my elasticsearch wont completely start after adding plugin. The errors are related to the log4j2.properties file not finding something.......

● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2018-11-14 08:25:14 EST; 10s ago
Docs: http://www.elastic.co
Main PID: 17942 (java)
CGroup: /system.slice/elasticsearch.service
├─17942 /bin/java -Xms1g -Xmx2g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+AlwaysPreTouch -Xss1...
└─18000 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller

Nov 14 08:25:19 elasticsearch[17942]: 2018-11-14 08:25:19,094 main ERROR Null object returned for RollingFile in Appenders.
Nov 14 08:25:19 elasticsearch[17942]: 2018-11-14 08:25:19,094 main ERROR Null object returned for RollingFile in Appenders.
Nov 14 08:25:19 elasticsearch[17942]: 2018-11-14 08:25:19,095 main ERROR Null object returned for RollingFile in Appenders.
Nov 14 08:25:19 elasticsearch[17942]: 2018-11-14 08:25:19,095 main ERROR Null object returned for RollingFile in Appenders.
Nov 14 08:25:19 elasticsearch[17942]: 2018-11-14 08:25:19,095 main ERROR Null object returned for RollingFile in Appenders.
Nov 14 08:25:19 elasticsearch[17942]: 2018-11-14 08:25:19,096 main ERROR Unable to locate appender "rolling" for logger config "root"
Nov 14 08:25:19 elasticsearch[17942]: 2018-11-14 08:25:19,096 main ERROR Unable to locate appender "index_indexing_slowlog_rolling" for logger con...log.index"
Nov 14 08:25:19 elasticsearch[17942]: 2018-11-14 08:25:19,096 main ERROR Unable to locate appender "audit_rolling" for logger config "org.elastics...uditTrail"
Nov 14 08:25:19 elasticsearch[17942]: 2018-11-14 08:25:19,097 main ERROR Unable to locate appender "index_search_slowlog_rolling" for logger confi...h.slowlog"
Nov 14 08:25:19 elasticsearch[17942]: 2018-11-14 08:25:19,097 main ERROR Unable to locate appender "deprecation_rolling" for logger config "org.el...precation"

status = error

log action execution errors for easier debugging

logger.action.name = org.elasticsearch.action
logger.action.level = debug

appender.console.type = Console
appender.console.name = console
appender.console.layout.type = PatternLayout
appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n

appender.rolling.type = RollingFile
appender.rolling.name = rolling
appender.rolling.fileName = {sys:es.logs.base_path}{sys:file.separator}{sys:es.logs.cluster_name}.log appender.rolling.layout.type = PatternLayout appender.rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.-10000m%n appender.rolling.filePattern = {sys:es.logs.base_path}{sys:file.separator}{sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.log.gz
appender.rolling.policies.type = Policies
appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.rolling.policies.time.interval = 1
appender.rolling.policies.time.modulate = true
appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
appender.rolling.policies.size.size = 128MB
appender.rolling.strategy.type = DefaultRolloverStrategy
appender.rolling.strategy.fileIndex = nomax
appender.rolling.strategy.action.type = Delete
appender.rolling.strategy.action.basepath = {sys:es.logs.base_path} appender.rolling.strategy.action.condition.type = IfFileName appender.rolling.strategy.action.condition.glob = {sys:es.logs.cluster_name}-*
appender.rolling.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize
appender.rolling.strategy.action.condition.nested_condition.exceeds = 2GB

rootLogger.level = info
rootLogger.appenderRef.console.ref = console
rootLogger.appenderRef.rolling.ref = rolling

appender.deprecation_rolling.type = RollingFile
appender.deprecation_rolling.name = deprecation_rolling
appender.deprecation_rolling.fileName = {sys:es.logs.base_path}{sys:file.separator}{sys:es.logs.cluster_name}_deprecation.log appender.deprecation_rolling.layout.type = PatternLayout appender.deprecation_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.-10000m%n appender.deprecation_rolling.filePattern = {sys:es.logs.base_path}{sys:file.separator}{sys:es.logs.cluster_name}_deprecation-%i.log.gz
appender.deprecation_rolling.policies.type = Policies
appender.deprecation_rolling.policies.size.type = SizeBasedTriggeringPolicy
appender.deprecation_rolling.policies.size.size = 1GB
appender.deprecation_rolling.strategy.type = DefaultRolloverStrategy
appender.deprecation_rolling.strategy.max = 4

