Error starting Elastic Search

ArrakisMiner · October 14, 2022, 4:08pm

I'm having issues trying to start Elastic Search after installation, and I'm not sure how to get around it, nor can I find any similar topics with solutions online.

When I run systemctl start elasticsearch, I get the error that the service cannot be started, when running journalctl -xe, this is the error that is outputted:

Oct 14 15:59:09 audit[1515329]: USER_AUTH pid=1515329 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="root" exe="/usr/sbin/sshd" hostname=61.177.173.47 addr=61.17>
Oct 14 15:59:10 sshd[1515329]: Failed password for root from 61.177.173.47 port 53823 ssh2
Oct 14 15:59:10 audit[1515329]: USER_LOGIN pid=1515329 uid=0 auid=4294967295 ses=4294967295 msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.177.173.47 terminal=sshd res=failed'
Oct 14 15:59:11 sshd[1515329]: Received disconnect from 61.177.173.47 port 53823:11:  [preauth]
Oct 14 15:59:11 sshd[1515329]: Disconnected from authenticating user root 61.177.173.47 port 53823 [preauth]
Oct 14 15:59:11 sshd[1515329]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root
Oct 14 15:59:12 sshd[1515419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.47  user=root

Seems like a permission issue, but I'm not sure how to get around it, does anyone have any ideas? I'm using Ubuntu 20.04.

stephenb · October 14, 2022, 6:56pm

Hi @ArrakisMiner Welcome to the community

That should be

sudo systemctl start elasticsearch

ArrakisMiner · October 14, 2022, 7:14pm

I tried that too, it makes little difference and I still get thrown the same error.

stephenb · October 14, 2022, 7:38pm

Then we're back to exactly....How did you install elasticsearch and Kibana?

What version?
What documentation did you follow?
What method of install?
Were there any errors during install?

Did you install a package and make sure you use sudo when you installed the package?

Oh, I noticed you didn't really run the log command correctly so we're not really seeing the log from elasticsearch

sudo journalctl --unit elasticsearch

leandrojmp · October 14, 2022, 7:44pm

If there is nothing in journalctl you will need to check the system log file.

Since you are in ubuntu check /var/log/syslog for any hint of why your elasticsearch didn't start or even better, tail this file and in another terminal run sudo systemctl start elasticsearch again.

You will get a fresh error of why the service could not start.

system · November 11, 2022, 7:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.