unable to start elasticsearch

karthick kn

unread,

Dec 2, 2021, 4:15:59 AM12/2/21

to Wazuh mailing list

Hi all,

kindly solution for this

[Kalinga@kalinga ~]$ sudo systemctl status elasticsearch
* elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2021-12-02 14:37:47 IST; 2min 35s ago
Docs: https://www.elastic.co
Process: 3295761 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 3295761 (code=exited, status=1/FAILURE)

Dec 02 14:37:47 kalinga.coreservices01 systemd-entrypoint[3295761]: at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:158)
Dec 02 14:37:47 kalinga.coreservices01 systemd-entrypoint[3295761]: at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:75)
Dec 02 14:37:47 kalinga.coreservices01 systemd-entrypoint[3295761]: at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:114)
Dec 02 14:37:47 kalinga.coreservices01 systemd-entrypoint[3295761]: at org.elasticsearch.cli.Command.main(Command.java:79)
Dec 02 14:37:47 kalinga.coreservices01 systemd-entrypoint[3295761]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:123)
Dec 02 14:37:47 kalinga.coreservices01 systemd-entrypoint[3295761]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:81)
Dec 02 14:37:47 kalinga.coreservices01 systemd-entrypoint[3295761]: For complete error details, refer to the log at /var/log/elasticsearch/my-application.log
Dec 02 14:37:47 kalinga.coreservices01 systemd[1]: elasticsearch.service: Main process exited, code=exited, status=1/FAILURE
Dec 02 14:37:47 kalinga.coreservices01 systemd[1]: elasticsearch.service: Failed with result 'exit-code'.
Dec 02 14:37:47 kalinga.coreservices01 systemd[1]: Failed to start Elasticsearch.

--

Regards,

karthick R

karthick kn

unread,

Dec 2, 2021, 4:47:49 AM12/2/21

to Wazuh mailing list

please find my log

[Kalinga@kalinga ~]$ sudo cat /var/log/elasticsearch/my-application.log
[sudo] password for Kalinga:
[2021-12-02T14:37:43,435][INFO ][o.e.n.Node ] [node-1] version[7.15.2], pid[3295761], build[default/rpm/93d5a7f6192e8a1a12e154a2b81bf6fa7309da0c/2021-11-04T14:04:42.515624022Z], OS[Linux/4.18.0-240.22.1.el8_3.x86_64/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/17.0.1/17.0.1+12]
[2021-12-02T14:37:43,444][INFO ][o.e.n.Node ] [node-1] JVM home [/usr/share/elasticsearch/jdk], using bundled JDK [true]
[2021-12-02T14:37:43,447][INFO ][o.e.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, --add-opens=java.base/java.io=ALL-UNNAMED, -Xms4g, -Xmx4g, -XX:+UseG1GC, -Djava.io.tmpdir=/tmp/elasticsearch-5121493711172250201, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/elasticsearch, -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -XX:MaxDirectMemorySize=2147483648, -XX:G1HeapRegionSize=4m, -XX:InitiatingHeapOccupancyPercent=30, -XX:G1ReservePercent=15, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/etc/elasticsearch, -Des.distribution.flavor=default, -Des.distribution.type=rpm, -Des.bundled_jdk=true]
[2021-12-02T14:37:47,245][INFO ][o.e.p.PluginsService ] [node-1] loaded module [aggs-matrix-stats]
[2021-12-02T14:37:47,246][INFO ][o.e.p.PluginsService ] [node-1] loaded module [analysis-common]
[2021-12-02T14:37:47,247][INFO ][o.e.p.PluginsService ] [node-1] loaded module [constant-keyword]
[2021-12-02T14:37:47,247][INFO ][o.e.p.PluginsService ] [node-1] loaded module [frozen-indices]
[2021-12-02T14:37:47,248][INFO ][o.e.p.PluginsService ] [node-1] loaded module [ingest-common]
[2021-12-02T14:37:47,248][INFO ][o.e.p.PluginsService ] [node-1] loaded module [ingest-geoip]
[2021-12-02T14:37:47,248][INFO ][o.e.p.PluginsService ] [node-1] loaded module [ingest-user-agent]
[2021-12-02T14:37:47,249][INFO ][o.e.p.PluginsService ] [node-1] loaded module [kibana]
[2021-12-02T14:37:47,249][INFO ][o.e.p.PluginsService ] [node-1] loaded module [lang-expression]
[2021-12-02T14:37:47,250][INFO ][o.e.p.PluginsService ] [node-1] loaded module [lang-mustache]
[2021-12-02T14:37:47,250][INFO ][o.e.p.PluginsService ] [node-1] loaded module [lang-painless]
[2021-12-02T14:37:47,251][INFO ][o.e.p.PluginsService ] [node-1] loaded module [mapper-extras]
[2021-12-02T14:37:47,251][INFO ][o.e.p.PluginsService ] [node-1] loaded module [mapper-version]
[2021-12-02T14:37:47,251][INFO ][o.e.p.PluginsService ] [node-1] loaded module [parent-join]
[2021-12-02T14:37:47,252][INFO ][o.e.p.PluginsService ] [node-1] loaded module [percolator]
[2021-12-02T14:37:47,253][INFO ][o.e.p.PluginsService ] [node-1] loaded module [rank-eval]
[2021-12-02T14:37:47,253][INFO ][o.e.p.PluginsService ] [node-1] loaded module [reindex]
[2021-12-02T14:37:47,253][INFO ][o.e.p.PluginsService ] [node-1] loaded module [repositories-metering-api]
[2021-12-02T14:37:47,254][INFO ][o.e.p.PluginsService ] [node-1] loaded module [repository-encrypted]
[2021-12-02T14:37:47,254][INFO ][o.e.p.PluginsService ] [node-1] loaded module [repository-url]
[2021-12-02T14:37:47,255][INFO ][o.e.p.PluginsService ] [node-1] loaded module [runtime-fields-common]
[2021-12-02T14:37:47,255][INFO ][o.e.p.PluginsService ] [node-1] loaded module [search-business-rules]
[2021-12-02T14:37:47,255][INFO ][o.e.p.PluginsService ] [node-1] loaded module [searchable-snapshots]
[2021-12-02T14:37:47,256][INFO ][o.e.p.PluginsService ] [node-1] loaded module [snapshot-repo-test-kit]
[2021-12-02T14:37:47,256][INFO ][o.e.p.PluginsService ] [node-1] loaded module [spatial]
[2021-12-02T14:37:47,256][INFO ][o.e.p.PluginsService ] [node-1] loaded module [systemd]
[2021-12-02T14:37:47,257][INFO ][o.e.p.PluginsService ] [node-1] loaded module [transform]
[2021-12-02T14:37:47,257][INFO ][o.e.p.PluginsService ] [node-1] loaded module [transport-netty4]
[2021-12-02T14:37:47,257][INFO ][o.e.p.PluginsService ] [node-1] loaded module [unsigned-long]
[2021-12-02T14:37:47,258][INFO ][o.e.p.PluginsService ] [node-1] loaded module [vector-tile]
[2021-12-02T14:37:47,258][INFO ][o.e.p.PluginsService ] [node-1] loaded module [vectors]
[2021-12-02T14:37:47,259][INFO ][o.e.p.PluginsService ] [node-1] loaded module [wildcard]
[2021-12-02T14:37:47,259][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-aggregate-metric]
[2021-12-02T14:37:47,260][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-analytics]
[2021-12-02T14:37:47,260][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-async]
[2021-12-02T14:37:47,261][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-async-search]
[2021-12-02T14:37:47,261][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-autoscaling]
[2021-12-02T14:37:47,261][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-ccr]
[2021-12-02T14:37:47,262][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-core]
[2021-12-02T14:37:47,262][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-data-streams]
[2021-12-02T14:37:47,262][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-deprecation]
[2021-12-02T14:37:47,262][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-enrich]
[2021-12-02T14:37:47,263][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-eql]
[2021-12-02T14:37:47,263][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-fleet]
[2021-12-02T14:37:47,263][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-graph]
[2021-12-02T14:37:47,263][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-identity-provider]
[2021-12-02T14:37:47,264][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-ilm]
[2021-12-02T14:37:47,264][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-logstash]
[2021-12-02T14:37:47,264][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-ml]
[2021-12-02T14:37:47,265][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-monitoring]
[2021-12-02T14:37:47,266][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-ql]
[2021-12-02T14:37:47,266][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-rollup]
[2021-12-02T14:37:47,266][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-security]
[2021-12-02T14:37:47,266][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-shutdown]
[2021-12-02T14:37:47,267][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-sql]
[2021-12-02T14:37:47,267][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-stack]
[2021-12-02T14:37:47,267][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-text-structure]
[2021-12-02T14:37:47,268][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-voting-only-node]
[2021-12-02T14:37:47,268][INFO ][o.e.p.PluginsService ] [node-1] loaded module [x-pack-watcher]
[2021-12-02T14:37:47,269][INFO ][o.e.p.PluginsService ] [node-1] no plugins loaded
