I'm trying to setup Graylog and before you install Graylog, Elasticsearch is required. The basic configuration seems to be all that is necessary but I cannot get this to start and continue to run. See errors below:
I'm using Oracle Linux 7u2 minimal install. It's a fresh install with no updates at the moment. This is a VM sitting on ESXi 6.0u2. 2 CPU, 8GB RAM, 30GB HDD. This is more of a test build to see how to perform the install.
I'm using java1.8.0_202 (jdk-8u202-linux-x64.rpm)
So far I just have Java and MongoDB installed.
Here is the error I'm receiving:
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2019-02-07 13:08:24 EST; 12min ago
Docs: http://www.elastic.co
Process: 3176 ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 3176 (code=exited, status=1/FAILURE)
Feb 07 13:08:24 apsls elasticsearch[3176]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93)
Feb 07 13:08:24 apsls elasticsearch[3176]: Caused by: ParsingException[Failed to parse object: expecting token of type [START_OBJECT] but found [VALUE_STRING]]
Feb 07 13:08:24 apsls elasticsearch[3176]: at org.elasticsearch.common.xcontent.XContentParserUtils.ensureExpectedToken(XContentParserUtils.java:78)
Feb 07 13:08:24 apsls elasticsearch[3176]: at org.elasticsearch.common.settings.Settings.fromXContent(Settings.java:696)
Feb 07 13:08:24 apsls elasticsearch[3176]: at org.elasticsearch.common.settings.Settings.access$500(Settings.java:84)
Feb 07 13:08:24 apsls elasticsearch[3176]: at org.elasticsearch.common.settings.Settings$Builder.loadFromStream(Settings.java:1212)
Feb 07 13:08:24 apsls elasticsearch[3176]: ... 8 more
Feb 07 13:08:24 apsls systemd[1]: elasticsearch.service: main process exited, code=exited, status=1/FAILURE
Feb 07 13:08:24 apsls systemd[1]: Unit elasticsearch.service entered failed state.
Feb 07 13:08:24 apsls systemd[1]: elasticsearch.service failed.
Only things I have changed in the elasticsearch.yml are:
cluster.name:graylog
path.data:/var/lib/elasticsearch
path.logs:/var/log/elasticsearch
action.auto_create_index:false <---This line is per Graylog instructions
Here is my /etc/sysconfig/elasticsearch file:
[root@apsls java]# cat /etc/sysconfig/elasticsearch
################################
Elasticsearch
################################
Elasticsearch home directory
ES_HOME=/usr/share/elasticsearch
Elasticsearch Java path
#JAVA_HOME=
Elasticsearch configuration directory
ES_PATH_CONF=/etc/elasticsearch
Elasticsearch PID directory
PID_DIR=/var/run/elasticsearch
Additional Java OPTS
#ES_JAVA_OPTS=
Configure restart on package upgrade (true, every other setting will lead to not restarting)
#RESTART_ON_UPGRADE=true
################################
Elasticsearch service
################################
SysV init.d
The number of seconds to wait before checking if Elasticsearch started successfully as a daemon process
ES_STARTUP_SLEEP_TIME=5
################################
System properties
################################
Specifies the maximum file descriptor number that can be opened by this process
When using Systemd, this setting is ignored and the LimitNOFILE defined in
/usr/lib/systemd/system/elasticsearch.service takes precedence
#MAX_OPEN_FILES=65536
The maximum number of bytes of memory that may be locked into RAM
Set to "unlimited" if you use the 'bootstrap.memory_lock: true' option
in elasticsearch.yml.
When using systemd, LimitMEMLOCK must be set in a unit file such as
/etc/systemd/system/elasticsearch.service.d/override.conf.
#MAX_LOCKED_MEMORY=unlimited
Maximum number of VMA (Virtual Memory Areas) a process can own
When using Systemd, this setting is ignored and the 'vm.max_map_count'
property is set at boot time in /usr/lib/sysctl.d/elasticsearch.conf
MAX_MAP_COUNT=262144
If anyone has any advice, much appreciated!!
Thank you in advance.