1.内存不足
[sandwich@centos-elk bin]$ ./logstash -e 'input {input stdin{}} output{stdout{}}'
Using LS_JAVA_HOME defined java: /home/sandwich/app/elk/elasticsearch-7.17.1/jdk.
WARNING: Using LS_JAVA_HOME while Logstash distribution comes with a bundled JDK.
OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x00000000d5550000, 715849728, 0) failed; error='Not enough space' (errno=12)
#
# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (mmap) failed to map 715849728 bytes for committing reserved memory.
# An error report file with more information is saved as:
# /home/sandwich/app/elk/logstash-7.17.1/bin/hs_err_pid35687.log
这种错误会根据pid打印到错误日志里面
[sandwich@centos-elk bin]$ ls -lrt | grep pid
-rw-rw-r--. 1 sandwich sandwich 24253 Apr 23 21:43 hs_err_pid34878.log
-rw-rw-r--. 1 sandwich sandwich 24187 Apr 24 02:59 hs_err_pid35512.log
-rw-rw-r--. 1 sandwich sandwich 24038 Apr 24 03:06 hs_err_pid35687.log
加内存就完了
2.Pipelines YAML file is empty
[sandwich@centos-elk bin]$ ./logstash
Using LS_JAVA_HOME defined java: /home/sandwich/app/elk/elasticsearch-7.17.1/jdk.
WARNING: Using LS_JAVA_HOME while Logstash distribution comes with a bundled JDK.
Sending Logstash logs to /home/sandwich/app/elk/logstash-7.17.1/logs which is now configured via log4j2.properties
[2022-04-24T03:30:18,875][INFO ][logstash.runner ] Log4j configuration path used is: /home/sandwich/app/elk/logstash-7.17.1/config/log4j2.properties
[2022-04-24T03:30:18,898][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.17.1", "jruby.version"=>"jruby 9.2.20.1 (2.5.8) 2021-11-30 2a2962fbd1 OpenJDK 64-Bit Server VM 17.0.2+8 on 17.0.2+8 +indy +jit [linux-x86_64]"}
[2022-04-24T03:30:18,902][INFO ][logstash.runner ] JVM bootstrap flags: [-Xms1g, -Xmx1g, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djruby.compile.invokedynamic=true, -Djruby.jit.threshold=0, -Djruby.regexp.interruptible=true, -XX:+HeapDumpOnOutOfMemoryError, -Djava.security.egd=file:/dev/urandom, -Dlog4j2.isThreadContextMapInheritable=true, --add-opens=java.base/sun.nio.ch=ALL-UNNAMED, --add-opens=java.base/java.io=ALL-UNNAMED]
ERROR: Pipelines YAML file is empty. Location: /home/sandwich/app/elk/logstash-7.17.1/config/pipelines.yml
usage:
bin/logstash -f CONFIG_PATH [-t] [-r] [] [-w COUNT] [-l LOG]
bin/logstash --modules MODULE_NAME [-M "MODULE_NAME.var.PLUGIN_TYPE.PLUGIN_NAME.VARIABLE_NAME=VALUE"] [-t] [-w COUNT] [-l LOG]
bin/logstash -e CONFIG_STR [-t] [--log.level fatal|error|warn|info|debug|trace] [-w COUNT] [-l LOG]
bin/logstash -i SHELL [--log.level fatal|error|warn|info|debug|trace]
bin/logstash -V [--log.level fatal|error|warn|info|debug|trace]
bin/logstash --help
[2022-04-24T03:30:19,537][FATAL][org.logstash.Logstash ] Logstash stopped processing because of an error: (SystemExit) exit
org.jruby.exceptions.SystemExit: (SystemExit) exit
at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:747) ~[jruby-complete-9.2.20.1.jar:?]
at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:710) ~[jruby-complete-9.2.20.1.jar:?]
at home.sandwich.app.elk.logstash_minus_7_dot_17_dot_1.lib.bootstrap.environment.<main>(/home/sandwich/app/elk/logstash-7.17.1/lib/bootstrap/environment.rb:94) ~[?:?]
当启动的时候不加任何参数,默认就需要读logstash-7.17.1/config/pipelines.yml指定的config.
这个时候pipelines.yml是空的就会报错。
如果启动的时候带了config相关的command line options参数或者已经指定了module,它会直接读传过去的参数,忽略pipelines.yml
它还会默认创建一个pipeline id为main的pipeline。
用一个指定的config file(/home/sandwich/app/elk/logstash-7.17.1/config/logstash.conf)来启动试试看
nohup /home/sandwich/app/elk/logstash-7.17.1/bin/logstash -f /home/sandwich/app/elk/logstash-7.17.1/config/logstash.conf >> /home/sandwich/app/elk/logstash-7.17.1/startup.log 2>&1 &
也是会忽略pipelines.yml
3.FATAL Error: [config validation of [elasticsearch].password]: expected value of type [string] but got [number]
这里就是往keystore添加密码的时候希望是string格式,但是输入的是number格式
这就是纯数字密码在这里导致的问题,建议把密码改成带字符的。
4.重置密码报错(./elasticsearch-setup-passwords interactive)
在我们设置了密码之后,想更新密码报错如下
[sandwich@centos-elk bin]$ ./elasticsearch-setup-passwords interactive
Failed to authenticate user 'elastic' against http://192.168.32.3:9200/_security/_authenticate?pretty
Possible causes include:
* The password for the 'elastic' user has already been changed on this cluster
* Your elasticsearch node is running against a different keystore
This tool used the keystore at /home/sandwich/app/elk/elasticsearch-7.17.1/config/elasticsearch.keystore
ERROR: Failed to verify bootstrap password
解决办法:
确认是否有.security-7索引
删除.security-7索引
然后重新执行密码设置命令,不用重启es集群即可生效。
5.setting [cluster.initial_master_nodes] is not allowed when [discovery.type] is set to [single-node]
这个是因为配置了单节点的时候跟以下配置有冲突了
cluster.initial_master_nodes: ["es1"]
把这个注释掉就好了。
6.IOException[keystore password was incorrect]
启动https后添加如下配置
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.authc.api_key.enabled: true
xpack.security.http.ssl.keystore.path: elastic-certificates.p12
xpack.security.http.ssl.truststore.path: elastic-certificates.p12
重启后爆出如下详细异常:
ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.http.ssl]]; nested: ElasticsearchException[failed to initialize SSL TrustManager]; nested: IOException[keystore password was incorrect]; nested: UnrecoverableKeyException[failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.];
Likely root cause: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2159)
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:221)
at java.base/java.security.KeyStore.load(KeyStore.java:1473)
再添加证书keystore加密的密码就好了
[sandwich@centos-elk config]$ tail -n 2 elasticsearch.yml
xpack.security.http.ssl.keystore.password: bbbbbb
xpack.security.http.ssl.truststore.password: bbbbbb
