1、Caused by: java.lang.RuntimeException: can not run elasticsearch as root
該問題是因爲啓動elasticsearch 時,使用了root用戶,所以只需要切換成elkb用戶即可。詳情請參考《如何快速搭建一個簡易的ELK日誌分析系統》。
錯誤信息如下:
[root@node08 elasticsearch-6.3.1]# ./bin/elasticsearch
[2020-05-13T17:40:36,170][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:140) ~[elasticsearch-6.3.1.jar:6.3.1]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:127) ~[elasticsearch-6.3.1.jar:6.3.1]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.3.1.jar:6.3.1]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.3.1.jar:6.3.1]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.3.1.jar:6.3.1]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.3.1.jar:6.3.1]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:86) ~[elasticsearch-6.3.1.jar:6.3.1]
Caused by: java.lang.RuntimeException: can not run elasticsearch as root
at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:104) ~[elasticsearch-6.3.1.jar:6.3.1]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:171) ~[elasticsearch-6.3.1.jar:6.3.1]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:326) ~[elasticsearch-6.3.1.jar:6.3.1]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.3.1.jar:6.3.1]
... 6 more
2、Exception in thread “main” java.nio.file.AccessDeniedException: /usr/local/soft/ELKB/elasticsearch-6.3.1/config/jvm.options
解決方案:因爲elkb用戶沒有該文件夾的權限,所以執行如下命令即可:
chown -R elkb:elkb /usr/local/soft/ELKB/elasticsearch-6.3.1/
3、max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
解決方案:修改/etc/sysctl.conf文件,修改配置vm.max_map_count=262144
vim /etc/sysctl.conf #編輯配置
sysctl -p #使配置生效
4、max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
解決方案:每個進程最大同時打開文件數太小,可通過下面2個命令查看當前數量:
ulimit -Hn
ulimit -Sn
修改/etc/security/limits.conf文件,增加配置,用戶退出後重新登錄生效
5、max number of threads [3818] for user [es] is too low, increase to at least [4096]
解決方案:同上面的一樣,只需要在/etc/security/limits.conf文件中,添加如下配置即可:
* soft nproc 4096
* hard nproc 4096
6、在執行curl -XPOST 請求時,出現:{“error”:“Content-Type header [application/x-www-form-urlencoded] is not supported”,“status”:406}
比如,報錯語句:
curl -XPOST 192.168.1.8:9200/test_index_1/test_type/5 -d '{'user_name':"xiaoming"}'
{"error":"Content-Type header [application/x-www-form-urlencoded] is not supported","status":406}
添加-H "Content-Type: application/json"請求頭,如下所示:
curl -H "Content-Type: application/json" -XPOST 192.168.1.8:9200/test_index_1/test_type/5 -d '{'user_name':"xiaoming"}'
{"error":"Content-Type header [application/x-www-form-urlencoded] is not supported","status":406}
7、{“type”:“mapper_parsing_exception”,“reason”:“No handler for type [string] declared on field [request]”}
解決方案:是因爲ES的版本引起的,在5.x以上已經沒有string類型。如果需要分詞的話使用text,不需要分詞使用keyword。