ElaticStack常见报错指南

                                              作者:尹正杰

版权声明:原创作品,谢绝转载!否则将追究法律责任。

目录

Q1: Exiting: setup.template.name and setup.template.pattern have to be set if index name is modified

报错信息

2025-01-02T17:04:55.762+0800	ERROR	instance/beat.go:1027	Exiting: setup.template.name and setup.template.pattern have to be set if index name is modified

错误原因

	自定义索引时,必须指定索引的匹配模式和索引模板的名称。

解决方案

	添加"setup.template.name""setup.template.pattern"的模式。

Q2: Kibana server is not ready yet

报错信息

Kibana server is not ready yet

错误原因

	kibana无法正常启动。可能是ES集群未启动或者kibana的配置文件出错。

解决方案

	- 1.检查ES集群是否正常;
	- 2.检查kibana的配置文件是否指向了ES集群;
	- 3.检查ES集群是否开启了https,如果开启需要跳过证书校验;

Q3: no modules or inputs enabled and configuration reloading disabled. What files do you want me to watch?

报错信息

2025-01-04T10:03:18.517+0800	ERROR	instance/beat.go:1027	Exiting: no modules or inputs enabled and configuration reloading disabled. What files do you want me to watch?

错误原因

	未指定模块或者input类型,且热加载已经被禁用,导致无法采集数据。

解决方案

	- 1.指定input配置
	- 2.指定模块的相关配置

Q4: unknown multiline type: counter accessing

报错信息

2025-01-04T14:53:05.803+0800	ERROR	instance/beat.go:1027	Exiting: Failed to start crawler: starting input failed: error while initializing input: error while parsing multiline parser config: unknown multiline type: counter accessing 'filebeat.inputs.0.parsers.0.multiline.type' (source:'/etc/filebeat/config/09-multiple_line-filestream-to-es.yaml') accessing 'filebeat.inputs.0' (source:'/etc/filebeat/config/09-multiple_line-filestream-to-es.yaml')

错误原因

	未知的多行匹配类型(unknown multiline type),阅读官方文档解决问题。

解决方案

	https://www.elastic.co/guide/en/beats/filebeat/7.17/multiline-examples.html

Q5: Failed to start crawler: starting input failed: error while initializing input: error while parsing multiline parser config: multiline.count cannot be empty when count based aggregation is selected accessing 'filebeat.inputs.0.parsers.0.multiline'

报错信息

2025-01-04T15:01:34.828+0800	ERROR	instance/beat.go:1027	Exiting: Failed to start crawler: starting input failed: error while initializing input: error while parsing multiline parser config: multiline.count cannot be empty when count based aggregation is selected accessing 'filebeat.inputs.0.parsers.0.multiline' (source:'/etc/filebeat/config/09-multiple_line-filestream-to-es.yaml') accessing 'filebeat.inputs.0' (source:'/etc/filebeat/config/09-multiple_line-filestream-to-es.yaml')

错误原因

	配置参数有问题,官网的按行统计应该是以count_lines进行赋值。

解决方案

	使用count_lines来进行赋值。

Q6: more than one namespace configured accessing 'output'

报错信息

[root@elk92 ~]# filebeat -e -c /etc/filebeat/config/11-tomcat_accesslog-to-es.yaml 
Exiting: error unpacking config data: more than one namespace configured accessing 'output' (source:'/etc/filebeat/config/11-tomcat_accesslog-to-es.yaml')
[root@elk92 ~]#

错误原因

	配置多个输出源,filebeat不支持多个输出源,但是Logstash支持。

解决方案

	检查配置文件。观察是否配置了多个输出源。

Q7: failed to load template: couldn't load template:

报错信息

2025-01-04T16:42:00.957+0800	ERROR	[publisher_pipeline_output]	pipeline/output.go:154	Failed to connect to backoff(elasticsearch(http://10.0.0.92:9200)): Connection marked as failed because the onConnect callback failed: error loading template: failed to load template: couldn't load template: 400 Bad Request: {"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"index template [yinzhengjie-linux95] has index patterns [yinzhengjie-linux95*] matching patterns from existing templates [yinzhengjie-linux95-modules-nginx,yinzhengjie-linux95-multipleline-count,yinzhengjie-linux95-multipleline-pattern,yinzhengjie-linux95-xixi] with patterns (yinzhengjie-linux95-modules-nginx => [yinzhengjie-linux95-modules-nginx*],yinzhengjie-linux95-multipleline-count => [yinzhengjie-linux95-multipleline-count*],yinzhengjie-linux95-multipleline-pattern => [yinzhengjie-linux95-multipleline-pattern*],yinzhengjie-linux95-xixi => [yinzhengjie-linux95-xixi*]) that have the same priority [150], multiple index templates may not match during index creation, please use a different priority"}],"type":"illegal_argument_exception","reason":"index template [yinzhengjie-linux95] has index patterns [yinzhengjie-linux95*] matching patterns 
...

