Elasticsearch Service Not Running (New Installation)

Graylog Central (peer support)
1

Hi ,

I have installed fresh new setup of graylog on virtual machine and all component of graylog is working except Elasticsearch.

When I starting service of elasticsearch getting below info :

● elasticsearch.service - Elasticsearch
   Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Mon 2018-09-24 17:58:16 +04; 10min ago
     Docs: http://www.elastic.co
  Process: 5126 ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet -Edefault.path.logs=${LOG_DIR} -Edefault.path.data=${DATA_DIR} -Edefault.path.conf=${CONF_DIR} (code=exited, status=1/FAILURE)
  Process: 5124 ExecStartPre=/usr/share/elasticsearch/bin/elasticsearch-systemd-pre-exec (code=exited, status=0/SUCCESS)
 Main PID: 5126 (code=exited, status=1/FAILURE)

Sep 24 17:58:16 user-virtual-machine elasticsearch[5126]:         at org.elasticsearch.node.InternalSettingsPreparer.prepareEnvironment(InternalSettingsPreparer.java:100)
Sep 24 17:58:16 user-virtual-machine elasticsearch[5126]:         at org.elasticsearch.cli.EnvironmentAwareCommand.createEnv(EnvironmentAwareCommand.java:75)
Sep 24 17:58:16 user-virtual-machine elasticsearch[5126]:         at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:70)
Sep 24 17:58:16 user-virtual-machine elasticsearch[5126]:         at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:134)
Sep 24 17:58:16 user-virtual-machine elasticsearch[5126]:         at org.elasticsearch.cli.Command.main(Command.java:90)
Sep 24 17:58:16 user-virtual-machine elasticsearch[5126]:         at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:91)
Sep 24 17:58:16 user-virtual-machine elasticsearch[5126]:         at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:84)
Sep 24 17:58:16 user-virtual-machine systemd[1]: elasticsearch.service: Main process exited, code=exited, status=1/FAILURE
Sep 24 17:58:16 user-virtual-machine systemd[1]: elasticsearch.service: Unit entered failed state.
Sep 24 17:58:16 user-virtual-machine systemd[1]: elasticsearch.service: Failed with result 'exit-code'.

And on the log getting below logging information :

Sep 24 17:58:16 user-virtual-machine elasticsearch[5126]: Exception in thread "main" 2018-09-24 17:58:16,485 main ERROR No Log4j 2 configuration file found. Using default configuration (logging only errors to the console), or user programmatically provided configurations. Set system property 'log4j2.debug' to show Log4j 2 internal initialization logging. See https://logging.apache.org/log4j/2.x/manual/configuration.html for instructions on how to configure Log4j 2
Sep 24 17:58:16 user-virtual-machine elasticsearch[5126]: ElasticsearchParseException[malformed, expected settings to start with 'object', instead was [VALUE_STRING]]
Sep 24 17:58:16 user-virtual-machine elasticsearch[5126]: #011at org.elasticsearch.common.settings.loader.XContentSettingsLoader.load(XContentSettingsLoader.java:73)
Sep 24 17:58:16 user-virtual-machine elasticsearch[5126]: #011at org.elasticsearch.common.settings.loader.XContentSettingsLoader.load(XContentSettingsLoader.java:52)
Sep 24 17:58:16 user-virtual-machine elasticsearch[5126]: #011at org.elasticsearch.common.settings.loader.YamlSettingsLoader.load(YamlSettingsLoader.java:50)
Sep 24 17:58:16 user-virtual-machine elasticsearch[5126]: #011at org.elasticsearch.common.settings.Settings$Builder.loadFromStream(Settings.java:1050)
Sep 24 17:58:16 user-virtual-machine elasticsearch[5126]: #011at org.elasticsearch.common.settings.Settings$Builder.loadFromPath(Settings.java:1039)
Sep 24 17:58:16 user-virtual-machine elasticsearch[5126]: #011at org.elasticsearch.node.InternalSettingsPreparer.prepareEnvironment(InternalSettingsPreparer.java:100)
Sep 24 17:58:16 user-virtual-machine elasticsearch[5126]: #011at org.elasticsearch.cli.EnvironmentAwareCommand.createEnv(EnvironmentAwareCommand.java:75)
Sep 24 17:58:16 user-virtual-machine elasticsearch[5126]: #011at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:70)
Sep 24 17:58:16 user-virtual-machine elasticsearch[5126]: #011at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:134)
Sep 24 17:58:16 user-virtual-machine elasticsearch[5126]: #011at org.elasticsearch.cli.Command.main(Command.java:90)
Sep 24 17:58:16 user-virtual-machine elasticsearch[5126]: #011at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:91)
Sep 24 17:58:16 user-virtual-machine elasticsearch[5126]: #011at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:84)
Sep 24 17:58:16 user-virtual-machine systemd[1]: elasticsearch.service: Main process exited, code=exited, status=1/FAILURE
Sep 24 17:58:16 user-virtual-machine systemd[1]: elasticsearch.service: Unit entered failed state.
Sep 24 17:58:16 user-virtual-machine systemd[1]: elasticsearch.service: Failed with result 'exit-code'.

Can you please check and help ?

Thanks

2

when you post your logfiles with a proper formatting, it would have been easier to read.

But how did you install Graylog and all components on this VM? What guide did you follow?

3

I have follow Ubuntu Installation steps :
http://docs.graylog.org/en/2.4/pages/installation/os/ubuntu.html

4

you might want to check your elasticsearch.yml if you have space after the : ?

cluster.name: es_cluster  
node.name: ES1

if that is not the error please post the output of:

sed -e 's/[#;].*//;/^\s*$/d' "$@" /etc/elasticsearch/*

thx

5

Added space after the line “cluster.name: graylog” and restarted the services. Still elasticsearch service is NOT active and logging below error messages :

java.lang.IllegalStateException: **Failed to create node environment**
	at org.elasticsearch.node.Node.<init>(Node.java:268) ~[elasticsearch-5.6.12.jar:5.6.12]
	at org.elasticsearch.node.Node.<init>(Node.java:245) ~[elasticsearch-5.6.12.jar:5.6.12]
	at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:233) ~[elasticsearch-5.6.12.jar:5.6.12]
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:233) ~[elasticsearch-5.6.12.jar:5.6.12]
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:342) [elasticsearch-5.6.12.jar:5.6.12]
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:132) [elasticsearch-5.6.12.jar:5.6.12]
	at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:123) [elasticsearch-5.6.12.jar:5.6.12]
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:70) [elasticsearch-5.6.12.jar:5.6.12]
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:134) [elasticsearch-5.6.12.jar:5.6.12]
	at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-5.6.12.jar:5.6.12]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:91) [elasticsearch-5.6.12.jar:5.6.12]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:84) [elasticsearch-5.6.12.jar:5.6.12]
Caused by: java.nio.file.**AccessDeniedException: /var/data/elasticsearch/nodes**

Permission for /var/data/elasticsearch

drwxr-xr-x 2 root elasticsearch 4096 Sep 25 10:56 elasticsearch

Thanks,

6

he @Rais the data directory of Elasticsearch needs to be writable for the elasticsearch user.

7

Thanks @jan Working now

8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.