When following the install guide for Elasticsearch for Red Hat, Install Elasticsearch, 7. Edit elasticsearch.yml:
I am being told that the config is enough to get started for a single node so I deleted all lines and pasted in
cluster.name: elastiflow
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
discovery.type: 'single-node'
indices.query.bool.max_clause_count: 8192
search.max_buckets: 250000
action.destructive_requires_name: 'true'
xpack.security.http.ssl.enabled: 'true'
xpack.security.http.ssl.verification_mode: 'none'
xpack.security.http.ssl.certificate_authorities: /etc/elasticsearch/certs/ca/ca.crt
xpack.security.http.ssl.key: /etc/elasticsearch/certs/myhost/myhost.key
xpack.security.http.ssl.certificate: /etc/elasticsearch/certs/myhost/myhost.crt
xpack.monitoring.enabled: 'true'
xpack.monitoring.collection.enabled: 'true'
xpack.monitoring.collection.interval: 30s
xpack.security.enabled: 'true'
xpack.security.audit.enabled: 'false'
I then added my config for my environment:
cluster.name: ipr-ost-netflow-c1
path.data: /netflow/var/lib/elasticsearch
path.logs: /netflow/var/log/elasticsearch
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
discovery.type: 'single-node'
indices.query.bool.max_clause_count: 8192
search.max_buckets: 250000
action.destructive_requires_name: 'true'
xpack.security.http.ssl.enabled: 'true'
xpack.security.http.ssl.verification_mode: 'none'
xpack.security.http.ssl.certificate_authorities: /etc/elasticsearch/certs/ca/ca.crt
xpack.security.http.ssl.key: /etc/elasticsearch/certs/ipr-ost-netflow/ipr-ost-netflow.key
xpack.security.http.ssl.certificate: /etc/elasticsearch/certs/ipr-ost-netflow/ipr-ost-netflow.crt
xpack.monitoring.enabled: 'true'
xpack.security.enabled: 'true'
xpack.security.audit.enabled: 'false'
On 8. Enable and Start Elasticsearch
I run the commands
sudo systemctl daemon-reload &&
sudo systemctl enable elasticsearch &&
sudo systemctl start elasticsearch
The daemon fails to start and the only error message in the log is:
[2025-01-06T17:07:20,170][ERROR][o.e.b.Elasticsearch ] [ipr-ost-netflow] fatal exception while booting Elasticsearch
java.lang.IllegalArgumentException: unknown setting [xpack.monitoring.enabled] did you mean any of [xpack.profiling.enabled, xpack.monitoring.templates.enabled]?
at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:564) ~[elasticsearch-8.17.0.jar:?]
at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:510) ~[elasticsearch-8.17.0.jar:?]
at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:480) ~[elasticsearch-8.17.0.jar:?]
at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:450) ~[elasticsearch-8.17.0.jar:?]
at org.elasticsearch.common.settings.SettingsModule.<init>(SettingsModule.java:133) ~[elasticsearch-8.17.0.jar:?]
at org.elasticsearch.common.settings.SettingsModule.<init>(SettingsModule.java:51) ~[elasticsearch-8.17.0.jar:?]
at org.elasticsearch.node.NodeConstruction.validateSettings(NodeConstruction.java:530) ~[elasticsearch-8.17.0.jar:?]
at org.elasticsearch.node.NodeConstruction.prepareConstruction(NodeConstruction.java:280) ~[elasticsearch-8.17.0.jar:?]
at org.elasticsearch.node.Node.<init>(Node.java:200) ~[elasticsearch-8.17.0.jar:?]
at org.elasticsearch.bootstrap.Elasticsearch$2.<init>(Elasticsearch.java:247) ~[elasticsearch-8.17.0.jar:?]
at org.elasticsearch.bootstrap.Elasticsearch.initPhase3(Elasticsearch.java:247) ~[elasticsearch-8.17.0.jar:?]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:76) ~[elasticsearch-8.17.0.jar:?]
df -h /netflow/
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VG_00-lv_netflow 1007G 480K 956G 1% /netflow
ls -la /netflow/
drwxr-xr-x 4 elasticsearch elasticsearch 4096 Jan 6 16:57 var
ls -la /netflow/var
drwxr-xr-x 3 elasticsearch elasticsearch 4096 Jan 6 16:50 lib
drwxr-xr-x 3 elasticsearch elasticsearch 4096 Jan 6 16:57 log
cat /etc/os-release
NAME="Red Hat Enterprise Linux"
VERSION="8.10 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.10"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.10 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos"