a3ilson
commented
2 years ago You'll need to run the /etc/pfelk/script/error-data.sh script which will output logs/settings to /etc/pfelk/logs/
The screenshots are not visible and the log from logstash reveals that it cannot connect (401 error).
Did you complete the following steps: 1) https://github.com/pfelk/pfelk/blob/main/install/security.md 2) https://github.com/pfelk/pfelk/blob/main/install/configuration.md
Describe the bug no matching indices found for any of the templates, firewall/dhcp/etc
Screenshots `KbnError@http://192.168.1.109:5601/55572/bundles/plugin/kibanaUtils/kibana/kibanaUtils.plugin.js:1:6813 errors_DataViewMissingIndices@http://192.168.1.109:5601/55572/bundles/plugin/dataViews/kibana/dataViews.plugin.js:1:2512 _request/<@http://192.168.1.109:5601/55572/bundles/plugin/dataViews/kibana/dataViews.plugin.js:1:36626 '
Firewall System (please complete the following information):
Operating System (please complete the following information): Linux 5.4.0-131-generic x86_64 NAME="Ubuntu" VERSION="20.04.5 LTS (Focal Fossa)"
Installation method (manual, ansible-playbook, docker, script): SCRIPT
Elasticsearch, Logstash, Kibana (please complete the following information):
Version of ELK components (
dpkg -l [elasticsearch]|[logstash]|[kibana]) 8.4.3 for allElasticsearch, Logstash, Kibana logs:
tail -f /var/log/logstash/logstash-plain.log)2022-11-10T17:19:15,585][WARN ][logstash.outputs.elasticsearch][pfelk] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://pfelk_logstash:xxxxxx@localhost:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'https://localhost:9200/'"}**Attach the pfELK Error Log (error.pfelk), for Better Assistance*** no pfELK error logs are in the folder