Elasticsearch Failed

zmann · March 21, 2019, 1:19pm

Graylog version 2.4.6 and Elasticsearch version 5.6.12 on Centos 7. My Elasticsearch service failed and I can’t seem to get it back up.

 elasticsearch.service - Elasticsearch
   Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2019-03-06 13:10:56 EST; 2 weeks 0 days ago
     Docs: http://www.elastic.co
  Process: 1086 ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet -Edefault.path.logs=${LOG_DIR} -Edefault.path.data=${DATA_DIR} -Edefault.path.conf=${CONF_DIR} (code=exited, status=127)
  Process: 1076 ExecStartPre=/usr/share/elasticsearch/bin/elasticsearch-systemd-pre-exec (code=exited, status=0/SUCCESS)
 Main PID: 1086 (code=exited, status=127)

Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
[root@ElasticSearch elasticsearch]#

According to my elasticsearch logs, I see that my Java heap space is low. I tried to find some documentation on increasing java heap size, but I haven’t had much luck. A few weeks ago, I attempted to increase my java heap size in jvm.options, and this caused my Elasticsearch to fail (separate issue, I got it back after reinstalling elasticsearch.)

  [2019-03-06T13:10:54,705][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [] fatal error in thread [elasticsearch[yI1aO-Q][bulk][T#5]], exiting
    java.lang.OutOfMemoryError: Java heap space
            at org.apache.lucene.util.fst.BytesStore.writeByte(BytesStore.java:89) ~[lucene-core-6.6.1.jar:6.6.1 9aa465a89b64ff2dabe7b4d50c472de32c298683 - varunthacker - 2017-08-29 21:54:39]
            at org.apache.lucene.util.fst.FST.<init>(FST.java:295) ~[lucene-core-6.6.1.jar:6.6.1 9aa465a89b64ff2dabe7b4d50c472de32c298683 - varunthacker - 2017-08-29 21:54:39]
            at org.apache.lucene.util.fst.Builder.<init>(Builder.java:171) ~[lucene-core-6.6.1.jar:6.6.1 9aa465a89b64ff2dabe7b4d50c472de32c298683 - varunthacker - 2017-08-29 21:54:39]
            at org.apache.lucene.codecs.blocktree.BlockTreeTermsWriter$PendingBlock.compileIndex(BlockTreeTermsWriter.java:457) ~[lucene-core-6.6.1.jar:6.6.1 9aa465a89b64ff2dabe7b4d50c472de32c298683 - varunthacker - 2017-08-29 21:54:39]
            at org.apache.lucene.codecs.blocktree.BlockTreeTermsWriter$TermsWriter.writeBlocks(BlockTreeTermsWriter.java:635) ~[lucene-core-6.6.1.jar:6.6.1 9aa465a89b64ff2dabe7b4d50c472de32c298683 - varunthacker - 2017-08-29 21:54:39]
            at org.apache.lucene.codecs.blocktree.BlockTreeTermsWriter$TermsWriter.pushTerm(BlockTreeTermsWriter.java:907) ~[lucene-core-6.6.1.jar:6.6.1 9aa465a89b64ff2dabe7b4d50c472de32c298683 - varunthacker - 2017-08-29 21:54:39]
            at org.apache.lucene.codecs.blocktree.BlockTreeTermsWriter$TermsWriter.write(BlockTreeTermsWriter.java:871) ~[lucene-core-6.6.1.jar:6.6.1 9aa465a89b64ff2dabe7b4d50c472de32c298683 - varunthacker - 2017-08-29 21:54:39]
            at org.apache.lucene.codecs.blocktree.BlockTreeTermsWriter.write(BlockTreeTermsWriter.java:344) ~[lucene-core-6.6.1.jar:6.6.1 9aa465a89b64ff2dabe7b4d50c472de32c298683 - varunthacker - 2017-08-29 21:54:39]
            at org.apache.lucene.codecs.FieldsConsumer.merge(FieldsConsumer.java:105) ~[lucene-core-6.6.1.jar:6.6.1 9aa465a89b64ff2dabe7b4d50c472de32c298683 - varunthacker - 2017-08-29 21:54:39]
            at org.apache.lucene.codecs.perfield.PerFieldPostingsFormat$FieldsWriter.merge(PerFieldPostingsFormat.java:164) ~[lucene-core-6.6.1.jar:6.6.1 9aa465a89b64ff2dabe7b4d50c472de32c298683 - varunthacker - 2017-08-29 21:54:39]
            at org.apache.lucene.index.SegmentMerger.mergeTerms(SegmentMerger.java:216) ~[lucene-core-6.6.1.jar:6.6.1 9aa465a89b64ff2dabe7b4d50c472de32c298683 - varunthacker - 2017-08-29 21:54:39]
            at org.apache.lucene.index.SegmentMerger.merge(SegmentMerger.java:101) ~[lucene-core-6.6.1.jar:6.6.1 9aa465a89b64ff2dabe7b4d50c472de32c298683 - varunthacker - 2017-08-29 21:54:39]
            at org.apache.lucene.index.IndexWriter.mergeMiddle(IndexWriter.java:4356) ~[lucene-core-6.6.1.jar:6.6.1 9aa465a89b64ff2dabe7b4d50c472de32c298683 - varunthacker - 2017-08-29 21:54:39]
            at org.apache.lucene.index.IndexWriter.merge(IndexWriter.java:3931) ~[lucene-core-6.6.1.jar:6.6.1 9aa465a89b64ff2dabe7b4d50c472de32c298683 - varunthacker - 2017-08-29 21:54:39]
            at org.apache.lucene.index.ConcurrentMergeScheduler.doMerge(ConcurrentMergeScheduler.java:624) ~[lucene-core-6.6.1.jar:6.6.1 9aa465a89b64ff2dabe7b4d50c472de32c298683 - varunthacker - 2017-08-29 21:54:39]
            at org.elasticsearch.index.engine.ElasticsearchConcurrentMergeScheduler.doMerge(ElasticsearchConcurrentMergeScheduler.java:99) ~[elasticsearch-5.6.14.jar:5.6.14]
            at org.apache.lucene.index.ConcurrentMergeScheduler$MergeThread.run(ConcurrentMergeScheduler.java:661) ~[lucene-core-6.6.1.jar:6.6.1 9aa465a89b64ff2dabe7b4d50c472de32c298683 - varunthacker - 2017-08-29 21:54:39]
    [2019-03-06T13:10:55,338][WARN ][o.e.m.j.JvmGcMonitorService] [yI1aO-Q] [gc][1713401] overhead, spent [1.1s] collecting in the last [1.3s]

Thanks in advance.
Zac

jan · March 21, 2019, 1:37pm

Your Google Fu isn’t really strong I guess …

You can find the following in the Graylog Documentation: http://docs.graylog.org/en/2.4/pages/configuration/file_location.html#rpm-elasticsearch

and you can stackoverflow the qeustion and get this:

zmann · March 26, 2019, 7:03pm

Okay, I made the following changes and still no luck. My elasticsearch is still failing.

Changed MAX_LOCK_MEMORY to unlimited and changes bootstrap.memory_lock:true in elasticsearch.yml

# The maximum number of bytes of memory that may be locked into RAM
# Set to "unlimited" if you use the 'bootstrap.memory_lock: true' option
# in elasticsearch.yml.
# When using systemd, LimitMEMLOCK must be set in a unit file such as
# /etc/systemd/system/elasticsearch.service.d/override.conf.
MAX_LOCKED_MEMORY=unlimited

Also changed the heap space from Xms1g to Xms3g in JVM settings.

    # Xms represents the initial size of total heap space
    # Xmx represents the maximum size of total heap space

    -Xms3g 
    -Xmx3g 
    # the settings shipped with ES 5 were: -Xms2g
    # the settings shipped with ES 5 were: -Xmx2g
    ```

zmann · March 26, 2019, 7:09pm

These is the result I get when I do a systemctl start elasticsearch.service

  Error getting authority: Error initializing authority: Error calling StartServiceByName for org.freedesktop.PolicyKit1: Timeout was reached (g-io-error-quark, 24)
    Failed to start elasticsearch.service: Connection timed out


systemctl status elasticsearch.service
● elasticsearch.service - Elasticsearch
   Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2019-03-06 13:10:56 EST; 2 weeks 6 days ago
     Docs: http://www.elastic.co
  Process: 1086 ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet -Edefault.path.logs=${LOG_DIR} -Edefault.path.data=${DATA_DIR} -Edefault.path.conf=${CONF_DIR} (code=exited, status=127)
  Process: 1076 ExecStartPre=/usr/share/elasticsearch/bin/elasticsearch-systemd-pre-exec (code=exited, status=0/SUCCESS)
 Main PID: 1086 (code=exited, status=127)

Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
[root@ElasticSearch elasticsearch]#

system · April 9, 2019, 7:09pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Change of Elasticsearch data/log path causing error Graylog Central (peer support)	4	2098	February 19, 2019
Starting Elasticsearch Service fail after upgrade Graylog Central (peer support)	7	3062	May 11, 2022
Elasticsearch dies for no apparent reason Graylog Central (peer support)	3	3618	March 11, 2019
Elasticsearch Heap requirements skyrocketed Graylog Central (peer support)	5	1020	September 13, 2018
ElasticSearch wont stay running Graylog Central (peer support)	8	1184	November 4, 2020

Elasticsearch Failed

Related topics