Hi,
I have installed ELK on Linux box. My ELasticSearch is indexing all the components sent by logstash properly, but ELasticSearch is getting stopped automatically without giving error in logs.
I am using below command to start the ES:-
./elasticsearch -Des.insecure.allow.root=true
Below are the logs:-
[2016-11-17 10:31:09,012][WARN ][bootstrap ] running as ROOT user. this is a bad idea!
[2016-11-17 10:31:09,029][WARN ][bootstrap ] unable to install syscall filter: seccomp unavailable: requires kernel 3.5+ with CONFIG_SECCOMP and CONFIG_S
ECCOMP_FILTER compiled in
[2016-11-17 10:31:09,348][INFO ][node ] [Robert Kelly] version[2.4.1], pid[32029], build[c67dc32/2016-09-27T18:57:55Z]
[2016-11-17 10:31:09,348][INFO ][node ] [Robert Kelly] initializing ...
[2016-11-17 10:31:10,144][INFO ][plugins ] [Robert Kelly] modules [reindex, lang-expression, lang-groovy], plugins [], sites []
[2016-11-17 10:31:10,167][INFO ][env ] [Robert Kelly] using [1] data paths, mounts [[/ (/dev/xvde)]], net usable_space [13.1gb], net total_space [1
9.6gb], spins? [no], types [ext4]
[2016-11-17 10:31:10,167][INFO ][env ] [Robert Kelly] heap size [990.7mb], compressed ordinary object pointers [true]
[2016-11-17 10:31:10,168][WARN ][env ] [Robert Kelly] max file descriptors [4096] for elasticsearch process likely too low, consider increasing to
at least [65536]
[2016-11-17 10:31:12,487][INFO ][node ] [Robert Kelly] initialized
[2016-11-17 10:31:12,487][INFO ][node ] [Robert Kelly] starting ...
[2016-11-17 10:31:12,675][INFO ][transport ] [Robert Kelly] publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, {127.0.0.1:9300}
[2016-11-17 10:31:12,681][INFO ][discovery ] [Robert Kelly] elasticsearch/LBA937IARICJFCQUyaQhrw
[2016-11-17 10:31:15,724][INFO ][cluster.service ] [Robert Kelly] new_master {Robert Kelly}{LBA937IARICJFCQUyaQhrw}{127.0.0.1}{127.0.0.1:9300}, reason: zen-disco-join(elected_as_master, [0] joins received)
[2016-11-17 10:31:15,743][INFO ][http ] [Robert Kelly] publish_address {127.0.0.1:9200}, bound_addresses {[::1]:9200}, {127.0.0.1:9200}
[2016-11-17 10:31:15,743][INFO ][node ] [Robert Kelly] started
[2016-11-17 10:31:15,887][INFO ][gateway ] [Robert Kelly] recovered [4] indices into cluster_state
[2016-11-17 13:35:37,578][INFO ][node ] [Robert Kelly] stopping ...
[2016-11-17 13:35:37,618][INFO ][node ] [Robert Kelly] stopped
[2016-11-17 13:35:37,618][INFO ][node ] [Robert Kelly] closing ...
[2016-11-17 13:35:37,623][INFO ][node ] [Robert Kelly] closed
Below is the java process captured, while the elastic search was running :-
root 32029 31921 9 10:31 pts/2 10:31:09 /usr/bin/java -Xms256m -Xmx1g -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -XX:+DisableExplicitGC -Dfile.encoding=UTF-8 -Djna.nosys=true -Des.path.home=/opt/elk/elasticsearch-2.4.1 -cp /opt/elk/elasticsearch-2.4.1/lib/elasticsearch-2.4.1.jar:/opt/elk/elasticsearch-2.4.1/lib/* org.elasticsearch.bootstrap.Elasticsearch start -Des.insecure.allow.root=true
Please let me know the any solution for same.
Regards
Aman