Since orchestration installation, no log are created in elasticsearch despite web.config setup with x-pack authentication (no ‘default-*’ indice) and also no event in windows event viewer
Elastic is up and running:_cat/indices?v
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .kibana cBSx-QSrQfyC_KqD04Forg 1 1 1 0 7.7kb 3.8kb
green open .security UFth26cVRSaiSMqrCOcq3A 1 1 5 0 37.1kb 18.5kb
I assume that you properly installed xpack following elastic instruction (when you try to access data,you should be prompted for credentials)
Username and password for elastic are case sensitive (already faced the issue).
Regarding the web config, you can try to revert your changes on web config and remove/install again Orchestrator UiPlateform.msi on the Orchestrator, keeping the existing database and entering the Elastic search authentication detail using the wizzard (handled since 2018 version) (note that there is no validation made by the wizzard on the correctness of the creds supplied)
I’m not sure about the windows logs to be honest.
Could you confirm the when you put ESURL/default-*/_search on your browser, you are prompted for username and password?
If you are not, it means xpack is not setup properly.
Idealy, you should test the previous step from the Orchestrator if you can. maybe there is a port issue.
The issue your describe seem to be what occur when Orchestrator cannot send logs to ES, either due to wrong credendials or you supply credential when they would not be expected
Is the same index pattern supposed to work in Kibana as well as instructed in below Image. * gets all the logs, but for default* I get “No Results found ”
It usually does work since the pattern should be default-MM implying that you are using the default tenant.
What do you get the you use the command above (from elastic search) it should give you the list of available indices autogenerated by the Orchestrator?
I will try with another open source plugin: readonlyrest and I will change URI field in web.config: adding http:// before server name:port on our production platform
I already tried that on our development platform and it was OK with this new setup (bot’s events send successfully to ES and Orchestrator events send successfully to window event manager).
It is strange to have no log in window event manager if Ochestrator is unable to log bot’s events in ES