elk报错

1、elasticsearch启动失败如下:

[[email protected] home]# /home/elasticsearch-6.3.0/bin/elasticsearch
[2019-02-11T07:15:14,874][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
    at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:140) ~[elasticsearch-6.3.0.jar:6.3.0]
    at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:127) ~[elasticsearch-6.3.0.jar:6.3.0]
    at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.3.0.jar:6.3.0]
    at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.3.0.jar:6.3.0]
    at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.3.0.jar:6.3.0]
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.3.0.jar:6.3.0]
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:86) ~[elasticsearch-6.3.0.jar:6.3.0]
Caused by: java.lang.RuntimeException: can not run elasticsearch as root
    at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:104) ~[elasticsearch-6.3.0.jar:6.3.0]
    at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:171) ~[elasticsearch-6.3.0.jar:6.3.0]
    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:326) ~[elasticsearch-6.3.0.jar:6.3.0]
    at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.3.0.jar:6.3.0]
    ... 6 more

原因:出于对root用户的安全保护,需要使用其他用户组进行授权启动

解决:

groupadd elsearch
useradd elsearch -g elsearch -p elasticsearch
chown -R elsearch:elsearch  elasticsearch-6.3.0

说明: 添加用户组 elsearch  

       添加用户 elsearch 密码为 elasticsearch 到用户组 elsearch

       将elsearch安装目录授权给 用户组:用户  即 elsearch:elsearch

重启elasticsearch

su elsearch

/home/elasticsearch-6.3.0/bin/elasticsearch

2、elasticsearch启动报错如下:

ERROR: [2] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
[2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
[2019-02-11T07:20:56,458][INFO ][o.e.n.Node               ] [lKlZCZf] stopping ...
[2019-02-11T07:20:56,938][INFO ][o.e.n.Node               ] [lKlZCZf] stopped
[2019-02-11T07:20:56,938][INFO ][o.e.n.Node               ] [lKlZCZf] closing ...
[2019-02-11T07:20:57,013][INFO ][o.e.n.Node               ] [lKlZCZf] closed

[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]

原因:虚拟机限制用户的执行内存

解决:

修改安全限制配置文件

说明:使用最高权限 修改安全配置 在文件末尾加入

su root

cat> /etc/security/limits.conf<<EOF

# End of file
elsearch       hard        nofile        65536
elsearch       soft        nofile        65536
*              soft       nproc         4096
*              hard       nproc         4096
EOF

说明: 

elsearch为用户名 可以是使用*进行通配  

nofile 最大打开文件数目

nproc 最大打开线程数目

[2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

解决:修改系统配置文件

vi /etc/sysctl.conf 

行末加上vm.max_map_count = 655360

# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
vm.max_map_count = 655360

说明:vm.max_map_count = 655360 值大于错误提示值

sed -i ‘$a\vm.max_map_count = 655360‘ /etc/sysctl.conf

重启linux系统,否则不生效

reboot

重启elasticsearch

su elsearch

/home/elasticsearch-6.3.0/bin/elasticsearch

3、elasticsearch启动报错如下

org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException:
failed to obtain node locks, tried [[/home/elasticsearch-6.3.0/data/elasticsearch]] with
lock id [0]; maybe these locations are not writable or multiple nodes were started
without increasing [node.max_local_storage_nodes] (was [1])?

原因:线程占用

解决:

杀死elasticsearch线程

ps -ef | grep elastic

kill -9 5869

重启elasticsearch

su elsearch

/home/elasticsearch-6.3.0/bin/elasticsearch

原文地址:https://www.cnblogs.com/effortsing/p/10363107.html

时间: 2024-10-13 06:45:50

elk报错的相关文章

ELK报错及解决方案

ELK报错及解决方案 1.jdk版本问题 报错如下: future versions of Elasticsearch will require Java 11; your Java version from [/usr/local/jdk9/jdk-9.0.4] does not meet this requirement Java HotSpot(TM) 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in

ELK之kibana的web报错[request] Data too large, data for [&lt;agg [2]&gt;] would be larger than limit of

ELK架构:elasticsearch+kibana+filebeat 版本信息: elasticsearch 5.2.1 kibana 5.2.1 filebeat 6.0.0 (预览版) 今天在进行ELK测试的时候,在kibana上面discover无论那个index,发现均会报错: [request] Data too large, data for [<agg [2]>] would be larger than limit of 并且在elasticsearch的日志可以看到: or

elk中elasticsearch安装启动报错

elasticsearch安装之后.启动报错.elasticsearch版本为5.4.1 下载安装: wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.4.1.tar.gz tar zxf elasticsearch-5.4.1.tar.gz mv elasticsearch-5.4.1 /usr/local/elasticsearch cd /usr/local/elasticsearch/ ./

logstash启动报错 Exception in thread &quot;&gt;output&quot; org.elasticsearch.discovery.MasterNotDiscoveredException: waited for [30s]

部署ELK时候,logstash启动报错 Sending logstash logs to /var/log/logstash.log.Exception in thread ">output" org.elasticsearch.discovery.MasterNotDiscoveredException: waited for [30s]    at org.elasticsearch.action.support.master.TransportMasterNodeOper

docker run和docker exec报错context deadline exceeded

现象描述docker run -d centos:v1 /bin/bash创建容器或者docker exec -it container_name bash进入容器,都会报错"usrbindocker-current Error response from daemon:shim error.context deadline exceeded.",docker ps.docker stats.docker info等命令均可用基础环境物理机操作系统:CentOS Linux relea

Ubuntu12.04 安装python-dev报错 Depends: libblas-common

情况如下:$sudo apt-get install -y libatlas3-base libgfortran3 python-devReading package lists... DoneBuilding dependency tree Reading state information... Donelibatlas3-base is already the newest version.You might want to run 'apt-get -f install' to corr

dubbo 报错问题记录:may be version or group mismatch

凌晨时候钉钉告警群里一直大量报错: 接口异常报警:项目:mp-rest,域名:inside-mp.01zhuanche.com,IP:10.30.3.60,接口地址:/api/v3/driverLogin/driverType,请求方式:POST,错误信息:com.alibaba.dubbo.rpc.RpcException: Failed to invoke the method findByPhone in the service com.zhuanche.driver.service.Dr

docker-compose进行部署容器的时候,报错权限不足

刚刚用docker-compose部署elk的时候,没有起来,查看日志的时候,发现在数据卷挂载的时候,报错权限不足. 由于日志不在了,这里就直接贴出解决办法. 问题原因及解决办法 原因是CentOS7中的安全模块selinux把权限禁掉了,至少有以下三种方式解决挂载的目录没有权限的问题: 1.在运行容器的时候,给容器加特权,及加上 --privileged=true 参数: docker run -i -t -v /soft:/soft --privileged=true 686672a1d0c

oracle安装故障:完美解决xhost +报错: unable to open display “”

oracle安装 先切换到root用户,执行xhost + 然后再切换到oracle用户,执行export DISPLAY=:0.0 出现乱码执行export LANG=US_en 在这里给大家介绍下两种情况的常见问题: 一种是本地运行的命令,另一种则是远程ssh命令安装. DISPLAY科普 DISPLAY变量是用来设置将图形显示到何处.比如CENTOS,你用图形界面登录进去,DISPLAY自动设置为DISPLAY=:0.0表示显式到本地监视器,那么通过终端工具(例如:xshell)进去,运行