はじめに
手っ取り早くテスト用のElasticsearch, Kibana環境を構築しようと思ったときにコンテナ版があったのでそちらを試してみました。
とりあえずLinux上で起動するところまで確認した時の作業ログです。
(手っ取り早く...と思ったのですがPodmanを使ったせいか実際には色々と手間取りました。)
環境情報
以下の環境を使用します。(クラウド上のIaaS)
REHL V8.5
Podman V3.4.2
Elasticsearch/Kibana V8.0
※テスト環境のためElasticsearchはシングル・ノード構成
参考情報
以下の記事をベースに進めます。
Running the Elastic Stack ("ELK") on Docker
このドキュメントではDockerを使う手順になっていますが、今回構築する環境がRHELなのでここではRHELと相性のよいPodmanを使用します。
Podmanのコマンドリファレンスはこちら
Podman commands
ちなみに、コンテナ版のELKとしては以下のようなものも提供されています。こちらは1つのイメージの中にElasticsearch, Logstash, Kibanaが含まれていて扱いやすいのですが、2022年2月時点ではまだV7.xまでしか提供されていません。
elk-docker
最新版である必要はなかったのですが、新しいバージョン使ってみたかったので今回は先に示した方を使っています(そちらはEalasticsearch, Kibanaそれぞれ別のイメージで提供される)。
環境構築
Podmanインストール
yumでPodmanのパッケージをインストールします。
[TOMOTAG@ISEI20220214-2245-natural-2 ~]$ sudo yum install podman
...
バージョン確認
[TOMOTAG@ISEI20220214-2245-natural-2 ~]$ sudo podman version
Version: 3.4.2
API Version: 3.4.2
Go Version: go1.16.7
Built: Thu Jan 13 19:15:49 2022
OS/Arch: linux/amd64
※rootで扱う場合は/var/lib/containers以下にイメージやコンテナ情報が配置されることになる
テスト用にbusybox動かしてみます。
busyboxのイメージをpull
[TOMOTAG@ISEI20220214-2245-natural-2 ~]$ sudo podman pull busybox
Resolved "busybox" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob 009932687766 done
Copying config ec3f0931a6 done
Writing manifest to image destination
Storing signatures
ec3f0931a6e6b6855d76b2d7b0be30e81860baccd891b2e243280bf1cd8ad710
[TOMOTAG@ISEI20220214-2245-natural-2 ~]$ sudo podman image ls -a
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest ec3f0931a6e6 2 weeks ago 1.46 MB
busyboxのコンテナ起動
[TOMOTAG@ISEI20220214-2245-natural-2 ~]$ sudo podman run -it --rm busybox sh
/ # exit
OKぽいです。
管理用ユーザー作成
Elasticsearch/Kibana管理用のユーザーとして`elkusr01'を作成し、以降基本的にはこのユーザーで操作します。
[TOMOTAG@ISEI20220214-2245-natural-2 ~]$ sudo useradd elkusr01
[TOMOTAG@ISEI20220214-2245-natural-2 ~]$ sudo passwd elkusr01
ユーザー elkusr01 のパスワードを変更。
新しいパスワード:
新しいパスワードを再入力してください:
passwd: すべての認証トークンが正しく更新できました。
※このユーザーでPodman操作を行う場合は、ホームディレクトリ下の ~/.local/share/containers/以下にイメージ等が管理されることになります
Elasticsearch/Kiabana構成
先のドキュメントの手順に従って実施します。
Elasticsearchイメージのpull
[elkusr01@ISEI20220214-2245-natural-2 ~]$ podman pull docker.elastic.co/elasticsearch/elasticsearch:8.0.0
Trying to pull docker.elastic.co/elasticsearch/elasticsearch:8.0.0...
Getting image source signatures
Copying blob 5a1f83eba229 done
Copying blob 4fb807caa40a done
Copying blob 239bfee9d5a6 done
Copying blob 23719abad09c done
Copying blob a0b868ce44e0 done
Copying blob fe259c2cfb37 done
Copying blob d79c49847382 done
Copying blob 1b3b32eb35fb done
Copying blob 54022fd7ed62 done
Copying blob 1a692ef55082 done
Copying config fef75c4283 done
Writing manifest to image destination
Storing signatures
fef75c42834fe3e0ddec4be2a6f929bbe5b1d7a8d41230c05e1485545f8d9433
Kibanaイメージのpull
[elkusr01@ISEI20220214-2245-natural-2 ~]$ podman pull docker.elastic.co/kibana/kibana:8.0.0
Trying to pull docker.elastic.co/kibana/kibana:8.0.0...
