When installing ElasticFlow 7.5, get fatal exception while bootstraping Elasticsearch

When following the install guide for Elasticsearch for Red Hat, Install Elasticsearch, 7. Edit elasticsearch.yml:

I am being told that the config is enough to get started for a single node so I deleted all lines and pasted in

cluster.name: elastiflow

path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch

bootstrap.memory_lock: true

network.host: 0.0.0.0
http.port: 9200

discovery.type: 'single-node'

indices.query.bool.max_clause_count: 8192
search.max_buckets: 250000

action.destructive_requires_name: 'true'

xpack.security.http.ssl.enabled: 'true'
xpack.security.http.ssl.verification_mode: 'none'
xpack.security.http.ssl.certificate_authorities: /etc/elasticsearch/certs/ca/ca.crt
xpack.security.http.ssl.key: /etc/elasticsearch/certs/myhost/myhost.key
xpack.security.http.ssl.certificate: /etc/elasticsearch/certs/myhost/myhost.crt

xpack.monitoring.enabled: 'true'
xpack.monitoring.collection.enabled: 'true'
xpack.monitoring.collection.interval: 30s

xpack.security.enabled: 'true'
xpack.security.audit.enabled: 'false'

I then added my config for my environment:

cluster.name: ipr-ost-netflow-c1

path.data: /netflow/var/lib/elasticsearch
path.logs: /netflow/var/log/elasticsearch

bootstrap.memory_lock: true

network.host: 0.0.0.0
http.port: 9200

discovery.type: 'single-node'

indices.query.bool.max_clause_count: 8192
search.max_buckets: 250000

action.destructive_requires_name: 'true'

xpack.security.http.ssl.enabled: 'true'
xpack.security.http.ssl.verification_mode: 'none'
xpack.security.http.ssl.certificate_authorities: /etc/elasticsearch/certs/ca/ca.crt
xpack.security.http.ssl.key: /etc/elasticsearch/certs/ipr-ost-netflow/ipr-ost-netflow.key
xpack.security.http.ssl.certificate: /etc/elasticsearch/certs/ipr-ost-netflow/ipr-ost-netflow.crt

xpack.monitoring.enabled: 'true'

xpack.security.enabled: 'true'
xpack.security.audit.enabled: 'false'

On 8. Enable and Start Elasticsearch

I run the commands

sudo systemctl daemon-reload &&
sudo systemctl enable elasticsearch &&
sudo systemctl start elasticsearch

The daemon fails to start and the only error message in the log is:

[2025-01-06T17:07:20,170][ERROR][o.e.b.Elasticsearch      ] [ipr-ost-netflow] fatal exception while booting Elasticsearch
java.lang.IllegalArgumentException: unknown setting [xpack.monitoring.enabled] did you mean any of [xpack.profiling.enabled, xpack.monitoring.templates.enabled]?
        at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:564) ~[elasticsearch-8.17.0.jar:?]
        at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:510) ~[elasticsearch-8.17.0.jar:?]
        at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:480) ~[elasticsearch-8.17.0.jar:?]
        at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:450) ~[elasticsearch-8.17.0.jar:?]
        at org.elasticsearch.common.settings.SettingsModule.<init>(SettingsModule.java:133) ~[elasticsearch-8.17.0.jar:?]
        at org.elasticsearch.common.settings.SettingsModule.<init>(SettingsModule.java:51) ~[elasticsearch-8.17.0.jar:?]
        at org.elasticsearch.node.NodeConstruction.validateSettings(NodeConstruction.java:530) ~[elasticsearch-8.17.0.jar:?]
        at org.elasticsearch.node.NodeConstruction.prepareConstruction(NodeConstruction.java:280) ~[elasticsearch-8.17.0.jar:?]
        at org.elasticsearch.node.Node.<init>(Node.java:200) ~[elasticsearch-8.17.0.jar:?]
        at org.elasticsearch.bootstrap.Elasticsearch$2.<init>(Elasticsearch.java:247) ~[elasticsearch-8.17.0.jar:?]
        at org.elasticsearch.bootstrap.Elasticsearch.initPhase3(Elasticsearch.java:247) ~[elasticsearch-8.17.0.jar:?]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:76) ~[elasticsearch-8.17.0.jar:?]
df -h /netflow/

Filesystem                    Size  Used Avail Use% Mounted on
/dev/mapper/VG_00-lv_netflow 1007G  480K  956G   1% /netflow

ls -la /netflow/

drwxr-xr-x   4 elasticsearch elasticsearch  4096 Jan  6 16:57 var

ls -la /netflow/var

drwxr-xr-x 3 elasticsearch elasticsearch 4096 Jan  6 16:50 lib
drwxr-xr-x 3 elasticsearch elasticsearch 4096 Jan  6 16:57 log
cat /etc/os-release
NAME="Red Hat Enterprise Linux"
VERSION="8.10 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.10"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.10 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos"

Hi @tallguy86 Welcome to the community!

Apologies But I'm pretty confused.

Your title says you're trying to start elasticsearch 7.5.

But your error Trace clearly shows 8.17.

~[elasticsearch-8.17.0.jar

Which means you're starting the 8.17 distribution.

So what are you trying to do?

Tell us from the high level what you're trying to do and perhaps we can get you started.

And I would advise please don't use 7.5 it is truly ancient.
.
If you need to use 7.x at least use 7.17 latest

“This deprecated setting has no effect.” Is in an earlier version of the docs.

Deprecated in 7.8, now seems to throw an error.

You wrote “I am being told …”. I’m sure whoever is telling you means well, but try to check and validate what you are told. They perhaps had a working config for 7.something, if you really really really must use that version then do, otherwise you need check the current (8.17.0) docs against what you need/want.

Sorry for the version confusion. I am following the Elasticsearch guide from the ElasticFlow (7.5) website so I might be using an outdated guide.

/usr/share/elasticsearch/bin/elasticsearch --version
Version: 8.17.0, Build: rpm/2b6a7fed44faa321997703718f07ee0420804b41/2024-12-11T12:08:05.663969764Z, JVM: 23

Disregard. I used the out-of-the-box elasticsearch.yml config and it started up.

1 Like

Yup Right thing to do...

Use our docs too...

1 Like