Elasticsearch:Kibana FAQ

To log on to the Kibana console, see Log on to the Kibana console. The default username for the Kibana console is elastic. The password is the one that you set when you created the Alibaba Cloud Elasticsearch instance. If you forget the password, see Reset the access password of an instance.

To effectively manage permissions and enhance security within your Alibaba Cloud Elasticsearch cluster and Kibana, follow these best practices:

• Avoid using the elastic account for daily operations: The elastic account is a superuser with full administrative privileges. Using it for routine tasks (including search services) is a significant security risk, as a leaked password could compromise your entire cluster.

• Create dedicated users with granular roles: Instead of relying on elastic, create specific users and assign them only the necessary roles and permissions. This adheres to the principle of least privilege.

  • For detailed instructions on configuring users, roles, and permissions, see: Use the RBAC mechanism provided by Elasticsearch X-Pack to implement access control.

• Exercise caution when resetting the elastic password: If you are using the elastic account for any ongoing services (which is not recommended), resetting its password will immediately cause authentication failures and service disruptions until the new password is updated everywhere.

No.

Your Elasticsearch cluster and its Kibana console are deployed within a VPC for security and isolation. This design means it can only communicate with other services that are also located within that same VPC.

The public network whitelist feature, conversely, is for allowing external clients (from the public internet) to securely access your Kibana console. It does not enable your Elasticsearch cluster or Kibana to initiate connections outbound to public network services.

Check if the Kibana node specifications are 1 vCPU and 2 GiB. These specifications are unstable and suitable only for testing, not for production environments. Upgrade the specifications as soon as possible. For more information, see Upgrade a cluster.

Restart the Kibana node. On the Basic Information page of the Elasticsearch cluster, in the Node Visualization section, move the mouse pointer over the status light of the Kibana Node and click Restart.

To prevent Kibana from restarting when the HTTPS certificate is replaced, the deployment architecture of Kibana V7.16 and some V7.10 clusters has been adjusted. A Layer 7 agent service is added to the Kibana service. Therefore, the IP address resolved from the private domain name is the IP address of the Layer 7 agent service. This adjustment does not affect the security or normal use of Kibana and has passed the security review by the relevant Alibaba Cloud teams. It is safe to use.

If you are using an Nginx proxy to access Kibana over a private or public network and are experiencing access issues, systematically troubleshoot by checking network connectivity, Nginx configuration, and authentication settings.

1. Verify network connectivity.

   • IP address whitelist: Confirm that the IP address of your Nginx server (or the originating client's IP if Nginx is further proxied) is added to the appropriate Kibana whitelist. For more information, see Connect to a cluster through Kibana.

   • Security group rules (for cloud-native new control (v3) clusters): If your Elasticsearch cluster uses the cloud-native new control (v3) architecture and you are accessing Kibana from within the VPC, check associated security group rules:

     • Kibana's security group: For inbound rules, ensure that traffic from the Nginx server's IP address to the Kibana port (typically 5601) is explicitly allowed. Outbound rules generally do not require specific configuration here.

     • Nginx server's security group: For outbound rules, ensure that traffic from the Nginx server to the Kibana service's IP address and port (e.g., 5601) is allowed.

   Note

   Configure the settings based on your network environment and the actual port.

2. Review Nginx proxy configuration.

   Incorrect Nginx configurations are a frequent cause of Kibana access failures.

   • proxy_pass directive: Verify that the proxy_pass directive in your Nginx configuration file points to the correct Kibana service endpoint, protocol (http or https), and port number (e.g., http://<Kibana_Endpoint>:5601).

   • Host request header: Kibana may fail to correctly identify the request source if the Host request header is modified by Nginx (e.g., using proxy_set_header Host XXX). Resolve this in one of the following ways:

     • Method 1: Comment out or delete the proxy_set_header Host configuration.

     • Method 2: If you want to retain the Host configuration, set Host to the original domain name of Kibana.

   For a sample configuration file, see Nginx configuration file.

3. Adjust the Kibana authentication method.

   If you use a cloud-native architecture instance and access Kibana over a private network through an agent, you must use only a username and password for authentication. For more information, see Connect to a cluster through Kibana.

4. Apply changes and restart the Nginx agent.

   1. Test Nginx configuration syntax:

      sudo nginx -t

   2. Reload Nginx service:

      sudo nginx -s reload

For Alibaba Cloud Elasticsearch clusters with cloud-native new control (v3) architecture type, you cannot access the Kibana service using a custom domain name through a CNAME record. To use a custom domain name to access Kibana, see Access Kibana through an Nginx agent.

If the ES instance is not in the Normal state, the Modify Configuration button for Kibana may be grayed out. You can wait for the instance status to return to Normal, or investigate the cause of the abnormal status.

No, it does not. For Kibana versions earlier than 7.0, only the default plugins provided in the console are supported. Kibana V7.0 and later do not support any plugins.

Currently, only Kibana V6.7.0 and later support language modification. The Kibana console supports English and Chinese. You can change the setting to use Kibana in your preferred language. For more information, see Configure the language of the Kibana console.

See Install Kibana plugins.

The timestamp (@timestamp) used on the Discover page of Kibana is in UTC by default, while the timestamp stored in the Elasticsearch document is in the local time. Therefore, the two timestamps may be different. To resolve this issue, you can use one of the following solutions:

• For new data: You can modify the time zone setting in Kibana. To do this, modify dateFormat:tz on the Advanced Settings page in Kibana.

• For historical data: You can use the Reindex API to reindex previously stored data and modify the timestamps.

• Cause

  This error indicates that the instance status is abnormal. High heap memory overhead can cause insufficient heap memory, which in turn causes Kibana requests to time out.

• Solution

  Reduce the bulk write size or upgrade the cluster.

• Run the GET _nodes/stats command to view index information.

• On the Monitoring page, the shard status of indexes on a node is displayed, including heap memory usage, as shown in the following figure.

When you export a CSV file from Kibana, the default size is 10,485,760 bytes (10 MB). Data that exceeds this limit is truncated. This setting is intended to prevent large exports from causing performance and storage issues. For cluster health and stability, this parameter can no longer be modified. Export the file in batches.