Failed to start elasticsearch

88 views
Skip to first unread message

Enekupe Lelevaga

unread,
Oct 7, 2021, 4:39:56 PM10/7/21
to wa...@googlegroups.com
Someone help with this please. 

image.png

Enekupe Lelevaga

IT Support Officer 

+682 58133 | enetu...@gmail.com

Any opinions expressed in this message are not necessarily those of the Airport Authority of the Cook Island. This message and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivery to the intended recipient, be advised that you have received this message in error and that any use is strictly prohibited. Please contact the sender and delete the message and any attachment from your computer.

Enekupe Lelevaga

unread,
Oct 7, 2021, 5:07:18 PM10/7/21
to wa...@googlegroups.com

Victor Carlos Erenu

unread,
Oct 7, 2021, 5:58:11 PM10/7/21
to Wazuh mailing list
Hi 

According to the error you are getting, it seems that you are not being able to allocate enough memory for Elastisearch to start.

You can check memory allocation in JVM inside /etc/elasticsearch/jvm.options file and check if your machine has enough RAM available

Anyway, I ask you to attach the output of journalctl -r -u elasticsearch | grep -i -E "error | warning | critical | fatal" so we can verify the complete error that is generated when trying to start the service

You can also check our documentation


Regards

Victor Carlos Erenu

unread,
Oct 12, 2021, 12:01:06 PM10/12/21
to Wazuh mailing list
Hi Enekupe

please reply everyone in the message

We need the output of the journalctl -r -u elasticsearch | grep -i -E "error | warning | critical | fatal" to be able to verify the error that is being generated

You could also check by lowering the size assigned by xms and xmx to verify that it is not the RAM consumption (the minimum is 768m)

Regards

Enekupe Lelevaga

unread,
Oct 12, 2021, 2:15:58 PM10/12/21
to Victor Carlos Erenu, Wazuh mailing list
Hi Victor, 

I believe I was replying to all when send my last email to you.

The command you're telling me to run wasn't working when tried. I'll give it a try again.

Regards

Enekupe Lelevaga

IT Support Officer 

+682 58133 | enetu...@gmail.com

Any opinions expressed in this message are not necessarily those of the Airport Authority of the Cook Island. This message and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivery to the intended recipient, be advised that you have received this message in error and that any use is strictly prohibited. Please contact the sender and delete the message and any attachment from your computer.


--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/b85de601-98fb-41e5-ab5e-fdf7d2db4162n%40googlegroups.com.

Enekupe Lelevaga

unread,
Oct 12, 2021, 2:18:11 PM10/12/21
to Victor Carlos Erenu, Wazuh mailing list
Find output below. 

I really need help with this, please.

image.png


Victor Carlos Erenu

unread,
Oct 12, 2021, 2:48:51 PM10/12/21
to Wazuh mailing list
Hi

From what I see you are having trouble writing into the / var / log / elasticsearch directory, can you check the available space and permissions within that directory?

In case of no problems, can you send me what is saving inside the different log files?

Regards

Enekupe Lelevaga

unread,
Oct 12, 2021, 2:50:35 PM10/12/21
to Victor Carlos Erenu, Wazuh mailing list
Thanks, Victor, 

do you have a command for that, please? 




Enekupe Lelevaga

IT Support Officer 

+682 58133 | enetu...@gmail.com

Any opinions expressed in this message are not necessarily those of the Airport Authority of the Cook Island. This message and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivery to the intended recipient, be advised that you have received this message in error and that any use is strictly prohibited. Please contact the sender and delete the message and any attachment from your computer.


To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/c02f8c24-6ac4-4f7b-ba1c-aae70ea1a772n%40googlegroups.com.

Enekupe Lelevaga

unread,
Oct 12, 2021, 2:57:16 PM10/12/21
to Victor Carlos Erenu, Wazuh mailing list
inside /var/log/elasticsearch/

image.png


inside /var/log/elasticsearch/elasticsearch.log

image.png

image.png

image.png

Victor Carlos Erenu

unread,
Oct 12, 2021, 3:07:17 PM10/12/21
to Wazuh mailing list
Hi

Inside the / var / log / elasticsearch directory, from what the logs say, you have no available disk space

Check with the command df -h. Inside the directory to know the available space, I recommend that if you want to save all the logs that you have, move them to another disk or take them in a backup, and then delete them to free up space

Regards

Enekupe Lelevaga

unread,
Oct 12, 2021, 3:10:52 PM10/12/21
to Victor Carlos Erenu, Wazuh mailing list
output after running df -h 

image.png

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/26d65d2c-45ef-41ba-b115-2a05c94f3bc5n%40googlegroups.com.

Enekupe Lelevaga

unread,
Oct 12, 2021, 3:17:12 PM10/12/21
to Victor Carlos Erenu, Wazuh mailing list
Wazuh management has a 2 terabyte drive assigned to it, but all of the logs appear to be stored on a 40 terabyte disk rather than the 2 terabyte disk. I'm not sure why, but if you could assist me in figuring out how to send all logs to the 2T [please], that would be great.



Victor Carlos Erenu

unread,
Oct 12, 2021, 3:19:29 PM10/12/21
to Wazuh mailing list
Hi 

On the server where are you showing the logs, is it where you have all the services installed? because the errors are logging that you do not have disk space, you should check to free more space because possibly at the time of turning on the services it is consuming it

Regards

Enekupe Lelevaga

unread,
Oct 12, 2021, 3:30:38 PM10/12/21
to Victor Carlos Erenu, Wazuh mailing list
Yes, that is where all services are installed.



To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/0da9d966-d5c9-4992-b6e6-c6c619ebe7aen%40googlegroups.com.

Victor Carlos Erenu

unread,
Oct 13, 2021, 10:08:48 AM10/13/21
to Wazuh mailing list
Hi

You should check the way to clean the logs you have inside the Elasticsearch logs directory
If it still does not start the service, I ask you to pass me the logs that are generated at that start again

Regards

Enekupe Lelevaga

unread,
Oct 13, 2021, 10:24:59 PM10/13/21
to Victor Carlos Erenu, Wazuh mailing list
being searching for a command to clean. Can you give please.

Enekupe Lelevaga

IT Support Officer 

+682 58133 | enetu...@gmail.com

Any opinions expressed in this message are not necessarily those of the Airport Authority of the Cook Island. This message and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivery to the intended recipient, be advised that you have received this message in error and that any use is strictly prohibited. Please contact the sender and delete the message and any attachment from your computer.


To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/979928b0-8620-40c2-a523-ff22b44f0d45n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages