一、elasticsearch
1、OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
解决:
关闭虚拟机并将处理器的的“每个处理器的内核数量”改为2。
2、main ERROR Could not register mbeans java.security.AccessControlException: access denied ("javax.management.MBeanTrustPermission" "register")
解决:
更改elasticsearch文件夹所有者到当前用户:
sudo chown -R wzh.wzh elasticsearch-5.4.3
3、OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
解决:
此问题为jdk版本太新了。安装低版本jdk即可解决,比如安装jdk1.8
4、启动elasticsearch后直接被杀死
由于ES是运行在JVM上,JVM本身除了分配的heap内存以外,还会用到一些堆外(off heap)内存。 在小内存的机器上跑ES,如果heap划分过多,累加上堆外内存后,总的JVM使用内存量可能超过物理内存限制。 如果swap又是关闭的情况下,就会被操作系统oom killer杀掉。
解决:
修改ES中config目录下的jvm.options文件:
将
-Xms1g
-Xmx1g
改为
-Xms512m
-Xmx512m
5、ERROR: [2] bootstrap checks failed
(1)问题[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
解决:
编辑 /etc/security/limits.conf,追加以下内容,其中数字可根据提示来修改。
* soft nofile 65536
* hard nofile 131072
* soft nproc 65536
* hard nproc 65536其中*表示所有用户,soft指软限制,hard指硬限制。
注:
在Ubuntu18.04中修改以上配置后可能还不能生效,还需要修改 /etc/systemd/user.conf 及 /etc/systemd/system.conf 中如下面这行的配置项:
此文件修改后需要重新登录用户,才会生效。
用普通用户,查看进程数:
ulimit -n // 查看系统打开文件描述符的最大值
ulimit -Hn // 查看用户硬限制
ulimit -Su // 查看用户软限制
(2)问题 [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
解决:
编辑 /etc/sysctl.conf,追加以下内容:
vm.max_map_count=262144
保存后,执行:
sysctl -p
或者:
sysctl -w vm.max_map_count=262144
二、logstash
1、
Sending Logstash's logs to /home/wzh/Elk/logstash-5.4.3/logs which is now configured via log4j2.properties
[2020-05-20T00:04:43,938][FATAL][logstash.runner]
An unexpected error occurred!
{ :error=>#<ArgumentError: Setting "" hasn't been registered>,
:backtrace=>[
"/home/wzh/Elk/logstash-5.4.3/logstash-core/lib/logstash/settings.rb:29:in `get_setting'",
"/home/wzh/Elk/logstash-5.4.3/logstash-core/lib/logstash/settings.rb:61:in `set_value'",
"/home/wzh/Elk/logstash-5.4.3/logstash-core/lib/logstash/settings.rb:80:in `merge'",
"org/jruby/RubyHash.java:1342:in `each'",
"/home/wzh/Elk/logstash-5.4.3/logstash-core/lib/logstash/settings.rb:80:in `merge'",
"/home/wzh/Elk/logstash-5.4.3/logstash-core/lib/logstash/settings.rb:129:in `validate_all'",
"/home/wzh/Elk/logstash-5.4.3/logstash-core/lib/logstash/runner.rb:217:in `execute'",
"/home/wzh/Elk/logstash-5.4.3/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:67:in `run'",
"/home/wzh/Elk/logstash-5.4.3/logstash-core/lib/logstash/runner.rb:185:in `run'",
"/home/wzh/Elk/logstash-5.4.3/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:132:in `run'",
"/home/wzh/Elk/logstash-5.4.3/lib/bootstrap/environment.rb:71:in `(root)'"
]
}
此问题是配置文件中出现非法的字符,或者编码方式不正确。修改config底下的logstash.yml
三、kibana
1、Unable to fetch mapping. Do you have indices matching the pattern?
此问题是kibana想Kibana想映射ES的一个索引,你需要指定一个在ES中已存在的索引,在页面中,有一个默认索引:一个叫logstash-*的索引。注意此索引和logstash中的配置文件设置有关系,如果配置文件没写好则有可能搜索不出索引。如配置文件里“index => "logstash-%{+YYYY-MM-dd}”则kibana输入:“lostash-*”即可创建对应索引。