问题
max file descriptors [4096] for elasticsearch process is too low
max_map_count too low
解决方法
/etc/security/limits.conf
* hard memlock unlimited
* soft memlock unlimited
* hard nofile 65536
* soft nofile 65536
* - as unlimited
/etc/sysctl.conf
fs.file-max = 2097152
vm.max_map_count = 262144
vm.swappiness = 1
问题
Attempted to resurrect connection to dead ES instance, but got an error. {:url=>#<URI::HTTP:0x5e80476d URL:http://192.168.138.158:9200/>, :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://192.168.138.158:9200/'"}
解决方法
logstash没有配置到elasticsearch的authentication导致。
output{
elasticsearch { hosts => [ "192.168.138.158:9200" ] user => "elastic" password => "changeme" }
}