root@mu:/home/murad/metricbeat-7.12.0-darwin-x86_64# sudo service metricbeat start
Failed to start metricbeat.service: Unit metricbeat.service not found.
root@mu:/home/murad/metricbeat-7.12.0-darwin-x86_64# sudo service metricbeat status
Unit metricbeat.service could not be found.
root@mu:/home/murad/metricbeat-7.12.0-darwin-x86_64#
thank you for your support
i am using physical server with ubuntu 20.04
uname -a output is :
Linux murad 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
i download the file as the recommendation in the setup procedure
I install the version for ubuntu as your recommended but I still have this error win i try to start the service :
root@mu:/etc/kibana/metricbeat-7.12.0-linux-x86_64/modules.d# sudo service metricbeat start
Failed to start metricbeat.service: Unit metricbeat.service not found.
It appears you want to install as a service then you are not installing correct.
Are you familiar with how Linux Services work? they don't work by just untarring a tar.gz. To run as a service file the need to be installed with a package manager.
If you want to run as a service then you need to install with a package manager using a .deb or an .rpm
Click on the Deb link above and follow those instructions.
Or see here read carefully and install with the Deb options.
OR
if you just want to run from the tar.gz select the Linux option for each step and follow instructions.
You are mixing concepts / different ways to install
Apr 06 11:01:11 murad systemd[1]: Starting Elasticsearch...
Apr 06 11:01:11 murad systemd-entrypoint[247296]: /usr/share/elasticsearch/bin/systemd-entrypoint: 7: cannot open /etc/elasticsear>
Apr 06 11:01:11 murad systemd[1]: elasticsearch.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Apr 06 11:01:11 murad systemd[1]: elasticsearch.service: Failed with result 'exit-code'.
Apr 06 11:01:11 murad systemd[1]: Failed to start Elasticsearch.
'''
when is start the service i got : murad@murad:/etc/elasticsearch$ sudo systemctl restart elasticsearch
'''
Job for elasticsearch.service failed because the control process exited with error code.
See "systemctl status elasticsearch.service" and "journalctl -xe" for details.
'''
murad@murad:/etc/elasticsearch$
i check the journalctl :
murad@murad:/etc/elasticsearch$ journalctl -xe
'''
Apr 06 11:15:08 murad sshd[248266]: Received disconnect from 142.93.212.91 port 38084:11: Bye Bye [preauth]
Apr 06 11:15:08 murad sshd[248266]: Disconnected from authenticating user root 142.93.212.91 port 38084 [preauth]
Apr 06 11:15:25 murad sshd[248278]: Invalid user king from 140.143.210.92 port 41206
Apr 06 11:15:25 murad sshd[248278]: pam_unix(sshd:auth): check pass; user unknown
Apr 06 11:15:25 murad sshd[248278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.14>
Apr 06 11:15:27 murad sshd[248283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.71.>
Apr 06 11:15:28 murad sshd[248278]: Failed password for invalid user king from 140.143.210.92 port 41206 ssh2
Apr 06 11:15:28 murad metricbeat[108534]: 2021-04-06T11:15:28.384Z INFO [monitoring] log/log.go:144 No>
Apr 06 11:15:29 murad sshd[248283]: Failed password for root from 81.71.17.140 port 39412 ssh2
Apr 06 11:15:29 murad sshd[248278]: Received disconnect from 140.143.210.92 port 41206:11: Bye Bye [preauth]
Apr 06 11:15:29 murad sshd[248278]: Disconnected from invalid user king 140.143.210.92 port 41206 [preauth]
Apr 06 11:15:30 murad sshd[248283]: Received disconnect from 81.71.17.140 port 39412:11: Bye Bye [preauth]
Apr 06 11:15:30 murad sshd[248283]: Disconnected from authenticating user root 81.71.17.140 port 39412 [preauth]
Apr 06 11:15:31 murad sshd[248287]: Invalid user gitadm from 118.24.17.28 port 46978
Apr 06 11:15:31 murad sshd[248287]: pam_unix(sshd:auth): check pass; user unknown
Apr 06 11:15:31 murad sshd[248287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24>
Apr 06 11:15:34 murad sshd[248287]: Failed password for invalid user gitadm from 118.24.17.28 port 46978 ssh2
Apr 06 11:15:35 murad sshd[248292]: Invalid user diana from 134.122.19.142 port 47794
Apr 06 11:15:35 murad sshd[248292]: pam_unix(sshd:auth): check pass; user unknown
Apr 06 11:15:35 murad sshd[248292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.12>
Apr 06 11:15:36 murad sshd[248287]: Received disconnect from 118.24.17.28 port 46978:11: Bye Bye [preauth]
Apr 06 11:15:36 murad sshd[248287]: Disconnected from invalid user gitadm 118.24.17.28 port 46978 [preauth]
Apr 06 11:15:37 murad sshd[248292]: Failed password for invalid user diana from 134.122.19.142 port 47794 ssh2
Apr 06 11:15:39 murad sshd[248292]: Received disconnect from 134.122.19.142 port 47794:11: Bye Bye [preauth]
Apr 06 11:15:39 murad sshd[248292]: Disconnected from invalid user diana 134.122.19.142 port 47794 [preauth]
lines 1145-1169/1169 (END)
'''
my elasticserch.yml :
root@murad:/etc/elasticsearch# nano elasticsearch.yml
'''
murad@murad:/etc/default$ systemctl restart elasticsearch
</>
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to restart 'elasticsearch.service'.
