The following error is occurring on one node in a three node elasticsearch/logstash cluster. It was functioning normally and apparently something changed recently (unaware of any work on the server at that time and not a system that people normally interact with). Anyway cpu jumped about this time and these errors started appearing, there are no issues with the other two nodes in the cluster and I compared permissions on the logstash files in /etc/ in /usr/share/logstash and in our logs /opt/... The permissions are all the same. additionally if logstash didnt have write access to the location listed, it wouldnt be able to record the below error so something odd going on.
[2018-12-19T17:41:38,931][FATAL][logstash.runner ] An unexpected error occurred! {:error=>#<ArgumentError: Path "/opt/elkstack/data/logstash/dfq-00" must be a writable directory. It is not writable.>, :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/settings.rb:448:in validate'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:230:invalidate_value'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:141:in block in validate_all'", "org/jruby/RubyHash.java:1343:ineach'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:140:in validate_all'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:264:inexecute'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/clamp-0.6.5/lib/clamp/command.rb:67:in run'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:219:inrun'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/clamp-0.6.5/lib/clamp/command.rb:132:in run'", "/usr/share/logstash/lib/bootstrap/environment.rb:67:in'"]}
[2018-12-19T17:41:38,942][ERROR][org.logstash.Logstash ] java.lang.IllegalStateException: org.jruby.exceptions.RaiseException: (SystemExit) exit