I have this error bash: ./metricbeat: cannot execute binary file: Exec format error

root@mu:/home/murad/metricbeat-7.12.0-darwin-x86_64# uname -m
x86_64
root@mu:/home/murad/metricbeat-7.12.0-darwin-x86_64# file metricbeat
metricbeat: Mach-O 64-bit x86_64 executable, flags:<|DYLDLINK>
root@mu:/home/murad/metricbeat-7.12.0-darwin-x86_64# ./metricbeat modules enable system
bash: ./metricbeat: cannot execute binary file: Exec format error
root@mu:/home/murad/metricbeat-7.12.0-darwin-x86_64# sudo update-alternatives --config java
There are 2 choices for the alternative java (providing /usr/bin/java).

Selection Path Priority Status

  • 0 /usr/lib/jvm/java-11-openjdk-amd64/bin/java 1111 auto mode
    1 /usr/lib/jvm/java-11-openjdk-amd64/bin/java 1111 manual mode
    2 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java 1081 manual mode

root@mu:/home/murad/metricbeat-7.12.0-darwin-x86_64# sudo service metricbeat start
Failed to start metricbeat.service: Unit metricbeat.service not found.
root@mu:/home/murad/metricbeat-7.12.0-darwin-x86_64# sudo service metricbeat status
Unit metricbeat.service could not be found.
root@mu:/home/murad/metricbeat-7.12.0-darwin-x86_64#

Silly question you are trying this on a Mac right? (Darwin is the Mac distribution)

The error is saying the the metricbeat executable does not match the host architecture.

what does uname -a show

thank you for your support
i am using physical server with ubuntu 20.04
uname -a output is :
Linux murad 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
i download the file as the recommendation in the setup procedure

That is for the MAC OS you have Unbutu so you need to use that.
Darwin is the architecture for mac

You can get all the distributions from here.

or here is the exact curl you are looking for.

curl -O https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-7.12.0-linux-x86_64.tar.gz

Hope this helps...

1 Like

thank you Stephen
but how to remove/ uninstall the MAC version now ?

If you just untared just remove the directory. Nothing was installed in the OS

rm -fr ./metricbeat-7.12.0-darwin-x86_64

I install the version for ubuntu as your recommended but I still have this error win i try to start the service :
root@mu:/etc/kibana/metricbeat-7.12.0-linux-x86_64/modules.d# sudo service metricbeat start
Failed to start metricbeat.service: Unit metricbeat.service not found.

Ok @muradazz

It appears you want to install as a service then you are not installing correct.

Are you familiar with how Linux Services work? they don't work by just untarring a tar.gz. To run as a service file the need to be installed with a package manager.

If you want to run as a service then you need to install with a package manager using a .deb or an .rpm

Click on the Deb link above and follow those instructions.

Or see here read carefully and install with the Deb options.

OR
if you just want to run from the tar.gz select the Linux option for each step and follow instructions.

You are mixing concepts / different ways to install

thank you now i have new problem : start the Elasticsearch is failed

murad@murad:/etc/elasticsearch$ sudo systemctl status elasticsearch
'''
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2021-04-06 11:01:11 UTC; 16s ago
Docs: https://www.elastic.co
Process: 247296 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited>
Main PID: 247296 (code=exited, status=2)

Apr 06 11:01:11 murad systemd[1]: Starting Elasticsearch...
Apr 06 11:01:11 murad systemd-entrypoint[247296]: /usr/share/elasticsearch/bin/systemd-entrypoint: 7: cannot open /etc/elasticsear>
Apr 06 11:01:11 murad systemd[1]: elasticsearch.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Apr 06 11:01:11 murad systemd[1]: elasticsearch.service: Failed with result 'exit-code'.
Apr 06 11:01:11 murad systemd[1]: Failed to start Elasticsearch.

