Kibana dashboard and indexes are not created
Closed this issue · 3 comments
Hi there,
the VM is up and running, however when I log into the Kibana application there are no dashboard and no index patterns pre-configured.
I use the cat index API to list the indices:
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .geoip_databases ql1AQ2dpQkq7M3B5pfnMkw 1 0 41 0 40.1mb 40.1mb
green open .kibana-event-log-7.14.0-000001 8eOYYzqUQ4is0I3g0Y_RwA 1 0 1 0 5.6kb 5.6kb
green open .kibana_7.14.0_001 bqji6E5LSL2PeAj3iJPGVA 1 0 39 40 2.5mb 2.5mb
green open .apm-custom-link vO7HVTsET2mmpeBwGwnDzQ 1 0 0 0 208b 208b
green open .apm-agent-configuration Nv42wG6WRYq-yi48FxiUSA 1 0 0 0 208b 208b
green open .kibana_task_manager_7.14.0_001 oKEX8N2wR2uvVu876pChfg 1 0 14 11328 1.2mb 1.2mb
yellow open packets-2004.09.30 GOrWBkezT5qe2bLVg_ZWTQ 1 1 76 0 635.3kb 635.3kb
I can see that the packets index is generated correctly and there are 76 documents in it possibly from the test pcap.
I then check whether templates are generated:
name index_patterns order version composed_of
.monitoring-alerts-7 [.monitoring-alerts-7] 0 7140099
.monitoring-beats [.monitoring-beats-7-*] 0 7140099
.transform-notifications-000002 [.transform-notifications-*] 0 7140099
logstash [logstash-*] 0 60001
.kibana-event-log-7.14.0-template [.kibana-event-log-7.14.0-*] 0
.monitoring-kibana [.monitoring-kibana-7-*] 0 7140099
.monitoring-es [.monitoring-es-7-*] 0 7140099
.monitoring-logstash [.monitoring-logstash-7-*] 0 7140099
.ml-state [.ml-state*] 2147483647 7140099 []
ilm-history [ilm-history-5*] 2147483647 5 []
.slm-history [.slm-history-5*] 2147483647 5 []
synthetics [synthetics-*-*] 100 1 [synthetics-mappings, data-streams-mappings, synthetics-settings]
.ml-anomalies- [.ml-anomalies-*] 2147483647 7140099 []
metrics [metrics-*-*] 100 1 [metrics-mappings, data-streams-mappings, metrics-settings]
.ml-notifications-000002 [.ml-notifications-000002] 2147483647 7140099 []
.deprecation-indexing-template [.logs-deprecation.*] 1000 1 [.deprecation-indexing-mappings, .deprecation-indexing-settings]
packets_template [packets-*] 0 []
.watch-history-13 [.watcher-history-13*] 2147483647 13 []
logs [logs-*-*] 100 1 [logs-mappings, data-streams-mappings, logs-settings]
.ml-stats [.ml-stats-*] 2147483647 7140099 []
Which they are.
So I then import manually the saved object from the Kibana folder:
My guess is that there is a fail during the vagrant script and it doesn't load the file correctly.
Let me know if I can be on any help to debug the issue.
PS
I am not a vagrant expert.
Thank you for reporting this. I just tested it (running Vagrant 2.2.6 on Ubuntu 20.04.2) and for me it worked well. Maybe it depends on the performance of the machine.
There is the following vagrant script, which is executed after the VM initialization: VM/post_initialize.sh. It includes the following code, which waits 60s for Kibana to start. After it uses curl to import the Kibana objects. If the Kibana is not running in 60s, it will fail. So most likely this was the reason why the objects were missing. The correct implementation would be, that the script waits properly until the Kibana service is up.
echo "Wait for Kibana to start ... (waiting 60 seconds)"
sleep 60
curl -X POST "localhost:5601/api/saved_objects/_import?overwrite=true" -H "kbn-xsrf: true" --form file=@export.ndjson
Your fix to import the objects from UI is fine or you can use the curl command from this script.
Yes I just checked and is probably what happened (for the record I am on a cloud VM so performance is definitely not like my bare metal).
We should this quirk to the main readme so people don't get confused.
Thanks