1、Caused by: java.lang.RuntimeException: can not run elasticsearch as root
该问题是因为启动elasticsearch 时,使用了root用户,所以只需要切换成elkb用户即可。详情请参考《如何快速搭建一个简易的ELK日志分析系统》。
错误信息如下:
[root@node08 elasticsearch-6.3.1]# ./bin/elasticsearch
[2020-05-13T17:40:36,170][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:140) ~[elasticsearch-6.3.1.jar:6.3.1]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:127) ~[elasticsearch-6.3.1.jar:6.3.1]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.3.1.jar:6.3.1]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.3.1.jar:6.3.1]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.3.1.jar:6.3.1]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.3.1.jar:6.3.1]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:86) ~[elasticsearch-6.3.1.jar:6.3.1]
Caused by: java.lang.RuntimeException: can not run elasticsearch as root
at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:104) ~[elasticsearch-6.3.1.jar:6.3.1]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:171) ~[elasticsearch-6.3.1.jar:6.3.1]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:326) ~[elasticsearch-6.3.1.jar:6.3.1]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.3.1.jar:6.3.1]
... 6 more
2、Exception in thread “main” java.nio.file.AccessDeniedException: /usr/local/soft/ELKB/elasticsearch-6.3.1/config/jvm.options
解决方案:因为elkb用户没有该文件夹的权限,所以执行如下命令即可:
chown -R elkb:elkb /usr/local/soft/ELKB/elasticsearch-6.3.1/
3、max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
解决方案:修改/etc/sysctl.conf文件,修改配置vm.max_map_count=262144
vim /etc/sysctl.conf #编辑配置
sysctl -p #使配置生效
4、max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
解决方案:每个进程最大同时打开文件数太小,可通过下面2个命令查看当前数量:
ulimit -Hn
ulimit -Sn
修改/etc/security/limits.conf文件,增加配置,用户退出后重新登录生效
5、max number of threads [3818] for user [es] is too low, increase to at least [4096]
解决方案:同上面的一样,只需要在/etc/security/limits.conf文件中,添加如下配置即可:
* soft nproc 4096
* hard nproc 4096
6、在执行curl -XPOST 请求时,出现:{“error”:“Content-Type header [application/x-www-form-urlencoded] is not supported”,“status”:406}
比如,报错语句:
curl -XPOST 192.168.1.8:9200/test_index_1/test_type/5 -d '{'user_name':"xiaoming"}'
{"error":"Content-Type header [application/x-www-form-urlencoded] is not supported","status":406}
添加-H "Content-Type: application/json"请求头,如下所示:
curl -H "Content-Type: application/json" -XPOST 192.168.1.8:9200/test_index_1/test_type/5 -d '{'user_name':"xiaoming"}'
{"error":"Content-Type header [application/x-www-form-urlencoded] is not supported","status":406}
7、{“type”:“mapper_parsing_exception”,“reason”:“No handler for type [string] declared on field [request]”}
解决方案:是因为ES的版本引起的,在5.x以上已经没有string类型。如果需要分词的话使用text,不需要分词使用keyword。