CODEWITHSUNDEEP
elasticsearchkibana
Akanksha
Akanksha

Reputation: 61

Unable configure Alerts and Actions in Kibana

I'm using a Docker Compose file for ELK setup and using the latest version (above 7) for Kibana. Now I set the xpack.encryptedSavedObjects.encryptionKey parameter in the kibana.yml so that I can use the alert and actions feature. But even after that I'm not able to create alert. Can anyone help me please?

I generated 32 character encryption key using Python uuid module. enter image description here

Upvotes: 1

Views: 4147

Answers (4)

Piyush Roy
Piyush Roy

Reputation: 1

Alerts need the xpack.encryptedSavedObjects.encryptionKey to work, I made it all caps like:

XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY

and passed as ENV Variable. Reference example:

  kibana-primary-1:
    image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
    volumes:
      - certs:/usr/share/kibana/config/certs
      - kibana/data:/usr/share/kibana/data
    environment:
      - SERVERNAME=kibana-primary-1
      - ELASTICSEARCH_HOSTS=https://master-hot-1:9200
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
      - XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=${ENCRYPTION_KEY}
      - SERVER_PUBLICBASEURL=${KIBANA_BASEURL}

and put a .env file:

#BASE URL
KIBANA_BASEURL=https://elk.thequickdesk.com/
#KEYS
ENCRYPTION_KEY=123456789033Ewwrew32

Upvotes: 0

Seb
Seb

Reputation: 976

According to https://github.com/elastic/kibana/issues/57773 the environment variable XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY was missing in the kibana config. In Feb 2020 it was merged and is now working.

The encryption key XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY has to be 32 characters or longer. https://www.elastic.co/guide/en/kibana/current/using-kibana-with-security.html

A working configuration could look like this:

...
  kibana:
    depends_on:
      - elasticsearch
    image: docker.elastic.co/kibana/kibana:8.0.0-rc2
    container_name: kibana
    environment:
      - ...
      - SERVER_PUBLICBASEURL=https://kibana.stackoverflow.com/
      - XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=a7a6311933d3503b89bc2dbc36572c33a6c10925682e591bffcab6911c06786d
      - ...
...

Upvotes: 3

kaleab Girma
kaleab Girma

Reputation: 31

I have tried using the environment variable in my docker-compose.yml file as

kib01:
image: docker.elastic.co/kibana/kibana:${VERSION}
container_name: kib01
depends_on: {"es01": {"condition": "service_healthy"}}
ports:
  - 5601:5601
environment:
  SERVERNAME: localhost
  ELASTICSEARCH_URL: https://es01:9200
  ELASTICSEARCH_HOSTS: https://es01:9200
  XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: "743787217A45432B462D4A614EF35266"
volumes:
  - /var/elasticsearch/config/certs:$CERTS_DIR
networks:
  - elastic

We have changed the string format of xpack.encryptedSavedObjects.encryptionKey in to environment variable format XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY by replacing . with _ and all caps.

Upvotes: 3

obp3ter
obp3ter

Reputation: 11

Maybe there is a problem with mounting the file, I opted for the environment variables in my docker-compose file.

services:
  kibana:
    ...
    environment:
      ...
      XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: abcd...

Upvotes: 0

Related Questions