Authenticating as: murad
Password:
==== AUTHENTICATION COMPLETE ===
Job for elasticsearch.service failed because the control process exited with error code.
See "systemctl status elasticsearch.service" and "journalctl -xe" for details.
murad@murad:/etc/default$
Apr 06 15:40:01 murad metricbeat[108534]: 2021-04-06T15:40:01.434Z INFO [publisher] pipeline/retry.go:217 >
Apr 06 15:40:01 murad CRON[264886]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 06 15:40:01 murad CRON[264887]: (root) CMD ( PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker local)
Apr 06 15:40:01 murad CRON[264886]: pam_unix(cron:session): session closed for user root
Apr 06 15:40:03 murad sshd[264883]: Failed password for root from 121.149.104.28 port 52930 ssh2
Apr 06 15:40:04 murad sshd[264883]: Connection closed by authenticating user root 121.149.104.28 port 52930 [preauth]
Apr 06 15:40:07 murad sshd[264907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.14>
Apr 06 15:40:08 murad sshd[264907]: Failed password for root from 121.149.104.28 port 53733 ssh2
Apr 06 15:40:10 murad sshd[264912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.24>
Apr 06 15:40:10 murad sshd[264907]: Connection closed by authenticating user root 121.149.104.28 port 53733 [preauth]
Apr 06 15:40:12 murad sshd[264912]: Failed password for root from 104.248.229.42 port 42984 ssh2
Apr 06 15:40:13 murad sshd[264912]: Received disconnect from 104.248.229.42 port 42984:11: Bye Bye [preauth]
Apr 06 15:40:13 murad sshd[264912]: Disconnected from authenticating user root 104.248.229.42 port 42984 [preauth]
Apr 06 15:40:13 murad sshd[264917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.14>
Apr 06 15:40:14 murad sshd[264917]: Failed password for root from 121.149.104.28 port 54503 ssh2
Apr 06 15:40:15 murad sshd[264917]: Connection closed by authenticating user root 121.149.104.28 port 54503 [preauth]
Apr 06 15:40:18 murad sshd[264922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.14>
Apr 06 15:40:20 murad sshd[264922]: Failed password for root from 121.149.104.28 port 55181 ssh2
Apr 06 15:40:21 murad sshd[264922]: Connection closed by authenticating user root 121.149.104.28 port 55181 [preauth]
Apr 06 15:40:24 murad sshd[264928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.14>
Apr 06 15:40:25 murad sshd[264928]: Failed password for root from 121.149.104.28 port 56004 ssh2
Apr 06 15:40:27 murad sshd[264928]: Connection closed by authenticating user root 121.149.104.28 port 56004 [preauth]
Apr 06 15:40:28 murad metricbeat[108534]: 2021-04-06T15:40:28.384Z INFO [monitoring] log/log.go:144 No>
Apr 06 15:40:30 murad sshd[264937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.14>
Apr 06 15:40:32 murad sshd[264937]: Failed password for root from 121.149.104.28 port 56804 ssh2
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#----------------------------------security-------------------------------------
# transport.host: localhost
# transport.tcp.port: 9300
# action.auto_create_index: *
#
# https.bind_host: 182.213.0.202
# xpack.security.http.ssl.enabled: true
# xpack.security.enabled: false
# xpack.security.http.ssl.key
# xpack.security.http.ssl.certificate
# xpack.security.authc.anonymous.username
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: murad
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 0.0.0.0
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
GNU nano 4.8 elasticsearch.yml Modified
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["182.213.0.202:"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["node-1"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
# action.destructive_requires_name: true
#
#
thank you for your exultant support
i install the software from apt.
i found in the log this /etc/elasticsearch/my_pwd_file.tmp was need permission so i chmod it to 777
the service is running with this errors
e; enabled; vendor preset: enabled)
9min ago
re:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=>
platform/linux-x86_64/bin/controller
0:43,178 main ERROR Null object returned for RollingFile in Appenders.