'''
when is start the service i got : murad@murad:/etc/elasticsearch$ sudo systemctl restart elasticsearch
'''
Job for elasticsearch.service failed because the control process exited with error code.
See "systemctl status elasticsearch.service" and "journalctl -xe" for details.
'''
murad@murad:/etc/elasticsearch$

i check the journalctl :
murad@murad:/etc/elasticsearch$ journalctl -xe
'''
Apr 06 11:15:08 murad sshd[248266]: Received disconnect from 142.93.212.91 port 38084:11: Bye Bye [preauth]
Apr 06 11:15:08 murad sshd[248266]: Disconnected from authenticating user root 142.93.212.91 port 38084 [preauth]
Apr 06 11:15:25 murad sshd[248278]: Invalid user king from 140.143.210.92 port 41206
Apr 06 11:15:25 murad sshd[248278]: pam_unix(sshd:auth): check pass; user unknown
Apr 06 11:15:25 murad sshd[248278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.14>
Apr 06 11:15:27 murad sshd[248283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.71.>
Apr 06 11:15:28 murad sshd[248278]: Failed password for invalid user king from 140.143.210.92 port 41206 ssh2
Apr 06 11:15:28 murad metricbeat[108534]: 2021-04-06T11:15:28.384Z INFO [monitoring] log/log.go:144 No>
Apr 06 11:15:29 murad sshd[248283]: Failed password for root from 81.71.17.140 port 39412 ssh2
Apr 06 11:15:29 murad sshd[248278]: Received disconnect from 140.143.210.92 port 41206:11: Bye Bye [preauth]
Apr 06 11:15:29 murad sshd[248278]: Disconnected from invalid user king 140.143.210.92 port 41206 [preauth]
Apr 06 11:15:30 murad sshd[248283]: Received disconnect from 81.71.17.140 port 39412:11: Bye Bye [preauth]
Apr 06 11:15:30 murad sshd[248283]: Disconnected from authenticating user root 81.71.17.140 port 39412 [preauth]
Apr 06 11:15:31 murad sshd[248287]: Invalid user gitadm from 118.24.17.28 port 46978
Apr 06 11:15:31 murad sshd[248287]: pam_unix(sshd:auth): check pass; user unknown
Apr 06 11:15:31 murad sshd[248287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24>
Apr 06 11:15:34 murad sshd[248287]: Failed password for invalid user gitadm from 118.24.17.28 port 46978 ssh2
Apr 06 11:15:35 murad sshd[248292]: Invalid user diana from 134.122.19.142 port 47794
Apr 06 11:15:35 murad sshd[248292]: pam_unix(sshd:auth): check pass; user unknown
Apr 06 11:15:35 murad sshd[248292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.12>
Apr 06 11:15:36 murad sshd[248287]: Received disconnect from 118.24.17.28 port 46978:11: Bye Bye [preauth]
Apr 06 11:15:36 murad sshd[248287]: Disconnected from invalid user gitadm 118.24.17.28 port 46978 [preauth]
Apr 06 11:15:37 murad sshd[248292]: Failed password for invalid user diana from 134.122.19.142 port 47794 ssh2
Apr 06 11:15:39 murad sshd[248292]: Received disconnect from 134.122.19.142 port 47794:11: Bye Bye [preauth]
Apr 06 11:15:39 murad sshd[248292]: Disconnected from invalid user diana 134.122.19.142 port 47794 [preauth]
lines 1145-1169/1169 (END)
'''

my elasticserch.yml :
root@murad:/etc/elasticsearch# nano elasticsearch.yml
'''

======================== Elasticsearch Configuration =========================

NOTE: Elasticsearch comes with reasonable defaults for most settings.

Before you set out to tweak and tune the configuration, make sure you

understand what are you trying to accomplish and the consequences.

The primary way of configuring a node is via this file. This template lists

the most important settings you may want to configure for a production cluster.

