Hi,
I'm very new to elk and configured stack.Work fine.
So I ship my syslog data to stack and now kibana stops.
Stack run on Ubunto 20.04 AMD 64 server.
cat /var/log/elasticsearch/elasticsearch.log
[2021-02-19T21:29:29,197][ERROR][o.e.x.i.IndexLifecycleRunner] [elk.sltidc.lk] policy [filebeat] for index [filebeat-7.11.0-2021.02.19] failed on step [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}]. Moving to ERROR step
java.lang.IllegalArgumentException: index.lifecycle.rollover_alias [filebeat-7.11.0] does not point to index [filebeat-7.11.0-2021.02.19]
at org.elasticsearch.xpack.core.ilm.WaitForRolloverReadyStep.evaluateCondition(WaitForRolloverReadyStep.java:124) [x-pack-core-7.11.0.jar:7.11.0]
at org.elasticsearch.xpack.ilm.IndexLifecycleRunner.runPeriodicStep(IndexLifecycleRunner.java:175) [x-pack-ilm-7.11.0.jar:7.11.0]
at org.elasticsearch.xpack.ilm.IndexLifecycleService.triggerPolicies(IndexLifecycleService.java:334) [x-pack-ilm-7.11.0.jar:7.11.0]
at org.elasticsearch.xpack.ilm.IndexLifecycleService.triggered(IndexLifecycleService.java:272) [x-pack-ilm-7.11.0.jar:7.11.0]
at org.elasticsearch.xpack.core.scheduler.SchedulerEngine.notifyListeners(SchedulerEngine.java:184) [x-pack-core-7.11.0.jar:7.11.0]
at org.elasticsearch.xpack.core.scheduler.SchedulerEngine$ActiveSchedule.run(SchedulerEngine.java:217) [x-pack-core-7.11.0.jar:7.11.0]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) [?:?]
at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) [?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
at java.lang.Thread.run(Thread.java:832) [?:?]
cat /var/log/kibana/kibana.log
{"type":"log","@timestamp":"2021-02-19T21:32:22+05:30","tags":["warning","elasticsearch","monitoring"],"pid":1088,"message":"No living connections"}
{"type":"log","@timestamp":"2021-02-19T21:32:22+05:30","tags":["warning","plugins","licensing"],"pid":1088,"message":"License information could not be obtained from Elasticsearch due to Error: No Living connections error"}
root@elk:~# cat /etc/rsyslog.d/01-json-template.conf
template(name="json-template"
type="list") {
constant(value="{")
constant(value=""@timestamp":"") property(name="timereported" dateFormat="rfc3339")
constant(value="","@version":"1")
constant(value="","message":"") property(name="msg" format="json")
constant(value="","sysloghost":"") property(name="hostname")
constant(value="","severity":"") property(name="syslogseverity-text")
constant(value="","facility":"") property(name="syslogfacility-text")
constant(value="","programname":"") property(name="programname")
constant(value="","procid":"") property(name="procid")
constant(value=""}\n")
}
root@elk:~# cat /etc/rsyslog.d/60-output.conf
This line sends all lines to defined IP address at port 10514,
using the "json-template" format template
. @172.20.111.199:10514;json-template
root@elk:~# update-alternatives --config java
There are 3 choices for the alternative java (providing /usr/bin/java).
Selection Path Priority Status
0 /usr/lib/jvm/java-11-openjdk-amd64/bin/java 1111 auto mode
- 1 /usr/lib/jvm/java-11-openjdk-amd64/bin/java 1111 manual mode
2 /usr/lib/jvm/java-15-oracle/bin/java 1091 manual mode
3 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java 1081 manual mode
root@elk:~# curl -X GET "172.20.111.199:9200"
{
"name" : "elk.sltidc.lk",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "vXue3M1EQlKh1DUFleG2vQ",
"version" : {
"number" : "7.11.0",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "8ced7813d6f16d2ef30792e2fcde3e755795ee04",
"build_date" : "2021-02-08T22:44:01.320463Z",
"build_snapshot" : false,
"lucene_version" : "8.7.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
Please help to rectify the issue.
Thanks
