Recently after a brief power outage one of my homelabs that runs the SIEM called Wazuh was kicking up errors. If you don’t know already, Wazuh is an awesome open source SIEM that is completely free to install and play with for personal use. After the power outage my ESXI server rebooted automatically and started it’s automated boot sequence of firing up the VMs within my homelab. Unfortunately, Wazuh started to throw the dreaded “Kibana server is not ready yet” error.

Keep in mind this fix is not the only fix for the “Kibana server not ready yet” error. Having that Kibana error can mean lot’s of things such as the wrong password being entered in a config file, wrong username in the config file, and many other things. Luckily for me, my fix was super simple and easy.

The first thing I did to diagnose the error was use google. I googled, googled, and googled again going through threads on github, elastic forums, and google groups. Eventually I found the solution that fit my needs. I say my needs because I have the virtual machine .ova version of Wazuh installed on my homelab server and my error was solved by the following.

1. Open terminal and type in systemctl this command gives you a quick list of services running on linux.
2. You should see something similar to the screenshot above. If you see the “elasticsearch.service” in red that means you have the error similar to what I had. You should note the failed failed error also.
3. Once you confirm the error above that shows the elasticsearch.service in red we’re going to restart the service with the following command systemctl restart elasticsearch
4. You will then get an authentication request and if you use the open source Wazuh.ova virtual machine version of Wazuh you will then authenticate as Wazuh and then your password for the Wazuh username. Tip, be sure to change the default Wazuh password.

Once done with those 4 steps you should no longer see elasticsearch.service error out in red and see that it is active and running. You can then go to your web browser and refresh your page to a resolved Kibana server error. Further more, I have not diagnosed this error any further other than getting my Wazuh setup working so that I can keep an eye on my local area network. I do plan on revisiting this to see why this error was caused but so far after resolving the problem have yet to get the issue again.

Happy tinkering!