Please consult the documentation for further information on configuration options:

Elasticsearch Guide | Elastic

#----------------------------------security-------------------------------------

transport.host: localhost

transport.tcp.port: 9300

action.auto_create_index: *

https.bind_host: 182.213.0.202

xpack.security.http.ssl.enabled: true

xpack.security.enabled: false

xpack.security.http.ssl.key

xpack.security.http.ssl.certificate

xpack.security.authc.anonymous.username

---------------------------------- Cluster -----------------------------------

Use a descriptive name for your cluster:

cluster.name: murad

------------------------------------ Node ------------------------------------

Use a descriptive name for the node:

node.name: node-1

Add custom attributes to the node:

#node.attr.rack: r1

----------------------------------- Paths ------------------------------------

Path to directory where to store the data (separate multiple locations by comma):

path.data: /var/lib/elasticsearch

Path to log files:

path.logs: /var/log/elasticsearch

----------------------------------- Memory -----------------------------------

Lock the memory on startup:

#bootstrap.memory_lock: true

Make sure that the heap size is set to about half the memory available

on the system and that the owner of the process is allowed to use this

limit.

Elasticsearch performs poorly when the system is swapping the memory.

---------------------------------- Network -----------------------------------

By default Elasticsearch is only accessible on localhost. Set a different

address here to expose this node on the network:

network.host: 0.0.0.0

By default Elasticsearch listens for HTTP traffic on the first free port it

finds starting at 9200. Set a specific HTTP port here:

http.port: 9200

For more information, consult the network module documentation.

--------------------------------- Discovery ----------------------------------

Pass an initial list of hosts to perform discovery when this node is started:

The default list of hosts is ["127.0.0.1", "[::1]"]

discovery.seed_hosts: ["182.213.0.202:"]

Bootstrap the cluster using an initial set of master-eligible nodes:

cluster.initial_master_nodes: ["node-1"]

For more information, consult the discovery and cluster formation module documentation.

---------------------------------- Various -----------------------------------

Require explicit names when deleting indices:

#action.destructive_requires_name: true

'''
can you help for this error please ?

Before any of us can help you need to edit and format your post we can't read it.

Please use your mouse to select the logs and click the </> button above and do the same for the yml code then perhaps we can help.

murad@murad:/etc/default$ systemctl restart elasticsearch
</>
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to restart 'elasticsearch.service'.
Authenticating as: murad
Password:
==== AUTHENTICATION COMPLETE ===
Job for elasticsearch.service failed because the control process exited with error code.
See "systemctl status elasticsearch.service" and "journalctl -xe" for details.
murad@murad:/etc/default$

murad@murad:/etc/default$ journalctl -xe

Apr 06 15:40:01 murad metricbeat[108534]: 2021-04-06T15:40:01.434Z        INFO        [publisher]        pipeline/retry.go:217    >
Apr 06 15:40:01 murad CRON[264886]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 06 15:40:01 murad CRON[264887]: (root) CMD (   PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker local)
Apr 06 15:40:01 murad CRON[264886]: pam_unix(cron:session): session closed for user root
Apr 06 15:40:03 murad sshd[264883]: Failed password for root from 121.149.104.28 port 52930 ssh2
Apr 06 15:40:04 murad sshd[264883]: Connection closed by authenticating user root 121.149.104.28 port 52930 [preauth]
Apr 06 15:40:07 murad sshd[264907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.14>
Apr 06 15:40:08 murad sshd[264907]: Failed password for root from 121.149.104.28 port 53733 ssh2
Apr 06 15:40:10 murad sshd[264912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.24>
Apr 06 15:40:10 murad sshd[264907]: Connection closed by authenticating user root 121.149.104.28 port 53733 [preauth]
Apr 06 15:40:12 murad sshd[264912]: Failed password for root from 104.248.229.42 port 42984 ssh2
Apr 06 15:40:13 murad sshd[264912]: Received disconnect from 104.248.229.42 port 42984:11: Bye Bye [preauth]
Apr 06 15:40:13 murad sshd[264912]: Disconnected from authenticating user root 104.248.229.42 port 42984 [preauth]
Apr 06 15:40:13 murad sshd[264917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.14>
Apr 06 15:40:14 murad sshd[264917]: Failed password for root from 121.149.104.28 port 54503 ssh2
Apr 06 15:40:15 murad sshd[264917]: Connection closed by authenticating user root 121.149.104.28 port 54503 [preauth]
Apr 06 15:40:18 murad sshd[264922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.14>
Apr 06 15:40:20 murad sshd[264922]: Failed password for root from 121.149.104.28 port 55181 ssh2
Apr 06 15:40:21 murad sshd[264922]: Connection closed by authenticating user root 121.149.104.28 port 55181 [preauth]
Apr 06 15:40:24 murad sshd[264928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.14>
Apr 06 15:40:25 murad sshd[264928]: Failed password for root from 121.149.104.28 port 56004 ssh2
Apr 06 15:40:27 murad sshd[264928]: Connection closed by authenticating user root 121.149.104.28 port 56004 [preauth]
Apr 06 15:40:28 murad metricbeat[108534]: 2021-04-06T15:40:28.384Z        INFO        [monitoring]        log/log.go:144        No>
Apr 06 15:40:30 murad sshd[264937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.14>
Apr 06 15:40:32 murad sshd[264937]: Failed password for root from 121.149.104.28 port 56804 ssh2

root@murad:/etc/elasticsearch# nano elasticsearch.yml

 # ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#----------------------------------security-------------------------------------
# transport.host: localhost  
# transport.tcp.port: 9300 
# action.auto_create_index: *
#
# https.bind_host: 182.213.0.202
# xpack.security.http.ssl.enabled: true
# xpack.security.enabled: false
# xpack.security.http.ssl.key
# xpack.security.http.ssl.certificate
# xpack.security.authc.anonymous.username
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: murad
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 0.0.0.0
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
  GNU nano 4.8                                             elasticsearch.yml                                             Modified  
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["182.213.0.202:"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["node-1"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
# action.destructive_requires_name: true
#
#

First exactly which method did you use to install elasticsearch

Which of the methods from this section of the documents

If you only installed using a tar.gz the systemctl will not work you need to install as a package (.deb or .rpm) for systemctl to work

I suggest that you following these or these instructions....

2nd IF you installed with a package then

You need to run systemctl as root so the proper command is

sudo systemctl restart elasticsearch

Personally I prefer stop then start then status

sudo systemctl stop elasticsearch
sudo systemctl start elasticsearch
sudo systemctl status elasticsearch

Run
sudo systemctl status elasticsearch

And show the status ... a better command to check the logs

sudo journalctl --unit elasticsearch

NONE of this will work if you did not install elasticsearch from a package.

thank you for your exultant support
i install the software from apt.

i found in the log this  /etc/elasticsearch/my_pwd_file.tmp    was need permission  so i chmod  it to 777

the service is running with this errors

e; enabled; vendor preset: enabled)
9min ago
re:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=>
platform/linux-x86_64/bin/controller

0:43,178 main ERROR Null object returned for RollingFile in Appenders.
0:43,178 main ERROR Unable to locate appender "rolling" for logger config "root"
0:43,178 main ERROR Unable to locate appender "index_indexing_slowlog_rolling_old" for logger config "index.indexing.slowlog.index"
0:43,179 main ERROR Unable to locate appender "index_indexing_slowlog_rolling" for logger config "index.indexing.slowlog.index"
0:43,179 main ERROR Unable to locate appender "audit_rolling" for logger config "org.elasticsearch.xpack.security.audit.logfile.Lo>
0:43,179 main ERROR Unable to locate appender "index_search_slowlog_rolling_old" for logger config "index.search.slowlog"
0:43,180 main ERROR Unable to locate appender "index_search_slowlog_rolling" for logger config "index.search.slowlog"
0:43,180 main ERROR Unable to locate appender "deprecation_rolling_old" for logger config "org.elasticsearch.deprecation"
0:43,181 main ERROR Unable to locate appender "deprecation_rolling" for logger config "org.elasticsearch.deprecation"

I suspect you may also have permissions issues on the logs paths

path.logs: /var/log/elasticsearch

Its seems that you may have a number of permission issues...

