Siren & kibana connecting to the same ES cluster

I took siren-investigate folder from the “esay start” download and configurated to use my existing ES 7.8 .
I installed the correct federeted plugin in ES but running investigate (unsing kibana.index: “.sireni” on investigate.yml) give me this error :

 log   [09:52:28.574] [info][status][plugin:elasticsearch@10.5.2] Status changed from red to yellow - No existing Kibana index found
 log   [09:52:28.584] [error][status][plugin:elasticsearch@10.5.2] Status changed from yellow to red - Unable to create Siren Investigate index ".sireni"

investigate uses same kibana username and password used in kibana.

Why is this happening ?


Hi Enrico,

If you are using the Elasticsearch without security then you can simply start the investigate after you have installed the correct federate plugin on ES with changing the port number of the ES running in investigate.yml file:

elasticsearch.url: “http://localhost:9200

#elasticsearch.preserveHost: true
#kibana.index: “.kibana” (Uncomment this in case you need to create a new Kibana index)

kibana.defaultAppId: “dashboard”

#elasticsearch.username: kibana
#elasticsearch.password: password

In case to use Siren Investigate against an Elasticsearch cluster with Elastic Stack security enabled, you must create the following roles:

  • investigate_system : a role that allows Investigate to store user generated content.
  • investigate_admin : a role that designates users with administrative privileges on an Investigate installation.
  • investigate_user : a role that designates users with read access to specific indices.
  • federate_system : a role used by the Siren Federate plugin to perform privileged operations in the cluster.

Here is the documentation to create roles:


1 Like