ELK8.4安装配置错误记录

这篇具有很好参考价值的文章主要介绍了ELK8.4安装配置错误记录。希望对大家有所帮助。如果存在错误或未考虑完全的地方,请大家不吝赐教,您也可以点击"举报违法"按钮提交疑问。

1. kibana启动报错,kibana_system用户认证

[2022-09-06T19:47:01.491-04:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. security_exception: [security_exception] Reason: unable to authenticate user [kibana_system] for REST request [/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip]

解决办法:设置kibana_system用户的密码。
[es@goya1 cert]$ elasticsearch-reset-password -u kibana_system -i
warning: ignoring JAVA_HOME=/app/elasticsearch/jdk; using bundled JDK
This tool will reset the password of the [kibana_system] user.
You will be prompted to enter the password.
Please confirm that you would like to continue [y/N]y
Enter password for [kibana_system]: changeit123
Re-enter password for [kibana_system]changeit123
Password for the [kibana_system] user successfully reset.

修改,确认kibana.yml文件的配置部分:
# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "kibana_system"
elasticsearch.password: "changeit123"

2. logstash 启动报错

[2022-09-13T22:41:21,452][ERROR][logstash.configmanagement.bootstrapcheck] There are config files (1) in the '/app/logstash/config/tomcat_log_es.conf' folder. Elasticsearch is configured as the config store so configs cannot be sourced via the command line with -f or via logstash.yml with path.config
ERROR: There are config files (1) in the '/app/logstash/config/tomcat_log_es.conf' folder. Elasticsearch is configured as the config store so configs cannot be sourced via the command line with -f or via logstash.yml with path.config
usage:
  bin/logstash -f CONFIG_PATH [-t] [-r] [] [-w COUNT] [-l LOG]
  bin/logstash --modules MODULE_NAME [-M "MODULE_NAME.var.PLUGIN_TYPE.PLUGIN_NAME.VARIABLE_NAME=VALUE"] [-t] [-w COUNT] [-l LOG]
  bin/logstash -e CONFIG_STR [-t] [--log.level fatal|error|warn|info|debug|trace] [-w COUNT] [-l LOG]
  bin/logstash -i SHELL [--log.level fatal|error|warn|info|debug|trace]
  bin/logstash -V [--log.level fatal|error|warn|info|debug|trace]
  bin/logstash --help
[2022-09-13T22:41:21,463][FATAL][org.logstash.Logstash    ] Logstash stopped processing because of an error: (SystemExit) exit
org.jruby.exceptions.SystemExit: (SystemExit) exit
    at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:790) ~[jruby.jar:?]
    at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:753) ~[jruby.jar:?]
    at app.logstash.lib.bootstrap.environment.<main>(/app/logstash/lib/bootstrap/environment.rb:91) ~[?:?]

解决办法:原因是logstash.yml配置了xpack相关的参数。开启X-Pack Management功能后,启动logstsh的时候就不用再配置logstash.conf文件了,启动的时候也不用再使用-f指定这个文件进行启动了一旦启动了logstash的集中管理,我们就可以直接启动logstash,而不用跟任何的参数。Logstash集中管理,先启动logstash,然后再设置相关配置。

要么关闭x-Pack,要么不用-f的参数启动,相应的配置在logstash.yml里进行。

3, logstash配置的logstash_admin_user修改密码报错

[es@goya1 head-master]$ elasticsearch-reset-password -u logstash_admin_user
warning: ignoring JAVA_HOME=/app/elasticsearch/jdk; using bundled JDK
This tool will reset the password of the [logstash_admin_user] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]y

ERROR: Failed to reset password for the [logstash_admin_user] user

解决办法:原因是因为ES里没有这个用户,可以尝试通过kibana控制台创建一个角色和logstash_admin_user用户来解决问题。参考:Logstash8.4在Linux系统上的安装以及配置Tomcat日志(ELK安装part2)(未完待续)_yangkei的博客-CSDN博客

4,Metricbeat启动后报错connection refused

{"log.level":"info","@timestamp":"2022-09-16T03:36:06.216-0400","log.logger":"index-management","log.origin":{"file.name":"idxmgmt/std.go","file.line":267},"message":"Loaded index template.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-09-16T03:36:06.217-0400","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":147},"message":"Connection to backoff(elasticsearch(http://192.168.88.5:9200)) established","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-09-16T03:36:14.259-0400","log.origin":{"file.name":"module/wrapper.go","file.line":256},"message":"Error fetching data for metricset kibana.status: error making http request: Get \"http://localhost:5601/api/status\": dial tcp [::1]:5601: connect: connection refused","service.name":"metricbeat","ecs.version":"1.6.0"}
解决办法:因为http://localhost:5601这个配置是从metricsbeat目录下的kibana.yml文件读取的,因此需要修改localhost为对应的ip地址。

[es@goya1 modules.d]$ pwd
/app/metricbeat/modules.d
[es@goya1 modules.d]$ cat kibana.yml
# Module: kibana
# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-kibana.html

- module: kibana
  #metricsets:
  #  - status
  period: 10s
  hosts: ["192.168.88.5:5601"]
  #basepath: ""
  #username: "user"
  #password: "secret"

5, Metricbeat启动报错

Exiting: loading configs: 3 errors: invalid config: config file ("/app/metricbeat/modules.d/kibana.yml") can only be writable by the owner but the permissions are "-rwxrwxrwx" (to fix the permissions use: 'chmod go-w /app/metricbeat/modules.d/kibana.yml'); invalid config: config file ("/app/metricbeat/modules.d/logstash.yml") can only be writable by the owner but the permissions are "-rwxrwxrwx" (to fix the permissions use: 'chmod go-w /app/metricbeat/modules.d/logstash.yml'); invalid config: config file ("/app/metricbeat/modules.d/system.yml") can only be writable by the owner but the permissions are "-rwxrwxrwx" (to fix the permissions use: 'chmod go-w /app/metricbeat/modules.d/system.yml')
 问题解决:metricbeat文件权限不能给太大,不然启动检测不能他通过,可以修改到750的权限。

6,Metricbeat监控tomcat日志报错

{"log.level":"info","@timestamp":"2022-09-20T10:58:01.529+0800","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":147},"message":"Connection to backoff(elasticsearch(http://192.168.88.7:9200)) established","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-09-20T10:58:10.511+0800","log.origin":{"file.name":"module/wrapper.go","file.line":256},"message":"Error fetching data for metricset logstash.node_stats: error making http request: Get \"http://localhost:9600/\": dial tcp [::1]:9600: connect: connection refused","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-09-20T10:58:10.512+0800","log.origin":{"file.name":"module/wrapper.go","file.line":256},"message":"Error fetching data for metricset logstash.node: error making http request: Get \"http://localhost:9600/\": dial tcp 127.0.0.1:9600: connect: connection refused","service.name":"metricbeat","ecs.version":"1.6.0"}
问题解决:我使用了logstash提取tomcat日志,因此这里需要在Metricsbeat里再配置一下logstash.yml文件。

[es@goya1 modules.d]$ pwd
/app/metricbeat/modules.d
[es@goya1 modules.d]$ grep 9600 *
logstash-xpack.yml.disabled:  hosts: ["localhost:9600"]
logstash.yml:  hosts: ["localhost:9600"]

7,Filebeat启动报错

[es@goya1 filebeat]$ ./filebeat -e -c filebeat.kafka.yml 

{"log.level":"error","@timestamp":"2022-09-26T16:56:43.325+0800","log.origin":{"file.name":"instance/beat.go","file.line":1051},"message":"Exiting: 1 error: setting 'filebeat.prospectors' has been removed","service.name":"filebeat","ecs.version":"1.6.0"}
Exiting: 1 error: setting 'filebeat.prospectors' has been removed
解决办法:在6.3版本以后,在配置文件中需要把filebeat.prospectors 修改为filebeat.inputs

[es@goya1 filebeat]$ cat filebeat.kafka.yml
filebeat.prospectors:
  - type: log
    enabled: true
    paths:
        - /app/tomcat/logs/tomcat_access_json.2022-09-23.log

[es@goya1 filebeat]$ cat filebeat.kafka.yml
filebeat.inputs:
  - type: log
    enabled: true
    paths:
        - /app/tomcat/logs/tomcat_access_json.2022-09-23.log
 文章来源地址https://www.toymoban.com/news/detail-797629.html

到了这里,关于ELK8.4安装配置错误记录的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处: 如若内容造成侵权/违法违规/事实不符,请点击违法举报进行投诉反馈,一经查实,立即删除!

