Hi Community,
I have been working on MISP and Elasticsearch. I have tried with MISP module and Threatintel module. No feeds are getting pushed in ELK. Please guide/
Hi Community,
I have configured threatintel module in filebeat. Now I am looking at yellow health of filebeat in kibana please guide.
sharing image for reference
Also googled solutions for this. It says about clusters I am not sure about how to resolve this
What's the breakdown of your cluster? It could be something minor like the replicas and primary shards are on the same host, replicas aren't allocated... This article is a simple read on index health, Elasticsearch Index Red / Yellow — Why? | by Steve Mushero | Medium.
root@testmispelk:/# service elasticsearch start
Job for elasticsearch.service failed because a fatal signal was delivered to the control process.
See "systemctl status elasticsearch.service" and "journalctl -xe" for details.
root@testmispelk:/# journalctl -xe
Jun 21 10:30:29 testmispelk kernel: [ 3044] 33 3044 620645 554190 4780032 0 0 php
Jun 21 10:30:29 testmispelk kernel: [ 3404] 0 3404 2837 605 61440 0 0 systemctl
Jun 21 10:30:29 testmispelk kernel: [ 3411] 0 3411 5600 882 86016 0 0 systemd-tty-a>
Jun 21 10:30:29 testmispelk kernel: [ 3412] 129 3412 2407571 1494776 12185600 0 0 java
Jun 21 10:30:29 testmispelk kernel: oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oo>
Jun 21 10:30:29 testmispelk kernel: Out of memory: Killed process 3412 (java) total-vm:9630284kB, anon-rss:5977164kB, fil>
Jun 21 10:30:29 testmispelk kernel: oom_reaper: reaped process 3412 (java), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB
Jun 21 10:30:29 testmispelk systemd[1]: elasticsearch.service: Main process exited, code=killed, status=9/KILL
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- An ExecStart= process belonging to unit elasticsearch.service has exited.
-- The process' exit code is 'killed' and its exit status is 9.
Jun 21 10:30:29 testmispelk systemd[1]: elasticsearch.service: Failed with result 'signal'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- The unit elasticsearch.service has entered the 'failed' state with result 'signal'.
Jun 21 10:30:29 testmispelk systemd[1]: Failed to start Elasticsearch.
-- Subject: A start job for unit elasticsearch.service has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- A start job for unit elasticsearch.service has finished with a failure.
-- The job identifier is 3122 and the job result is failed.
Jun 21 10:30:33 testmispelk sshd[3592]: Invalid user admin1 from 218.111.84.99 port 5931
Jun 21 10:30:34 testmispelk sshd[3592]: pam_unix(sshd:auth): check pass; user unknown
Jun 21 10:30:34 testmispelk sshd[3592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser=>
logs of elasticsearch
root@testmispelk:/# service elasticsearch start
Job for elasticsearch.service failed because a fatal signal was delivered to the control process.
See "systemctl status elasticsearch.service" and "journalctl -xe" for details.
root@testmispelk:/# journalctl -xe
Jun 21 10:30:29 testmispelk kernel: [ 3044] 33 3044 620645 554190 4780032 0 0 php
Jun 21 10:30:29 testmispelk kernel: [ 3404] 0 3404 2837 605 61440 0 0 systemctl
Jun 21 10:30:29 testmispelk kernel: [ 3411] 0 3411 5600 882 86016 0 0 systemd-tty-a>
Jun 21 10:30:29 testmispelk kernel: [ 3412] 129 3412 2407571 1494776 12185600 0 0 java
Jun 21 10:30:29 testmispelk kernel: oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oo>
Jun 21 10:30:29 testmispelk kernel: Out of memory: Killed process 3412 (java) total-vm:9630284kB, anon-rss:5977164kB, fil>
Jun 21 10:30:29 testmispelk kernel: oom_reaper: reaped process 3412 (java), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB
Jun 21 10:30:29 testmispelk systemd[1]: elasticsearch.service: Main process exited, code=killed, status=9/KILL
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- An ExecStart= process belonging to unit elasticsearch.service has exited.
-- The process' exit code is 'killed' and its exit status is 9.
Jun 21 10:30:29 testmispelk systemd[1]: elasticsearch.service: Failed with result 'signal'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- The unit elasticsearch.service has entered the 'failed' state with result 'signal'.
Jun 21 10:30:29 testmispelk systemd[1]: Failed to start Elasticsearch.
-- Subject: A start job for unit elasticsearch.service has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- A start job for unit elasticsearch.service has finished with a failure.
-- The job identifier is 3122 and the job result is failed.
Jun 21 10:30:33 testmispelk sshd[3592]: Invalid user admin1 from 218.111.84.99 port 5931
Jun 21 10:30:34 testmispelk sshd[3592]: pam_unix(sshd:auth): check pass; user unknown
Jun 21 10:30:34 testmispelk sshd[3592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser=>
logs of elasticsearch
I'm going to say this is why your service is crashing.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.