[2021-12-02T14:37:47,339][ERROR][o.e.b.Bootstrap ] [node-1] Exception
java.lang.IllegalStateException: failed to obtain node locks, tried [[/var/lib/elasticsearch]] with lock id [0]; maybe these locations are not writable or multiple nodes were started without increasing [node.max_local_storage_nodes] (was [1])?
at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:292) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.node.Node.<init>(Node.java:383) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.node.Node.<init>(Node.java:288) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:219) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:219) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:399) [elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:167) [elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:158) [elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:75) [elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:114) [elasticsearch-cli-7.15.2.jar:7.15.2]
at org.elasticsearch.cli.Command.main(Command.java:79) [elasticsearch-cli-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:123) [elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:81) [elasticsearch-7.15.2.jar:7.15.2]
Caused by: java.io.IOException: failed to obtain lock on /var/lib/elasticsearch/nodes/0
at org.elasticsearch.env.NodeEnvironment$NodeLock.<init>(NodeEnvironment.java:214) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:262) ~[elasticsearch-7.15.2.jar:7.15.2]
... 12 more
Caused by: java.nio.file.AccessDeniedException: /var/lib/elasticsearch/nodes/0/node.lock
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:90) ~[?:?]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106) ~[?:?]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[?:?]
at sun.nio.fs.UnixFileSystemProvider.newFileChannel(UnixFileSystemProvider.java:182) ~[?:?]
at java.nio.channels.FileChannel.open(FileChannel.java:298) ~[?:?]
at java.nio.channels.FileChannel.open(FileChannel.java:357) ~[?:?]
at org.apache.lucene.store.NativeFSLockFactory.obtainFSLock(NativeFSLockFactory.java:125) ~[lucene-core-8.9.0.jar:8.9.0 05c8a6f0163fe4c330e93775e8e91f3ab66a3f80 - mayyasharipova - 2021-06-10 17:50:37]
at org.apache.lucene.store.FSLockFactory.obtainLock(FSLockFactory.java:41) ~[lucene-core-8.9.0.jar:8.9.0 05c8a6f0163fe4c330e93775e8e91f3ab66a3f80 - mayyasharipova - 2021-06-10 17:50:37]
at org.apache.lucene.store.BaseDirectory.obtainLock(BaseDirectory.java:45) ~[lucene-core-8.9.0.jar:8.9.0 05c8a6f0163fe4c330e93775e8e91f3ab66a3f80 - mayyasharipova - 2021-06-10 17:50:37]
at org.elasticsearch.env.NodeEnvironment$NodeLock.<init>(NodeEnvironment.java:207) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:262) ~[elasticsearch-7.15.2.jar:7.15.2]
... 12 more
[2021-12-02T14:37:47,355][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [node-1] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to obtain node locks, tried [[/var/lib/elasticsearch]] with lock id [0]; maybe these locations are not writable or multiple nodes were started without increasing [node.max_local_storage_nodes] (was [1])?
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:171) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:158) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:75) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:114) ~[elasticsearch-cli-7.15.2.jar:7.15.2]
at org.elasticsearch.cli.Command.main(Command.java:79) ~[elasticsearch-cli-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:123) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:81) ~[elasticsearch-7.15.2.jar:7.15.2]
Caused by: java.lang.IllegalStateException: failed to obtain node locks, tried [[/var/lib/elasticsearch]] with lock id [0]; maybe these locations are not writable or multiple nodes were started without increasing [node.max_local_storage_nodes] (was [1])?
at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:292) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.node.Node.<init>(Node.java:383) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.node.Node.<init>(Node.java:288) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:219) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:219) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:399) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:167) ~[elasticsearch-7.15.2.jar:7.15.2]
... 6 more
Caused by: java.io.IOException: failed to obtain lock on /var/lib/elasticsearch/nodes/0
at org.elasticsearch.env.NodeEnvironment$NodeLock.<init>(NodeEnvironment.java:214) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:262) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.node.Node.<init>(Node.java:383) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.node.Node.<init>(Node.java:288) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:219) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:219) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:399) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:167) ~[elasticsearch-7.15.2.jar:7.15.2]
... 6 more
Caused by: java.nio.file.AccessDeniedException: /var/lib/elasticsearch/nodes/0/node.lock
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:90) ~[?:?]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106) ~[?:?]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[?:?]
at sun.nio.fs.UnixFileSystemProvider.newFileChannel(UnixFileSystemProvider.java:182) ~[?:?]
at java.nio.channels.FileChannel.open(FileChannel.java:298) ~[?:?]
at java.nio.channels.FileChannel.open(FileChannel.java:357) ~[?:?]
at org.apache.lucene.store.NativeFSLockFactory.obtainFSLock(NativeFSLockFactory.java:125) ~[lucene-core-8.9.0.jar:8.9.0 05c8a6f0163fe4c330e93775e8e91f3ab66a3f80 - mayyasharipova - 2021-06-10 17:50:37]
at org.apache.lucene.store.FSLockFactory.obtainLock(FSLockFactory.java:41) ~[lucene-core-8.9.0.jar:8.9.0 05c8a6f0163fe4c330e93775e8e91f3ab66a3f80 - mayyasharipova - 2021-06-10 17:50:37]
at org.apache.lucene.store.BaseDirectory.obtainLock(BaseDirectory.java:45) ~[lucene-core-8.9.0.jar:8.9.0 05c8a6f0163fe4c330e93775e8e91f3ab66a3f80 - mayyasharipova - 2021-06-10 17:50:37]
at org.elasticsearch.env.NodeEnvironment$NodeLock.<init>(NodeEnvironment.java:207) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:262) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.node.Node.<init>(Node.java:383) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.node.Node.<init>(Node.java:288) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:219) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:219) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:399) ~[elasticsearch-7.15.2.jar:7.15.2]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:167) ~[elasticsearch-7.15.2.jar:7.15.2]
... 6 more