领支付宝红包 赞助服务器费用

相关文章

  • 【containerd错误解决系列】failed to create shim task, OCI runtime create failed, unable to retrieve OCI...

    pod的状态全部都是ContainerCreating的状态 containerd进程有大量报错,主要有: failed to create containerd task: failed to create shim task: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/containerd/io.containerd.runtime.v2.task/k8s.io/c4847070fad34a8da9b16b5c20cdc38e28a15cfcf9913d712e4fe60d8c9029f7/log.json: no

    2023年04月25日
    浏览(47)
  • 【错误解决】docker找不到runc:failed to create shim: OCI runtime create failed: unable to retrieve OCI runtime

    docker run 容器 OCI runtime create failed 报错 docker pull nginx:latest #启动一个容器 docker run --name docker_nginx -p 80:80 -d nginx docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/containerd/io.containerd.runtime.v2.tas

    2024年03月15日
    浏览(51)
  • Flutter问题记录 - Unable to find bundled Java version

    有个紧急问题需要修复,本以为很快就能解决继续休假,没想到项目打开运行后Android端跑不起来了,iOS端正常运行,这就有点莫名其妙,明明放假前还是没问题的,难道我拉取的最新代码有问题?不会吧,谁放假还敲代码啊?🤔️看了下最新的提交记录,还是放假前我提交

    2024年01月16日
    浏览(53)
  • ubuntu20.04 安装使用 elk8.x + filebeat

    下载公共签名密钥 安装必要的包 保存存储库的定义到/etc/apt/sources.list.d/elastic-8.x.list 更新包并且安装 elsticsearch8 如果有需要可以修改某些参数 启动 elasticsearch 安装 kibana 安装公共签名密钥 安装必要的包 保存存储库的定义到/etc/apt/sources.list.d/elastic-8.x.list 更新包并且安装 kib

    2024年02月05日
    浏览(34)
  • centos7 yum安装ELK8.X+filebeat

    系统:centos7.9 elasticsearch-8.5.3 kibana-8.5.3 logstash-8.5.3 filebeat-8.5.3 下载地址:Elastic官网 我下载的是rpm格式 在ssh工具上,可以通过wget 命令将4个rpm包进行下载, 下载的包就放在root下,如 使用yum localinstall 安装本地rpm包,执行代码如下(示例): 安装完成会生成默认密码,可以记

    2024年02月08日
    浏览(53)
  • 在配置Flutter环境遇到:× Windows Version (Unable to confirm if installed Windows version is 10 or greater)

    在配置flutter环境的过程中,出现了以下问题: 我已经能够重现该问题。事实上,正如@liscanso首先发现的那样,它与系统语言有关,因为没有参数的命令输出是依赖于语言的。所以我提出了一个可以帮助绕过这个问题的修复程序。systeminfo 1、把该目录下的文件替换为下面的代

    2024年02月11日
    浏览(51)
  • Portainer连不上docker Unable to retrieve images或Unable to connect to the Docker environment

    系统:Centos docker:23.0.6 portainer:2.19.2 服务器A and 服务器B A,B都有Docker 现象 1、在A上安装了Portainer后,local evironment 可以显示images数量等信息,但无法显示详情,出现Unable to connect to the Docker environment 2、尝试         编辑docker.service         找到 ExecStart字段修改如下  

    2024年04月13日
    浏览(48)
  • 《Kubernetes故障篇:unable to retrieve OCI runtime error》

    1、环境信息如下: 操作系统 K8S版本 containerd版本 Centos7.6 v1.24.12 v1.6.12 2、报错信息如下: Warning FailedCreatePodSandBox 106s (x39 over 10m) kubelet (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create containerd task: failed to create shim task: OCI runtime create failed

    2024年02月14日
    浏览(38)
  • 解决Termux安装kali下载脚本发生“Unable to establish SSL connection.”的错误

    问题描述: 安装kali时,使用了“wget -O install-nethunter-termux https://offs.ec/2MceZWr”命令来下载脚本。但是出现“Unable to establish SSL connection.”无法建立SSL连接的错误 解决方法: 1、解决思路: 因为https是一个安全协议,需要身份验证和数据加密传输,在wget下载https资源时,会默认

    2024年03月20日
    浏览(50)
  • ELK8.8.1搭建教程

    elasticsearch: https://www.elastic.co/cn/elasticsearch/ kibana: https://www.elastic.co/cn/downloads/kibana logstash: https://www.elastic.co/cn/downloads/logstash ① mkdir -pv /opt/elk/ 解压下载的tar.gz到此处 ② 因为elasticsearch,kibana不能以root运行,所以创建个新用户elk ① 进入解压的elasticsearch目录 ② 修改配置文件,

    2024年02月13日
    浏览(44)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

博客赞助

微信扫一扫打赏

请作者喝杯咖啡吧~博客赞助

支付宝扫一扫领取红包,优惠每天领

二维码1

领取红包

二维码2

领红包