Virgin install of Open Distro elasticsearch crashes on startup

[J J Sloan]

Installed on brand new centos 8 box. Crash message below:

[2021-02-11T15:43:54,703][ERROR][o.e.b.Bootstrap          ] [elk] Exception

java.lang.IllegalArgumentException: Could not load codec 'Lucene87'.  Did you forget to add lucene-backward-codecs.jar?

Any ideas as to whether this is quickly fixable?

J J 

[Gabriel Wassan]

Hello J J, 
Could you give us more information about how you did the installation? What guide did you use?
Other useful info is what version of ODFE, Wazuh, and Kibana are you using.

Regards.

[J J Sloan]

Hi Gabriel, 

Wazuh 4.0.1 was installed on another box, but the host in question was elk stack only.

I installed a single node elk stack by the book, using the following procedure:

https://documentation.wazuh.com/4.0/installation-guide/open-distro/distributed-deployment/unattended/unattended-elasticsearch-cluster-installation.html

It installed the versions that were on github as of Feb 13th, and elasticsearch crashed on startup with the message about missing lucene-backward-codecs

Hope this helps,

J J 

[J J Sloan]

I'm happy to report that starting over with a brand new centos VM yielded a successful unattended install.

J J 

[Gabriel Wassan]

I'm glad I could help you, if everything is resolved I'll close the Issue.
If you have any further questions, please do not hesitate to reopen the Issue or use our [slack channel](https://wazuh.com/community/join-us-on-slack/), our [Google group](https://groups.google.com/forum/#!forum/wazuh)
Regards