--

Regards,

karthick R

Luis González Romero

unread,

Dec 2, 2021, 5:18:49 AM12/2/21

to Wazuh mailing list

Hello karthick R, hope you are doing great.

This user had the same issue, here's the link.

Let's try to see if this is happening to you. Run the following command ps aux | grep 'elastic' and then kill -9 <ES_PID>. If you are using a dockerized elasticsearch, this applies too. In this case, the host won't show up another ElasticSearch container but could have an orphaned process.

Hope this helps you,
Luis.

karthick kn

unread,

Dec 2, 2021, 5:33:18 AM12/2/21

to Luis González Romero, Wazuh mailing list

Hi luis,

I followed above command .unable to kill

Kalinga 3304147 0.0 0.0 9204 1104 pts/10 S+ 15:53 0:00 grep --color=auto elasticsearch
[Kalinga@kalinga lib]$ sudo kill -9 3304147
kill: sending signal to 3304147 failed: No such process
[Kalinga@kalinga lib]$ sudo kill -9 3304147
kill: sending signal to 3304147 failed: No such process
[Kalinga@kalinga lib]$ sudo ps aux | grep elasticsearch
Kalinga 3304423 0.0 0.0 9204 1108 pts/10 S+ 15:55 0:00 grep --color=auto elasticsearch
[Kalinga@kalinga lib]$ sudo kill -9 3304423
kill: sending signal to 3304423 failed: No such process
[Kalinga@kalinga lib]$ sudo ps aux | grep elasticsearch
Kalinga 3304485 0.0 0.0 9204 1148 pts/10 R+ 15:56 0:00 grep --color=auto elasticsearch

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/48e00a05-f1fc-4e7c-a47e-01a685957469n%40googlegroups.com.

--

Regards,

karthick R

karthick kn

unread,

Dec 2, 2021, 10:42:55 AM12/2/21

to Wazuh mailing list

Hi supporter

[Kalinga@kalinga ~]$ sudo systemctl status elasticsearch
* elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled; vendor preset: disabled)

Active: failed (Result: exit-code) since Thu 2021-12-02 21:05:12 IST; 3min 46s ago
Docs: https://www.elastic.co
Process: 3350061 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 3350061 (code=exited, status=1/FAILURE)

Dec 02 21:05:12 kalinga.coreservices01 systemd-entrypoint[3350061]: at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150)
Dec 02 21:05:12 kalinga.coreservices01 systemd-entrypoint[3350061]: at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:75)
Dec 02 21:05:12 kalinga.coreservices01 systemd-entrypoint[3350061]: at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:116)
Dec 02 21:05:12 kalinga.coreservices01 systemd-entrypoint[3350061]: at org.elasticsearch.cli.Command.main(Command.java:79)
Dec 02 21:05:12 kalinga.coreservices01 systemd-entrypoint[3350061]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115)
Dec 02 21:05:12 kalinga.coreservices01 systemd-entrypoint[3350061]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:81)
Dec 02 21:05:12 kalinga.coreservices01 systemd-entrypoint[3350061]: For complete error details, refer to the log at /var/log/elasticsearch/elasticsearch.log
Dec 02 21:05:12 kalinga.coreservices01 systemd[1]: elasticsearch.service: Main process exited, code=exited, status=1/FAILURE
Dec 02 21:05:12 kalinga.coreservices01 systemd[1]: elasticsearch.service: Failed with result 'exit-code'.
Dec 02 21:05:12 kalinga.coreservices01 systemd[1]: Failed to start Elasticsearch.

[Kalinga@kalinga ~]$ sudo tail -f /var/log/elasticsearch/elasticsearch.log
at org.elasticsearch.gateway.PersistedClusterStateService.nodeMetadata(PersistedClusterStateService.java:256) ~[elasticsearch-7.11.2.jar:7.11.2]
at org.elasticsearch.env.NodeEnvironment.loadNodeMetadata(NodeEnvironment.java:399) ~[elasticsearch-7.11.2.jar:7.11.2]
at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:320) ~[elasticsearch-7.11.2.jar:7.11.2]
at org.elasticsearch.node.Node.<init>(Node.java:351) ~[elasticsearch-7.11.2.jar:7.11.2]
at org.elasticsearch.node.Node.<init>(Node.java:278) ~[elasticsearch-7.11.2.jar:7.11.2]
at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:216) ~[elasticsearch-7.11.2.jar:7.11.2]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:216) ~[elasticsearch-7.11.2.jar:7.11.2]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:387) ~[elasticsearch-7.11.2.jar:7.11.2]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.11.2.jar:7.11.2]
... 6 more

--

Regards,

karthick R

Luis González Romero

unread,

Dec 3, 2021, 4:16:23 AM12/3/21

to Wazuh mailing list

Hello again,

As I can see, you could have no right permissions in /var/lib/elasticsearch or an orphaned elasticsearch process because as the error says:
the directory is not writable or multiple nodes were started without increasing [node.max_local_storage_nodes].

You have to start with checking those permissions and restarting the elastic service. Also, I suggest you that check the log 
using this command instead: grep -E -i 'erro|warn|fail|expir' /var/log/elasticsearch/elasticsearch.log in order to check if you have
more errors to care about.

Regards,
Luis.

Reply all

Reply to author

Forward