错误原因

	现有的索引模板和已有的索引模板冲突导致无法创建。

解决方案

	- 修改配置文件和现有的索引模板不冲突即可。
	- 删除已经存在的索引模板。

Q8: Exiting: data path already locked by another beat. Please make sure that multiple beats are not sharing the same data path (path.data).

报错信息

2025-01-06T11:03:57.035+0800	ERROR	instance/beat.go:1027	Exiting: data path already locked by another beat. Please make sure that multiple beats are not sharing the same data path (path.data).
Exiting: data path already locked by another beat. Please make sure that multiple beats are not sharing the same data path (path.data)

错误原因

	filebeat实例无法共享同一个数据目录。这类服务我们称之为有状态服务,比如MySQL。

解决方案

	如果确认要启动多个filebeat实例,则需要为每个实例指定不同的数据路径,使用"--path.data"选项即可。

Q9: Exiting: Failed to start crawler: starting input failed: error while initializing input: no path is configured accessing 'filebeat.inputs.0'

报错信息

2025-01-06T11:24:09.797+0800	ERROR	instance/beat.go:1027	Exiting: Failed to start crawler: starting input failed: error while initializing input: no path is configured accessing 'filebeat.inputs.0' (source:'/etc/filebeat/config/15-apps-to-logstash.yaml')
Exiting: Failed to start crawler: starting input failed: error while initializing input: no path is configured accessing 'filebeat.inputs.0' (source:'/etc/filebeat/config/15-apps-to-logstash.yaml')

错误原因

	一般情况下都是配置文件出错,检测配置文件,关于path相关的参数。

解决方案

	检查配置文件是否正确。

Q10: Failed to connect to backoff(async(tcp://10.0.0.93:5044)): dial tcp 10.0.0.93:5044: connect: connection refused

报错信息

2025-01-06T11:30:24.179+0800	ERROR	[publisher_pipeline_output]	pipeline/output.go:154	Failed to connect to backoff(async(tcp://10.0.0.93:5044)): dial tcp 10.0.0.93:5044: connect: connection refused

错误原因

	filebeat连接Logstash失败。

解决方案

	检查Logstash服务是否启动。

Q11: Logstash could not be started because there is already another instance using the configured data director

报错信息

[FATAL] 2025-01-06 09:11:46.513 [LogStash::Runner] runner - Logstash could not be started because there is already another instance using the configured data directory.  If you wish to run multiple instances, you must change the "path.data" setting.

错误原因

	多个Logstash实例占用同一个数据目录。

解决方案

	各个Logstash实例使用不同的数据目录。

Q12: Error: Address already in use

报错信息

[ERROR] 2025-01-06 09:15:35.789 [[main]<beats] javapipeline - A plugin had an unrecoverable error. Will restart this plugin.
  Pipeline_id:main
  Plugin: <LogStash::Inputs::Beats port=>5044, id=>"701e40e5e41cba5f558f588a161dd50cb14a580419f9ee9c9cbfb36c07b6fc79", enable_metric=>true, codec=><LogStash::Codecs::Plain id=>"plain_2f9d459f-36fe-4ff1-ae70-ff4c4637fc75", enable_metric=>true, charset=>"UTF-8">, host=>"0.0.0.0", ssl=>false, add_hostname=>false, ssl_verify_mode=>"none", ssl_peer_metadata=>false, include_codec_tag=>true, ssl_handshake_timeout=>10000, tls_min_version=>1, tls_max_version=>1.2, cipher_suites=>["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"], client_inactivity_timeout=>60, executor_threads=>2>
  Error: Address already in use
  Exception: Java::JavaNet::BindException

错误原因

	端口冲突。

解决方案

	修改端口范围即可。

Q13: Failed to read pipelines yaml file. Location: /usr/share/logstash/config/pipelines.yml

报错信息

ERROR: Failed to read pipelines yaml file. Location: /usr/share/logstash/config/pipelines.yml

