ES service keeps crashing

Craig2188 · October 1, 2020, 11:40am

Hi,

Just realised that after I start the service for Elastic it stops running after about 2 minutes. Checked the event logs and see some errors:

Application: elasticsearch.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: Elastic.ProcessHosts.Process.StartupException
at Elastic.ProcessHosts.Process.ProcessBase.HandleException(System.Exception)
at System.Reactive.ObserverBase1[[System.__Canon, mscorlib, Version=[4.0.0.0](https://4.0.0.0/), Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnError(System.Exception) at System.Reactive.Observer1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnError(System.Exception)
at System.Reactive.Linq.ObservableImpl.AsObservable1+_[[System.__Canon, mscorlib, Version=[4.0.0.0](https://4.0.0.0/), Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnError(System.Exception) at System.Reactive.AutoDetachObserver1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnErrorCore(System.Exception)
at System.Reactive.ObserverBase1[[System.__Canon, mscorlib, Version=[4.0.0.0](https://4.0.0.0/), Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnError(System.Exception) at Elastic.ProcessHosts.Process.ObservableProcess+<>c__DisplayClass22_0.<CreateProcessExitSubscription>b__0(System.Reactive.EventPattern1<System.Object>)
at System.Reactive.AnonymousSafeObserver`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnNext(System.__Canon)
at System.EventHandler.Invoke(System.Object, System.EventArgs)
at System.Diagnostics.Process.OnExited()
at System.Diagnostics.Process.RaiseOnExited()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)

2nd Error:

Faulting application name: elasticsearch.exe, version: 7.9.2.0, time stamp: 0x5f6ac09d
Faulting module name: KERNELBASE.dll, version: 10.0.17763.1432, time stamp: 0x9b30685b
Exception code: 0xe0434352
Fault offset: 0x0000000000039689
Faulting process id: 0x24c4
Faulting application start time: 0x01d697e4a6848d22
Faulting application path: D:\Elastic\Elastic-7.9.2\7.9.2\bin\elasticsearch.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 979054f3-f60a-40f3-9875-a651c3139d00
Faulting package full name:
Faulting package-relative application ID:

Any thoughts?

kavierkoo · October 1, 2020, 2:36pm

Would you able to share the logs from elasticsearch?

Elasticsearch logs for windows usually store at %ALLUSERSPROFILE%\Elastic\Elasticsearch\logs

Craig2188 · October 1, 2020, 2:48pm

Think I found the problem, I have network.host: "0.0.0.0" in the elasticsearch.yml file, and when that is valid, the service crashes, if I # it out, it runs fine.
Would Logstash still be able to send logs to ES even if this field is not working? Logstash is installed on another server

kavierkoo · October 1, 2020, 2:59pm

Would Logstash still be able to send logs to ES even if this field is not working? Logstash is installed on another server

Sorry I'm not too sure on this.

Craig2188 · October 1, 2020, 3:40pm

OK cool, what about how to resolve the issue of allowing other servers to access the ES server, as obviously, it defaults to localhost which won't work from another server

kavierkoo · October 1, 2020, 3:55pm

Can you share your elasticsearch.yml ?

Craig2188 · October 1, 2020, 3:59pm

Sure:

    bootstrap.memory_lock: false
    cluster.name: Elastic
    http.port: 9200
    node.data: true
    node.ingest: true
    node.master: true
    node.max_local_storage_nodes: 1
    node.name: SV-MSE-ELTC-001
    path.data: D:\Elastic\Elastic-7.9.2\Data
    path.logs: D:\Elastic\Elastic-7.9.2\Logs
    transport.tcp.port: 9300
    xpack.license.self_generated.type: basic
    xpack.security.enabled: false
    #network.host: "0.0.0.0"

kavierkoo · October 1, 2020, 4:30pm

Sorry, what about the logs?

warkolm · October 1, 2020, 10:57pm

If this is your reddit thread, then it looks like you had server.host in your elasticsearch.yml, which is not a valid setting.

If you have added network.host and it's not working, please provide the Elasticsearch logs.

Craig2188 · October 2, 2020, 10:23am

Hi, Thanks, logs are below:

[2020-10-02T11:06:01,706][INFO ][o.e.p.PluginsService     ] [SV-MSE-ELTC-001] no plugins loaded
[2020-10-02T11:06:02,472][INFO ][o.e.e.NodeEnvironment    ] [SV-MSE-ELTC-001] using [1] data paths, mounts [[Elastic (D:)]], net usable_space [196.5gb], net total_space [199.9gb], types [NTFS]
[2020-10-02T11:06:02,472][INFO ][o.e.e.NodeEnvironment    ] [SV-MSE-ELTC-001] heap size [2gb], compressed ordinary object pointers [true]
[2020-10-02T11:06:02,878][INFO ][o.e.n.Node               ] [SV-MSE-ELTC-001] node name [SV-MSE-ELTC-001], node ID [8xNypMzjRF2ZRibK0rgABA], cluster name [Elastic]
[2020-10-02T11:06:07,843][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [SV-MSE-ELTC-001] [controller/6740] [Main.cc@114] controller (64 bit): Version 7.9.2 (Build 6a60f0cf2dd5a5) Copyright (c) 2020 Elasticsearch BV
[2020-10-02T11:06:09,417][INFO ][o.e.t.NettyAllocator     ] [SV-MSE-ELTC-001] creating NettyAllocator with the following configs: [name=elasticsearch_configured, chunk_size=256kb, factors={es.unsafe.use_netty_default_chunk_and_page_size=false, g1gc_enabled=true, g1gc_region_size=1mb}]
[2020-10-02T11:06:09,514][INFO ][o.e.d.DiscoveryModule    ] [SV-MSE-ELTC-001] using discovery type [zen] and seed hosts providers [settings]
[2020-10-02T11:06:09,985][WARN ][o.e.g.DanglingIndicesState] [SV-MSE-ELTC-001] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2020-10-02T11:06:10,347][INFO ][o.e.n.Node               ] [SV-MSE-ELTC-001] initialized
[2020-10-02T11:06:10,347][INFO ][o.e.n.Node               ] [SV-MSE-ELTC-001] starting ...
[2020-10-02T11:06:10,585][INFO ][o.e.t.TransportService   ] [SV-MSE-ELTC-001] publish_address {10.103.186.210:9300}, bound_addresses {[::]:9300}
[2020-10-02T11:06:11,057][INFO ][o.e.b.BootstrapChecks    ] [SV-MSE-ELTC-001] bound or publishing to a non-loopback address, enforcing bootstrap checks
[2020-10-02T11:06:11,057][ERROR][o.e.b.Bootstrap          ] [SV-MSE-ELTC-001] node validation exception
[1] bootstrap checks failed
[1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
[2020-10-02T11:06:11,072][INFO ][o.e.n.Node               ] [SV-MSE-ELTC-001] stopping ...
[2020-10-02T11:06:11,081][INFO ][o.e.n.Node               ] [SV-MSE-ELTC-001] stopped
[2020-10-02T11:06:11,081][INFO ][o.e.n.Node               ] [SV-MSE-ELTC-001] closing ...
[2020-10-02T11:06:11,097][INFO ][o.e.n.Node               ] [SV-MSE-ELTC-001] closed
[2020-10-02T11:06:11,097][INFO ][o.e.x.m.p.NativeController] [SV-MSE-ELTC-001] Native controller process has stopped - no new native processes can be started

dadoonet · October 2, 2020, 10:39am

[1] bootstrap checks failed
[1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured

Please read https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html

Craig2188 · October 2, 2020, 10:39am

Literally just resolved this due to that error, thanks a lot. I added the following into the YML file:

discovery.seed_hosts: []
discovery.type: single-node