0:43,178 main ERROR Unable to locate appender "rolling" for logger config "root"
0:43,178 main ERROR Unable to locate appender "index_indexing_slowlog_rolling_old" for logger config "index.indexing.slowlog.index"
0:43,179 main ERROR Unable to locate appender "index_indexing_slowlog_rolling" for logger config "index.indexing.slowlog.index"
0:43,179 main ERROR Unable to locate appender "audit_rolling" for logger config "org.elasticsearch.xpack.security.audit.logfile.Lo>
0:43,179 main ERROR Unable to locate appender "index_search_slowlog_rolling_old" for logger config "index.search.slowlog"
0:43,180 main ERROR Unable to locate appender "index_search_slowlog_rolling" for logger config "index.search.slowlog"
0:43,180 main ERROR Unable to locate appender "deprecation_rolling_old" for logger config "org.elasticsearch.deprecation"
0:43,181 main ERROR Unable to locate appender "deprecation_rolling" for logger config "org.elasticsearch.deprecation"
thanks
i use The Debian package for Elasticsearch v7.12.0 downloaded from the website and install it manual as in the website you sent
is the error is related to the elasticserach.yml file and what is the need to enable in it
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#----------------------------------security-------------------------------------
# transport.host: localhost
# transport.tcp.port: 9300
action.auto_create_index: .monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*
#
# https.bind_host: 182.213.0.202
# xpack.security.http.ssl.enabled: true
# xpack.security.enabled: false
# xpack.security.http.ssl.key
# xpack.security.http.ssl.certificate
# xpack.security.authc.anonymous.username
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: murad
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 0.0.0.0
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
GNU nano 4.8 elasticsearch.yml Modified
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["182.213.0.202:"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["node-1"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
# action.destructive_requires_name: true
#
#
If you only want to run a single node... then I would use the following You should read this.
I would make as few changes as possible.
I would clean up the data directory (delete its contents assuming you have never got this running)
use this yaml and then start the service.
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#----------------------------------security-------------------------------------
# transport.host: localhost
# transport.tcp.port: 9300
# action.auto_create_index: .monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*
#
# https.bind_host: 182.213.0.202
# xpack.security.http.ssl.enabled: true
# xpack.security.enabled: false
# xpack.security.http.ssl.key
# xpack.security.http.ssl.certificate
# xpack.security.authc.anonymous.username
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: murad
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 0.0.0.0
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
# http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
discovery.type : single-node
#
# discovery.seed_hosts: ["182.213.0.202:"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
# cluster.initial_master_nodes: ["node-1"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
# action.destructive_requires_name: true
thanx
i update the .yml file and restart the serves it is running with error like this
root@murad:/etc/elasticsearch# sudo systemctl status elasticsearch
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2021-04-06 19:01:09 UTC; 52s ago
Docs: https://www.elastic.co
Main PID: 278334 (java)
Tasks: 101 (limit: 43307)
Memory: 18.8G
CGroup: /system.slice/elasticsearch.service
├─278334 /usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cach>
└─278563 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller
Apr 06 19:00:52 murad systemd-entrypoint[278334]: 2021-04-06 19:00:52,021 main ERROR Null object returned for RollingFile in Appen>
Apr 06 19:00:52 murad systemd-entrypoint[278334]: 2021-04-06 19:00:52,022 main ERROR Unable to locate appender "rolling" for logge>
Apr 06 19:00:52 murad systemd-entrypoint[278334]: 2021-04-06 19:00:52,022 main ERROR Unable to locate appender "index_indexing_slo>
Apr 06 19:00:52 murad systemd-entrypoint[278334]: 2021-04-06 19:00:52,022 main ERROR Unable to locate appender "index_indexing_slo>
Apr 06 19:00:52 murad systemd-entrypoint[278334]: 2021-04-06 19:00:52,023 main ERROR Unable to locate appender "audit_rolling" for>
Apr 06 19:00:52 murad systemd-entrypoint[278334]: 2021-04-06 19:00:52,023 main ERROR Unable to locate appender "index_search_slowl>
Apr 06 19:00:52 murad systemd-entrypoint[278334]: 2021-04-06 19:00:52,023 main ERROR Unable to locate appender "index_search_slowl>
Apr 06 19:00:52 murad systemd-entrypoint[278334]: 2021-04-06 19:00:52,024 main ERROR Unable to locate appender "deprecation_rollin>
Apr 06 19:00:52 murad systemd-entrypoint[278334]: 2021-04-06 19:00:52,024 main ERROR Unable to locate appender "deprecation_rollin>
Apr 06 19:01:09 murad systemd[1]: Started Elasticsearch.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
