentially has "root" permissions, so if it doesn't work I'm not sure what else you can do. This is something I would ask in the Elastic forums because it doesn't seem specific to Docker.

antoineco commented 4 years ago

Closing because it seems we have gone a full circle, feel free to reopen if you're still affected by this and believe the problem could be specific to ELK on Compose.