logger.deprecation.name = org.elasticsearch.deprecation
logger.deprecation.level = warn
logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling
logger.deprecation.additivity = false

appender.index_search_slowlog_rolling.type = RollingFile
appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling
appender.index_search_slowlog_rolling.fileName = {sys:es.logs.base_path}{sys:file.separator}{sys:es.logs.cluster_name}_index_search_slowlog.log appender.index_search_slowlog_rolling.layout.type = PatternLayout appender.index_search_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %marker%.-10000m%n appender.index_search_slowlog_rolling.filePattern = {sys:es.logs.base_path}{sys:file.separator}{sys:es.logs.cluster_name}_index_search_slowlog-%d{yyyy-MM-dd}.log
appender.index_search_slowlog_rolling.policies.type = Policies
appender.index_search_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.index_search_slowlog_rolling.policies.time.interval = 1
appender.index_search_slowlog_rolling.policies.time.modulate = true

logger.index_search_slowlog_rolling.name = index.search.slowlog
logger.index_search_slowlog_rolling.level = trace
logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling
logger.index_search_slowlog_rolling.additivity = false

appender.index_indexing_slowlog_rolling.type = RollingFile
appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling
appender.index_indexing_slowlog_rolling.fileName = {sys:es.logs.base_path}{sys:file.separator}{sys:es.logs.cluster_name}_index_indexing_slowlog.log appender.index_indexing_slowlog_rolling.layout.type = PatternLayout appender.index_indexing_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %marker%.-10000m%n appender.index_indexing_slowlog_rolling.filePattern = {sys:es.logs.base_path}{sys:file.separator}{sys:es.logs.cluster_name}_index_indexing_slowlog-%d{yyyy-MM-dd}.log
appender.index_indexing_slowlog_rolling.policies.type = Policies
appender.index_indexing_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.index_indexing_slowlog_rolling.policies.time.interval = 1
appender.index_indexing_slowlog_rolling.policies.time.modulate = true

logger.index_indexing_slowlog.name = index.indexing.slowlog.index
logger.index_indexing_slowlog.level = trace
logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling
logger.index_indexing_slowlog.additivity = false

appender.audit_rolling.type = RollingFile
appender.audit_rolling.name = audit_rolling
appender.audit_rolling.fileName = {sys:es.logs.base_path}{sys:file.separator}{sys:es.logs.cluster_name}_access.log appender.audit_rolling.layout.type = PatternLayout appender.audit_rolling.layout.pattern = [%d{ISO8601}] %m%n appender.audit_rolling.filePattern = {sys:es.logs.base_path}{sys:file.separator}{sys:es.logs.cluster_name}_access-%d{yyyy-MM-dd}.log
appender.audit_rolling.policies.type = Policies
appender.audit_rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.audit_rolling.policies.time.interval = 1
appender.audit_rolling.policies.time.modulate = true

logger.xpack_security_audit_logfile.name = org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail
logger.xpack_security_audit_logfile.level = info
logger.xpack_security_audit_logfile.appenderRef.audit_rolling.ref = audit_rolling
logger.xpack_security_audit_logfile.additivity = false

logger.xmlsig.name = org.apache.xml.security.signature.XMLSignature
logger.xmlsig.level = error
logger.samlxml_decrypt.name = org.opensaml.xmlsec.encryption.support.Decrypter
logger.samlxml_decrypt.level = fatal
logger.saml2_decrypt.name = org.opensaml.saml.saml2.encryption.Decrypter
logger.saml2_decrypt.level = fatal

Look in the Elasticsearch logs for clues. If you have installed a third party plugin, you may need to bring this up with the creators.

how would i be able to start elasticsearch as root that will be a good way to debug it

Check that you are not running out of disk space. The error the Elasticsearch plugin shows can be an indication that you have exceeded the 05% threshold.

the only error that i have is trying to start elasticsearch as root

image.png1113×412 16.1 KB

You are not allowed to run Elasticsearch as root.

You may have to be a little specific....there is ample amount of space on pc

what is the best methodology for getting real time information....like running the binary service without having to run it as root

Still the same problem

image.png1355×286 35.9 KB

Please don't post pictures of text, they are difficult to read and some people may not be even able to see them.

I would recommend that you reach out to the creators of this plugin. There may not be many people here having experience with this plugin.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.