When you installed with apt did you do it as directed in the documents? As it shows here

thanks
i use The Debian package for Elasticsearch v7.12.0 downloaded from the website and install it manual as in the website you sent
is the error is related to the elasticserach.yml file and what is the need to enable in it

# ======================== Elasticsearch Configuration =========================  
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#----------------------------------security-------------------------------------
# transport.host: localhost  
# transport.tcp.port: 9300 
action.auto_create_index: .monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*
#
# https.bind_host: 182.213.0.202
# xpack.security.http.ssl.enabled: true
# xpack.security.enabled: false
# xpack.security.http.ssl.key
# xpack.security.http.ssl.certificate
# xpack.security.authc.anonymous.username
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: murad
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 0.0.0.0
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
  GNU nano 4.8                                             elasticsearch.yml                                             Modified  
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["182.213.0.202:"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["node-1"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
# action.destructive_requires_name: true
#
#

Note sure why you added that is not really needed... Why did you do that?

action.auto_create_index: .monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*

If you only want to run a single node... then I would use the following You should read this.

I would make as few changes as possible.

I would clean up the data directory (delete its contents assuming you have never got this running)
use this yaml and then start the service.

# ======================== Elasticsearch Configuration =========================  
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#----------------------------------security-------------------------------------
# transport.host: localhost  
# transport.tcp.port: 9300 
# action.auto_create_index: .monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*
#
# https.bind_host: 182.213.0.202
# xpack.security.http.ssl.enabled: true
# xpack.security.enabled: false
# xpack.security.http.ssl.key
# xpack.security.http.ssl.certificate
# xpack.security.authc.anonymous.username
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: murad
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 0.0.0.0
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
# http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
discovery.type : single-node
#
# discovery.seed_hosts: ["182.213.0.202:"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
# cluster.initial_master_nodes: ["node-1"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
# action.destructive_requires_name: true

thanx
i update the .yml file and restart the serves it is running with error like this

root@murad:/etc/elasticsearch# sudo systemctl status elasticsearch
● elasticsearch.service - Elasticsearch
     Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2021-04-06 19:01:09 UTC; 52s ago
       Docs: https://www.elastic.co
   Main PID: 278334 (java)
      Tasks: 101 (limit: 43307)
     Memory: 18.8G
     CGroup: /system.slice/elasticsearch.service
             ├─278334 /usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cach>
             └─278563 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller

Apr 06 19:00:52 murad systemd-entrypoint[278334]: 2021-04-06 19:00:52,021 main ERROR Null object returned for RollingFile in Appen>
Apr 06 19:00:52 murad systemd-entrypoint[278334]: 2021-04-06 19:00:52,022 main ERROR Unable to locate appender "rolling" for logge>
Apr 06 19:00:52 murad systemd-entrypoint[278334]: 2021-04-06 19:00:52,022 main ERROR Unable to locate appender "index_indexing_slo>
Apr 06 19:00:52 murad systemd-entrypoint[278334]: 2021-04-06 19:00:52,022 main ERROR Unable to locate appender "index_indexing_slo>
Apr 06 19:00:52 murad systemd-entrypoint[278334]: 2021-04-06 19:00:52,023 main ERROR Unable to locate appender "audit_rolling" for>
Apr 06 19:00:52 murad systemd-entrypoint[278334]: 2021-04-06 19:00:52,023 main ERROR Unable to locate appender "index_search_slowl>
Apr 06 19:00:52 murad systemd-entrypoint[278334]: 2021-04-06 19:00:52,023 main ERROR Unable to locate appender "index_search_slowl>
Apr 06 19:00:52 murad systemd-entrypoint[278334]: 2021-04-06 19:00:52,024 main ERROR Unable to locate appender "deprecation_rollin>
Apr 06 19:00:52 murad systemd-entrypoint[278334]: 2021-04-06 19:00:52,024 main ERROR Unable to locate appender "deprecation_rollin>
Apr 06 19:01:09 murad systemd[1]: Started Elasticsearch.

Does the log path Exist and is it writeable? It looks like it is not you need to fix that.

ls -l /var/log

path.logs: /var/log/elasticsearch

please check them

ls -l  /var/log
ls -l  /var/log/elasticsearch

The last line says...

what happens when you try

curl localhost:9200