auditbeat설치 후 elasticsearch 로그 확인시 아래와 같이 오류발생 index [.async-search] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block]; 쌓여지는 데이터가 많다보니 발생하였습니다. 해서 디스크 공간이 부족하여 / 을 증설하였습니다. 1 2 3 4 5 6 7 8 9 # fdisk /dev/sda # pvcreate /dev/sda3 # vgextend centos_mail /dev/sda3 # lvextend -l+100%FREE /dev/centos_mail/root # xfs_growfs /dev/centos..

엘라스틱 health 확인시 아래와 같이 상태값이 503 # curl -XGET "localhost:9200/_cluster/health?pretty" { "error" : { "root_cause" : [ { "type" : "master_not_discovered_exception", "reason" : null } ], "type" : "master_not_discovered_exception", "reason" : null }, "status" : 503 } 추가확인시 클러스터 uuid값이 나오지 않았음 # curl http://localhost:9200/ { "name" : "node-1", "cluster_name" : "elasticsearch", "cluster_uuid" : "_na_",..

엘라스틱서치 실행시 아래와 같이 오류발생확인 [2021-04-07T09:46:19,467][ERROR][o.e.b.Bootstrap] [darksharavim.com] node validation exception [1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch. bootstrap check failure [1] of [1]: memory locking requested for elasticsearch process but memory is not locked ulimit상태값 # ulimit -aS core file size (bl..

설치환경 # cat /etc/redhat-release CentOS Linux release 7.9.2009 (Core) # java -version openjdk version "1.8.0_282" OpenJDK Runtime Environment (build 1.8.0_282-08) OpenJDK 64-Bit Server VM (build 25.282-b08, mixed mode) 호환성확인 www.elastic.co/kr/support/matrix Elastic Support Matrix | Elasticsearch Everything you need to launch the Elastic (ELK stack). From Oracle to IBM, Ubuntu to Windows, Firefox t..

도커버전 # docker -v Docker version 1.13.1, build 0be3e21/1.13.1 elasticsearch image 다운 # docker pull docker.elastic.co/elasticsearch/elasticsearch:7.6.2 Trying to pull repository docker.elastic.co/elasticsearch/elasticsearch ... 7.6.2: Pulling from docker.elastic.co/elasticsearch/elasticsearch c808caf183b6: Pull complete d6caf8e15a64: Pull complete b0ba5f324e82: Pull complete d7e8c1e99b9a: Pull com..