- Configuration Parsing Error in elasticsearch.yml
Error:
Exception in thread "main" SettingsException[Failed to load settings from [elasticsearch.yml]]; nested: ElasticsearchParseException[malformed, expected settings to start with 'object', instead was [VALUE_STRING]]
Cause: Incorrect YAML syntax – a space between key and value is mandatory.
Solution:
# Wrong
node.name ="node"
# Correct
node.name: "node"
Note the colon and space after node.name.
- Running Elasticsearch as Root User
Error:
org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
Cause: Security restriction – Elasticsearch refuses to start under the root account.
Solution: Create a dedicated user and group, assign ownership, then start as that user.
# Create group and user
groupadd esgroup
useradd esuser -g esgroup -p changeme
# Change ownership of the Elasticsearch directory
chown -R esuser:esgroup /opt/elasticsearch-6.3.0
# Switch to the new user and start
su esuser
/opt/elasticsearch-6.3.0/bin/elasticsearch
- Insufficient Memory for JVM Heap
Warning:
OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x0000000085330000, 2060255232, 0) failed; error='Cannot allocate memory' (errno=12)
Cause: The JVM heap size exceeds available system memory.
Solution: Reduce heap size in jvm.options.
# File: /opt/elasticsearch-6.3.0/config/jvm.options
-Xms512m
-Xmx512m
Set both -Xms and -Xmx to the same value (e.g., 512 MB) and ensure it fits within your system memory.
- System Resource Limits Exceeded
Error:
ERROR: [3] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
[2]: max number of threads [3802] for user [esuser] is too low, increase to at least [4096]
[3]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
Cause: Linux limits on file descritpors, threads, and virtual memory areas are too restrictive for Elasticsearch.
Solution:
- Edit
/etc/security/limits.confas root:
esuser hard nofile 65536
esuser soft nofile 65536
* soft nproc 4096
* hard nproc 4096
- Edit
/etc/sysctl.conf(append the line):
vm.max_map_count = 655360
Apply the change with sysctl -p, then restart Elasticsearch as esuser.
- Node Lock Acquisition Failure
Error:
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to obtain node locks, tried [[/opt/elasticsearch-6.3.0/data/elasticsearch]] with lock id [0]; maybe these locations are not writable or multiple nodes were started without increasing [node.max_local_storage_nodes] (was [1])?
Cause: Another Elasticsearch process is still running and holds the lock on the data directory, or the directory lacks write permissions.
Solution: Kill any existing Elasticsearch process and restart.
# Find Elasticsearch processes
ps aux | grep elastic
# If found, kill them (use appropriate PID)
kill -9 <PID>
# Restart as the dedicated user
su esuser
/opt/elasticsearch-6.3.0/bin/elasticsearch
Ensure the data directory is writable by esuser.