elk报错

Posted effortsing

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了elk报错相关的知识,希望对你有一定的参考价值。

1、elasticsearch启动失败如下:

[[email protected] home]# /home/elasticsearch-6.3.0/bin/elasticsearch
[2019-02-11T07:15:14,874][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
    at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:140) ~[elasticsearch-6.3.0.jar:6.3.0]
    at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:127) ~[elasticsearch-6.3.0.jar:6.3.0]
    at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.3.0.jar:6.3.0]
    at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.3.0.jar:6.3.0]
    at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.3.0.jar:6.3.0]
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.3.0.jar:6.3.0]
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:86) ~[elasticsearch-6.3.0.jar:6.3.0]
Caused by: java.lang.RuntimeException: can not run elasticsearch as root
    at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:104) ~[elasticsearch-6.3.0.jar:6.3.0]
    at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:171) ~[elasticsearch-6.3.0.jar:6.3.0]
    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:326) ~[elasticsearch-6.3.0.jar:6.3.0]
    at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.3.0.jar:6.3.0]
    ... 6 more

原因:出于对root用户的安全保护,需要使用其他用户组进行授权启动

解决:

groupadd elsearch           
useradd elsearch -g elsearch -p elasticsearch
chown -R elsearch:elsearch  elasticsearch-6.3.0

说明: 添加用户组 elsearch  

       添加用户 elsearch 密码为 elasticsearch 到用户组 elsearch

       将elsearch安装目录授权给 用户组:用户  即 elsearch:elsearch



重启elasticsearch

su elsearch

/home/elasticsearch-6.3.0/bin/elasticsearch



2、elasticsearch启动报错如下:

ERROR: [2] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
[2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
[2019-02-11T07:20:56,458][INFO ][o.e.n.Node               ] [lKlZCZf] stopping ...
[2019-02-11T07:20:56,938][INFO ][o.e.n.Node               ] [lKlZCZf] stopped
[2019-02-11T07:20:56,938][INFO ][o.e.n.Node               ] [lKlZCZf] closing ...
[2019-02-11T07:20:57,013][INFO ][o.e.n.Node               ] [lKlZCZf] closed


[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]

原因:虚拟机限制用户的执行内存

解决:


修改安全限制配置文件

说明:使用最高权限 修改安全配置 在文件末尾加入

su root
 
cat> /etc/security/limits.conf<<EOF

# End of file
elsearch       hard        nofile        65536 
elsearch       soft        nofile        65536
*              soft       nproc         4096
*              hard       nproc         4096 
EOF


说明: 

elsearch为用户名 可以是使用*进行通配  

nofile 最大打开文件数目

nproc 最大打开线程数目



[2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

解决:修改系统配置文件

vi /etc/sysctl.conf 

行末加上vm.max_map_count = 655360

# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
vm.max_map_count = 655360

说明:vm.max_map_count = 655360 值大于错误提示值

sed -i $avm.max_map_count = 655360 /etc/sysctl.conf


重启linux系统,否则不生效

reboot


重启elasticsearch

su elsearch

/home/elasticsearch-6.3.0/bin/elasticsearch



3、elasticsearch启动报错如下

org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: 
failed to obtain node locks, tried [[/home/elasticsearch-6.3.0/data/elasticsearch]] with 
lock id [0]; maybe these locations are not writable or multiple nodes were started 
without increasing [node.max_local_storage_nodes] (was [1])?


原因:线程占用

解决:

杀死elasticsearch线程

ps -ef | grep elastic

kill -9 5869


重启elasticsearch

su elsearch

/home/elasticsearch-6.3.0/bin/elasticsearch

 

以上是关于elk报错的主要内容,如果未能解决你的问题,请参考以下文章

ELK报错及解决方案

错误记录Flutter 混合开发获取 BinaryMessenger 报错 ( FlutterActivityAndFragmentDelegate.getFlutterEngine() )(代码片段

elk 报错

elk报错

elk中elasticsearch安装启动报错

elk安装时最常见的报错