错误原因

	logstash加载"pipelines.yml"出错,系统的路径缺失文件。

解决方案

	创建符号连接即可。

Q14: Exception in thread "main" java.lang.OutOfMemoryError: Java heap space

报错信息

java.lang.OutOfMemoryError: Java heap space
Dumping heap to java_pid2617.hprof ...
Heap dump file created [2312685 bytes in 0.009 secs]
Error: A JNI error has occurred, please check your installation and try again
Exception in thread "main" java.lang.OutOfMemoryError: Java heap space

错误原因

	堆内存不足导致的错误。

解决方案

	调大堆内存大小。

Q15: java.nio.file.AccessDeniedException: /etc/elasticsearch/elastic-certificates.p12

报错信息

Jan 07 16:05:07 elk92 systemd-entrypoint[19605]: Likely root cause: java.nio.file.AccessDeniedException: /etc/elasticsearch/elastic-certificates.p12
Jan 07 16:05:07 elk92 systemd-entrypoint[19605]:         at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90)
Jan 07 16:05:07 elk92 systemd-entrypoint[19605]:         at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
Jan 07 16:05:07 elk92 systemd-entrypoint[19605]:         at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
...

错误原因

	无权限访问/etc/elasticsearch/elastic-certificates.p12文件。

解决方案

	修改对应文件的读取权限。

Q16: missing authentication credentials for REST request ...

报错信息

[root@elk91 ~]# curl 10.0.0.91:9200/_cat/nodes?v
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/_cat/nodes?v]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/_cat/nodes?v]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}[root@elk91 ~]# 
[root@elk91 ~]#

错误原因

	请求访问认证失败。

解决方案

	访问集群是携带证书或者密码。

Q17: "statusCode":503,"error":"Service Unavailable","message":"License is not available."

报错信息

{"statusCode":503,"error":"Service Unavailable","message":"License is not available."}

错误原因

	Kibana无法连接ES集群。

解决方案

	此时ES集群加密,需要修改kibana的配置文件指定认证信息后才能正常访问。

Q18: Kibana server is not ready yet

报错信息

Kibana server is not ready yet

错误原因

	Kibana服务未准备就绪,需要等待一段时间kibana启动完成。

解决方案

	等待kibana启动成功即可。

Q19: ERROR: Failed to verify bootstrap password

报错信息

[root@elk91 ~]# /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto

Failed to authenticate user 'elastic' against http://10.0.0.91:9200/_security/_authenticate?pretty
Possible causes include:
 * The password for the 'elastic' user has already been changed on this cluster
 * Your elasticsearch node is running against a different keystore
   This tool used the keystore at /etc/elasticsearch/elasticsearch.keystore


ERROR: Failed to verify bootstrap password
[root@elk91 ~]#

错误原因

	ES集群已经做过加密认证了,无法再次加密认证。

解决方案

	- 针对ES7而言,做如下操作:
		1.创建一个超级管理员角色
[root@elk93 ~]# /usr/share/elasticsearch/bin/elasticsearch-users useradd yinzhengjie -p 123456 -r superuser
[root@elk93 ~]# 
 
		2.基于超级管理员角色修改elastic管理员密码
[root@elk93 ~]# curl -s --user yinzhengjie:123456 -XPUT "http://localhost:9200/_xpack/security/user/elastic/_password?pretty" -H 'Content-Type: application/json' -d'
     {
       "password" : "456789"
     }'
	  
		3.使用elastic新密码登录
[root@elk93 ~]# curl 10.0.0.91:9200/_cat/nodes -u elastic:456789
10.0.0.91 82 89 3 0.03 0.09 0.17 cdfhilmrstw * elk91
10.0.0.92 70 86 1 0.07 0.07 0.12 cdfhilmrstw - elk92
10.0.0.93 64 74 3 0.15 0.21 0.21 cdfhilmrstw - elk93
[root@elk93 ~]# 



	- 针对ES8+版本可以直接使用"elasticsearch-reset-password"脚本来重置密码ES7并不支持此脚本

Q20: java.nio.file.AccessDeniedException: /etc/elasticsearch/elasticsearch.keystore.tmp

报错信息

Jan 07 16:49:16 elk92 systemd-entrypoint[21793]: Likely root cause: java.nio.file.AccessDeniedException: /etc/elasticsearch/elasticsearch.keystore.tmp

错误原因

	可能是缺失/etc/elasticsearch/elasticsearch.keystore文件导致的。

解决方案

	将文件拷贝归来。

Q21: ERROR: User [yinzhengjie] already exists

报错信息

[root@elk93 ~]# /usr/share/elasticsearch/bin/elasticsearch-users useradd yinzhengjie -p 123456 -r superuser

ERROR: User [yinzhengjie] already exists
[root@elk93 ~]#

错误原因

	用户已经存在导致的问题。

解决方案

	换个用户创建或者直接使用该用户即可。

Q22: Failed to connect to backoff(elasticsearch(http://10.0.0.91:9200)): 401 Unauthorized:

报错信息

2025-01-07T17:33:20.732+0800	ERROR	[publisher_pipeline_output]	pipeline/output.go:154	Failed to connect to backoff(elasticsearch(http://10.0.0.91:9200)): 401 Unauthorized: {"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}

错误原因

	filebeat连接ES集群失败,认证失败。

解决方案

	连接ES集群时使用认证信息。

Q23: Got response code '401' contacting Elasticsearch at URL 'http://10.0.0.92:9200/'

报错信息

[WARN ] 2025-01-07 09:39:20.359 [Ruby-0-Thread-9: :1] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error {:url=>"http://10.0.0.92:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'http://10.0.0.92:9200/'"}

错误原因

	LogStash连接ES集群失败,认证失败。

解决方案

	连接ES集群时使用认证信息。

Q24: (TypeError) could not coerce Integer to class java.lang.String",

报错信息

[ERROR] 2025-01-07 09:42:51.384 [Converge PipelineAction::Create<main>] agent - Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"Java::JavaLang::IllegalStateException", :message=>"Unable to configure plugins: (TypeError) could not coerce Integer to class java.lang.String", :backtrace=>["org.logstash.config.ir.CompiledPipeline.<init>(CompiledPipeline.java:120)", "org.logstash.execution.JavaBasePipelineExt.initialize(JavaBasePipelineExt.java:86)", "org.logstash.execution.JavaBasePipelineExt$INVOKER$i$1$0$initialize.call(JavaBasePipelineExt$INVOKER$i$1$0$initialize.gen)", "org.jruby.internal.runtime.methods.JavaMethod$JavaMethodN.call(JavaMethod.java:837)", "org.jruby.ir.runtime.IRRuntimeHelpers.instanceSuper(IRRuntimeHelpers.java:1169)", "org.jruby.ir.runtime.IRRuntimeHelpers.instanceSuperSplatArgs(IRRuntimeHelpers.java:1156)", "org.jruby.ir.targets.InstanceSuperInvokeSite.invoke(InstanceSuperInvokeSite.java:39)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.RUBY$method$initialize$0(/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:48)", "org.jruby.internal.runtime.methods.CompiledIRMethod.call(CompiledIRMethod.java:80)", "org.jruby.internal.runtime.methods.MixedModeIRMethod.call(MixedModeIRMethod.java:70)", "org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:333)", "org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:87)", "org.jruby.RubyClass.newInstance(RubyClass.java:939)", "org.jruby.RubyClass$INVOKER$i$newInstance.call(RubyClass$INVOKER$i$newInstance.gen)", "org.jruby.ir.targets.InvokeSite.invoke(InvokeSite.java:207)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline_action.create.RUBY$method$execute$0(/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:52)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline_action.create.RUBY$method$execute$0$__VARARGS__(/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:50)", "org.jruby.internal.runtime.methods.CompiledIRMethod.call(CompiledIRMethod.java:80)", "org.jruby.internal.runtime.methods.MixedModeIRMethod.call(MixedModeIRMethod.java:70)", "org.jruby.ir.targets.InvokeSite.invoke(InvokeSite.java:207)", "usr.share.logstash.logstash_minus_core.lib.logstash.agent.RUBY$block$converge_state$2(/usr/share/logstash/logstash-core/lib/logstash/agent.rb:392)", "org.jruby.runtime.CompiledIRBlockBody.callDirect(CompiledIRBlockBody.java:138)", "org.jruby.runtime.IRBlockBody.call(IRBlockBody.java:58)", "org.jruby.runtime.IRBlockBody.call(IRBlockBody.java:52)", "org.jruby.runtime.Block.call(Block.java:139)", "org.jruby.RubyProc.call(RubyProc.java:318)", "org.jruby.internal.runtime.RubyRunnable.run(RubyRunnable.java:105)", "java.base/java.lang.Thread.run(Thread.java:829)"]}
warning: thread "Converge PipelineAction::Create<main>" terminated with exception (report_on_exception is true):
LogStash::Error: Don't know how to handle `Java::JavaLang::IllegalStateException` for `PipelineAction::Create<main>`
          create at org/logstash/execution/ConvergeResultExt.java:135
             add at org/logstash/execution/ConvergeResultExt.java:60
  converge_state at /usr/share/logstash/logstash-core/lib/logstash/agent.rb:405
...

错误原因

	LogStash的参数应该是一个string类型,但实际给的是一个Integer类型。

解决方案

	将Integer类型的值加一个双引号就可以转换为字符串类型。

Q25: "object mapping for [host] tried to parse field [host] as object, but found a concrete value"

报错信息

[WARN ] 2025-01-07 09:49:05.795 [[main]>worker0] elasticsearch - Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"yinzhengjie-linux95-es-logstash-tls", :routing=>nil}, {"@timestamp"=>2025-01-07T09:49:04.772Z, "message"=>"22222222222222222", "@version"=>"1", "host"=>"10.0.0.91", "port"=>39290}], :response=>{"index"=>{"_index"=>"yinzhengjie-linux95-es-logstash-tls", "_type"=>"_doc", "_id"=>"VH0qQJQBE2DPAnYt-Qg9", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"object mapping for [host] tried to parse field [host] as object, but found a concrete value"}}}}

错误原因

	ES集群目前的host字段数据索引存在解析问题,目标是object对象,而写入的是字符串。

解决方案

	- 1.修改es的host字段的类型和现在写入的数据类型匹配;
	- 2.删除es的host字段类型;
	- 3.也可以Logstash修改索引的名称,不要和现有的索引或者索引模板冲突即可;

Q26: Incorrect HTTP method for uri ... and method [DELETE], allowed: [POST]

报错信息

{
  "error" : "Incorrect HTTP method for uri [/yinzhengjie-linux95-elfk-logstash-xixi/VLuRQ5QByTxJbnJSZk-R?pretty=true] and method [DELETE], allowed: [POST]",
  "status" : 405
}

错误原因

	对于当前的URI不支持DELETE请求方法。

解决方案

	- 1.检查uri是否些错误,更正即可;
	- 2.如果uri没有写错,则就是请求方法写错了;

Q27: action [indices:data/write/delete] is unauthorized for user [liuyuhang] with roles [dev], this action is granted by the index privileges [delete,write,all]

报错信息

{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "action [indices:data/write/delete] is unauthorized for user [liuyuhang] with roles [dev], this action is granted by the index privileges [delete,write,all]"
      }
    ],
    "type" : "security_exception",
    "reason" : "action [indices:data/write/delete] is unauthorized for user [liuyuhang] with roles [dev], this action is granted by the index privileges [delete,write,all]"
  },
  "status" : 403
}

错误原因

	当前用户无权限删除数据。

解决方案

	要么修改权限,权限的粒度大小从小到大分别为: delete,write,all

Q28: Error: JAVA_HOME is not set and java could not be found in PATH.

报错信息

[root@elk91 ~]# zkServer.sh start
Error: JAVA_HOME is not set and java could not be found in PATH.
[root@elk91 ~]#

错误原因

	zookeeper依赖JDK环境,因此需要配置JAVA环境变量。

解决方案

	配置JDK环境变量即可,可以使用ES的JDK来配置。

Q29: grep: /yinzhengjie/softwares/apache-zookeeper-3.8.4-bin/bin/../conf/zoo.cfg: No such file or directory

报错信息

[root@elk91 ~]# zkServer.sh start
ZooKeeper JMX enabled by default
Using config: /yinzhengjie/softwares/apache-zookeeper-3.8.4-bin/bin/../conf/zoo.cfg
grep: /yinzhengjie/softwares/apache-zookeeper-3.8.4-bin/bin/../conf/zoo.cfg: No such file or directory
grep: /yinzhengjie/softwares/apache-zookeeper-3.8.4-bin/bin/../conf/zoo.cfg: No such file or directory
mkdir: cannot create directory ‘’: No such file or directory
Starting zookeeper ... STARTED
[root@elk91 ~]#

错误原因

	缺少"/yinzhengjie/softwares/apache-zookeeper-3.8.4-bin/bin/../conf/zoo.cfg"配置文件。

解决方案

	自行创建zoo.cfg配置文件即可。

Q30: Node does not exist: /yinzhengjie/linux95

报错信息

[zk: 10.0.0.92(CONNECTED) 12] create /yinzhengjie/linux95 jiaoshi07
Node does not exist: /yinzhengjie/linux95
[zk: 10.0.0.92(CONNECTED) 13]

错误原因

	ZooKeeper node不存在导致的错误,请检查上及zookeeper node是否存在。

解决方案

	检查zookeeper node上及目录是否存在,若不存在则创建即可。

Q31: Path must not end with / character

报错信息

[zk: 10.0.0.92(CONNECTED) 14] create /yinzhengjie/
Path must not end with / character
[zk: 10.0.0.92(CONNECTED) 15]

错误原因

	创建ZooKeeper node时不允许以"/"结尾。

解决方案

	删除zookeeper node的"/"字符即可。

Q32: Cannot load configuration class: com.yasenagat.zkweb.ZkWebSpringBootApplication

报错信息

[2025-01-08 06:35:07 ERROR main  SpringApplication.java:842] o.s.boot.SpringApplication --> Application run failed
java.lang.IllegalStateException: Cannot load configuration class: com.yasenagat.zkweb.ZkWebSpringBootApplication

错误原因

	JDK版本兼容性问题,建议使用jdk8。

解决方案

	降低jdk版本。

Q33: java.net.UnknownHostException: elk92

报错信息

[2025-01-08 07:17:41,942] WARN [Controller id=91, targetBrokerId=92] Error connecting to node elk92:9092 (id: 92 rack: null) (org.apache.kafka.clients.NetworkClient)
java.net.UnknownHostException: elk92

错误原因

	kafka默认会监听宿主机的主机名,但是主机名没有配置解析,导致的问题。

解决方案

	- 1.添加hosts解析;
		- /etc/hosts
	- 2.指定监听的地址;
		- listeners=PLAINTEXT://10.0.0.91:9092

Q34: Timed out waiting for a node assignment. Call: listTopics

报错信息

[root@elk91 ~]# kafka-topics.sh --bootstrap-server 10.0.0.92:9092 --list
Error while executing topic command : Timed out waiting for a node assignment. Call: listTopics
[2025-01-08 07:18:00,392] ERROR org.apache.kafka.common.errors.TimeoutException: Timed out waiting for a node assignment. Call: listTopics
 (org.apache.kafka.tools.TopicCommand)
[root@elk91 ~]#

错误原因

	连接kafka集群超时。

解决方案

	检查kafka集群是否正常工作,比如配置文件,日志是否有错误等。

Q35: kafka.zookeeper.ZooKeeperClientTimeoutException: Timed out waiting for connection while in state: CONNECTING

报错信息

[2025-01-08 10:46:57,113] ERROR Exiting Kafka due to fatal exception during startup. (kafka.Kafka$)
kafka.zookeeper.ZooKeeperClientTimeoutException: Timed out waiting for connection while in state: CONNECTING
	at kafka.zookeeper.ZooKeeperClient.waitUntilConnected(ZooKeeperClient.scala:257)
	at kafka.zookeeper.ZooKeeperClient.<init>(ZooKeeperClient.scala:115)
	at kafka.zk.KafkaZkClient$.apply(KafkaZkClient.scala:2317)
	at kafka.zk.KafkaZkClient$.apply(KafkaZkClient.scala:2304)
	at kafka.zk.KafkaZkClient$.createZkClient(KafkaZkClient.scala:2407)
	at kafka.server.KafkaServer.initZkClient(KafkaServer.scala:754)
	at kafka.server.KafkaServer.startup(KafkaServer.scala:231)
	at kafka.Kafka$.main(Kafka.scala:112)
	at kafka.Kafka.main(Kafka.scala)

错误原因

	kafka连接zookeeper集群超时。

解决方案

	- 1.检查zookeeper集群是否正常;
	- 2.检查kafka的配置"zookeeper.connect"选项是否指向正确的zookeeper集群;

Q36: Topic 'yinzhengjie-linux95' already exists.

报错信息

[root@elk91 ~]# kafka-topics.sh --bootstrap-server 10.0.0.92:9092 --topic yinzhengjie-linux95 --create --partitions 3 --replication-factor 2
Error while executing topic command : Topic 'yinzhengjie-linux95' already exists.
[2025-01-08 11:20:33,451] ERROR org.apache.kafka.common.errors.TopicExistsException: Topic 'yinzhengjie-linux95' already exists.
 (org.apache.kafka.tools.TopicCommand)
[root@elk91 ~]#

错误原因

	创建的topic名称已经存在。

解决方案

	- 1.更换topic的名称创建即可;
	- 2.删除已经存在的topic,而后重新创建即可;

Q37: Topic currently has 5 partitions, which is higher than the requested 2.

报错信息

[root@elk91 ~]# kafka-topics.sh --bootstrap-server 10.0.0.92:9092 --topic yinzhengjie-xixi --partitions 2 --alter
Error while executing topic command : Topic currently has 5 partitions, which is higher than the requested 2.
[2025-01-08 11:29:40,615] ERROR org.apache.kafka.common.errors.InvalidPartitionsException: Topic currently has 5 partitions, which is higher than the requested 2.
 (org.apache.kafka.tools.TopicCommand)
[root@elk91 ~]#

错误原因

	创建的topic名称已经存在。

解决方案

	无法解决,官方设计的分区数只能增大不能调小。

Q38: Option "[replication-factor]" can't be used with option "[alter]"

报错信息

[root@elk91 ~]# kafka-topics.sh --bootstrap-server 10.0.0.92:9092 --topic yinzhengjie-xixi --replication-factor 3  --partitions 7 --alter
Option "[replication-factor]" can't be used with option "[alter]"
Option                                   Description                            
------                                   -----------                            
--alter                                  Alter the number of partitions and     
                                           replica assignment. Update the       
                                           configuration of an existing topic   
                                           via --alter is no longer supported   
                                           here (the kafka-configs CLI supports 
                                           altering topic configs with a --     
                                           bootstrap-server option).            
--at-min-isr-partitions                  if set when describing topics, only    
                                           show partitions whose isr count is   
                                           equal to the configured minimum.     

...

错误原因

	replication-factor不能和alter结合使用。

解决方案

	如果想要修改分区数的副本,则需要使用专门的脚本操作。
	
	推荐阅读:
		https://www.cnblogs.com/yinzhengjie/p/9808125.html

Q39: Missing required argument "[partitions]"

报错信息

[root@elk91 ~]# kafka-topics.sh --bootstrap-server 10.0.0.92:9092 --topic yinzhengjie-xixi --replication-factor 3 --alter
Missing required argument "[partitions]"
...

错误原因

	脚本缺少"--partitions"选项。

解决方案

	修改分区时要指定partitions相关选项。

Q40: Command must include exactly one action: --list, --describe, --delete, --reset-offsets, --delete-offsets

报错信息

[root@elk91 ~]# kafka-consumer-groups.sh  --bootstrap-server 10.0.0.92:9092 
Command must include exactly one action: --list, --describe, --delete, --reset-offsets, --delete-offsets

错误原因

	命令行必须包含任意一个参数: --list, --describe, --delete, --reset-offsets, --delete-offsets

解决方案

	检查命令是否缺失--list, --describe, --delete, --reset-offsets, --delete-offsets相关参数。

Q41: Unknown setting 'redis-host' for redis

报错信息

[ERROR] 2025-01-09 03:36:38.053 [Converge PipelineAction::Create<main>] redis - Unknown setting 'redis-host' for redis
[ERROR] 2025-01-09 03:36:38.061 [Converge PipelineAction::Create<main>] agent - Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"Java::JavaLang::IllegalStateException", :message=>"Unable to configure plugins: (ConfigurationError) Something is wrong with your configuration.", :backtrace=>["org.logstash.config.ir.CompiledPipeline.<init>(CompiledPipeline.java:120)", "org.logstash.execution.JavaBasePipelineExt.initialize(JavaBasePipelineExt.java:86)", "org.logstash.execution.JavaBasePipelineExt$INVOKER$i$1$0$initialize.call(JavaBasePipelineExt$INVOKER$i$1$0$initialize.gen)", "org.jruby.internal.runtime.methods.JavaMethod$JavaMethodN.call(JavaMethod.java:837)", "org.jruby.ir.runtime.IRRuntimeHelpers.instanceSuper(IRRuntimeHelpers.java:1169)", "org.jruby.ir.runtime.IRRuntimeHelpers.instanceSuperSplatArgs(IRRuntimeHelpers.java:1156)", "org.jruby.ir.targets.InstanceSuperInvokeSite.invoke(InstanceSuperInvokeSite.java:39)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.RUBY$method$initialize$0(/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:48)", "org.jruby.internal.runtime.methods.CompiledIRMethod.call(CompiledIRMethod.java:80)", "org.jruby.internal.runtime.methods.MixedModeIRMethod.call(MixedModeIRMethod.java:70)", "org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:333)", "org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:87)", "org.jruby.RubyClass.newInstance(RubyClass.java:939)", "org.jruby.RubyClass$INVOKER$i$newInstance.call(RubyClass$INVOKER$i$newInstance.gen)", "org.jruby.ir.targets.InvokeSite.invoke(InvokeSite.java:207)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline_action.create.RUBY$method$execute$0(/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:52)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline_action.create.RUBY$method$execute$0$__VARARGS__(/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:50)", "org.jruby.internal.runtime.methods.CompiledIRMethod.call(CompiledIRMethod.java:80)", "org.jruby.internal.runtime.methods.MixedModeIRMethod.call(MixedModeIRMethod.java:70)", "org.jruby.ir.targets.InvokeSite.invoke(InvokeSite.java:207)", "usr.share.logstash.logstash_minus_core.lib.logstash.agent.RUBY$block$converge_state$2(/usr/share/logstash/logstash-core/lib/logstash/agent.rb:392)", "org.jruby.runtime.CompiledIRBlockBody.callDirect(CompiledIRBlockBody.java:138)", "org.jruby.runtime.IRBlockBody.call(IRBlockBody.java:58)", "org.jruby.runtime.IRBlockBody.call(IRBlockBody.java:52)", "org.jruby.runtime.Block.call(Block.java:139)", "org.jruby.RubyProc.call(RubyProc.java:318)", "org.jruby.internal.runtime.RubyRunnable.run(RubyRunnable.java:105)", "java.base/java.lang.Thread.run(Thread.java:1570)"]}
warning: thread "Converge PipelineAction::Create<main>" terminated with exception (report_on_exception is true):
LogStash::Error: Don't know how to handle `Java::JavaLang::IllegalStateException` for `PipelineAction::Create<main>`
          create at org/logstash/execution/ConvergeResultExt.java:135
             add at org/logstash/execution/ConvergeResultExt.java:60
  converge_state at /usr/share/logstash/logstash-core/lib/logstash/agent.rb:405
[ERROR] 2025-01-09 03:36:38.065 [Agent thread] agent - An exception happened when converging configuration {:exception=>LogStash::Error, :message=>"Don't know how to handle `Java::JavaLang::IllegalStateException` for `PipelineAction::Create<main>`"}

错误原因

	配置文件出错,出现了'redis-host'参数不识别。

解决方案

	检查配置文件,可以结合官方文档来修改。

Q42: Using api_key authentication requires SSL/TLS secured communication using the ssl => true option

报错信息

[ERROR] 2025-01-09 07:05:33.512 [[main]-pipeline-manager] javapipeline - Pipeline error {:pipeline_id=>"main", :exception=>#<LogStash::ConfigurationError: Using api_key authentication requires SSL/TLS secured communication using the `ssl => true` option>, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.4.2-java/lib/logstash/plugin_mixins/elasticsearch/common.rb:48:in `validate_authentication'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.4.2-java/lib/logstash/plugin_mixins/elasticsearch/common.rb:26:in `build_client'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.4.2-java/lib/logstash/outputs/elasticsearch.rb:279:in `register'", "org/logstash/config/ir/compiler/OutputStrategyExt.java:131:in `register'", "org/logstash/config/ir/compiler/AbstractOutputDelegatorExt.java:68:in `register'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:233:in `block in register_plugins'", "org/jruby/RubyArray.java:1821:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:232:in `register_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:598:in `maybe_setup_out_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:245:in `start_workers'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:190:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:142:in `block in start'"], "pipeline.sources"=>["/etc/logstash/conf.d/14-tcp-to-es_apikey.conf"], :thread=>"#<Thread:0xac0c737 run>"}

错误原因

	如果启用了api-key,Logstash要求ssl的值必须为true

解决方案

	配置是将ssl的值显式设置为true,意思是ES集群必须为加密为https格式。
posted @   尹正杰  阅读(83)  评论(0编辑  收藏  举报
相关博文:
·  Prometheus常见30+报错指南
·  Nacos的应用案例实战
·  Elastic (ELK) Stack产品部署
·  ELK 日志分析系统的部署
·  Elasticsearch,Logstash和Kibana安装部署(ELK Stack)
阅读排行:
· 震惊!C++程序真的从main开始吗?99%的程序员都答错了
· 单元测试从入门到精通
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理
· 上周热点回顾(3.3-3.9)
· winform 绘制太阳,地球,月球 运作规律
历史上的今天:
2019-11-18 Linux操作系统的计划任务
2019-11-18 Linux操作系统的进程管理和作业管理
2019-11-18 Linux操作系统的进程管理
2017-11-18 MySQL简单查询详解-单表查询
2017-11-18 libvirt工具实现虚拟机管理
2016-11-18 HTML&CSS基础-html常用的标签
点击右上角即可分享
微信分享提示
AI IDE Trae