Getting image source signatures
Copying blob 4fb807caa40a skipped: already exists
Copying blob ee292ea0b2d8 done
Copying blob 18fb5f40ceeb done
Copying blob 79b3fffe2055 done
Copying blob 37f4ca134c19 done
Copying blob 2f2233f5ff7b done
Copying blob 8224d44a5740 done
Copying blob a241ecc5341c done
Copying blob bba8d08541d3 done
Copying blob 50fc71ef13f7 done
Copying blob 5839a33ca898 done
Copying blob 3e99639131bd done
Copying blob 1a033a4304dc done
Copying config b752a78319 done
Writing manifest to image destination
Storing signatures
b752a783190b8b4cfb543a1af83c86944b62662558c9e2f16611989e1314a73c
"vm.max_map_count"の設定
試行錯誤している最初の段階ですが、Elasticsearch起動時に以下のようなエラーで失敗しました。
エラー時のElasticsearch起動ログ
※この時はsudoでroot権限で実行してました
[TOMOTAG@ISEI20220214-2245-natural-2 ~]$ sudo podman run --name es01 --net elastic -p 9200:9200 -it docker.elastic.co/elasticsearch/elasticsearch:8.0.0
{"@timestamp":"2022-02-25T12:19:42.905Z", "log.level": "INFO", "message":"version[8.0.0], pid[7], build[default/docker/1b6a7ece17463df5ff54a3e1302d825889aa1161/2022-02-03T16:47:57.507843096Z], OS[Linux/4.18.0-348.12.2.el8_5.x86_64/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/17.0.1/17.0.1+12]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:42.929Z", "log.level": "INFO", "message":"JVM home [/usr/share/elasticsearch/jdk], using bundled JDK [true]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:42.929Z", "log.level": "INFO", "message":"JVM arguments [-Xshare:auto, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -Djava.security.manager=allow, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j2.formatMsgNoLookups=true, -Djava.locale.providers=SPI,COMPAT, --add-opens=java.base/java.io=ALL-UNNAMED, -XX:+UseG1GC, -Djava.io.tmpdir=/tmp/elasticsearch-12732126488124304066, -XX:+HeapDumpOnOutOfMemoryError, -XX:+ExitOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Des.cgroups.hierarchy.override=/, -Xms3971m, -Xmx3971m, -XX:MaxDirectMemorySize=2082471936, -XX:G1HeapRegionSize=4m, -XX:InitiatingHeapOccupancyPercent=30, -XX:G1ReservePercent=15, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/usr/share/elasticsearch/config, -Des.distribution.flavor=default, -Des.distribution.type=docker, -Des.bundled_jdk=true]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:46.711Z", "log.level": "WARN", "message":"SLF4J: Failed to load class \"org.slf4j.impl.StaticLoggerBinder\".", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"stderr","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:46.713Z", "log.level": "WARN", "message":"SLF4J: Defaulting to no-operation (NOP) logger implementation", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"stderr","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:46.714Z", "log.level": "WARN", "message":"SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"stderr","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.843Z", "log.level": "INFO", "message":"loaded module [aggs-matrix-stats]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.843Z", "log.level": "INFO", "message":"loaded module [analysis-common]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.844Z", "log.level": "INFO", "message":"loaded module [constant-keyword]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.844Z", "log.level": "INFO", "message":"loaded module [frozen-indices]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.844Z", "log.level": "INFO", "message":"loaded module [ingest-common]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.845Z", "log.level": "INFO", "message":"loaded module [ingest-geoip]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.845Z", "log.level": "INFO", "message":"loaded module [ingest-user-agent]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.845Z", "log.level": "INFO", "message":"loaded module [kibana]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.845Z", "log.level": "INFO", "message":"loaded module [lang-expression]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.846Z", "log.level": "INFO", "message":"loaded module [lang-mustache]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.846Z", "log.level": "INFO", "message":"loaded module [lang-painless]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.846Z", "log.level": "INFO", "message":"loaded module [legacy-geo]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.846Z", "log.level": "INFO", "message":"loaded module [mapper-extras]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.847Z", "log.level": "INFO", "message":"loaded module [mapper-version]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.847Z", "log.level": "INFO", "message":"loaded module [parent-join]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.847Z", "log.level": "INFO", "message":"loaded module [percolator]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.848Z", "log.level": "INFO", "message":"loaded module [rank-eval]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.848Z", "log.level": "INFO", "message":"loaded module [reindex]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.848Z", "log.level": "INFO", "message":"loaded module [repositories-metering-api]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.848Z", "log.level": "INFO", "message":"loaded module [repository-azure]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.849Z", "log.level": "INFO", "message":"loaded module [repository-encrypted]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.849Z", "log.level": "INFO", "message":"loaded module [repository-gcs]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.849Z", "log.level": "INFO", "message":"loaded module [repository-s3]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.850Z", "log.level": "INFO", "message":"loaded module [repository-url]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.850Z", "log.level": "INFO", "message":"loaded module [runtime-fields-common]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.850Z", "log.level": "INFO", "message":"loaded module [search-business-rules]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.850Z", "log.level": "INFO", "message":"loaded module [searchable-snapshots]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.851Z", "log.level": "INFO", "message":"loaded module [snapshot-based-recoveries]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.851Z", "log.level": "INFO", "message":"loaded module [snapshot-repo-test-kit]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.851Z", "log.level": "INFO", "message":"loaded module [spatial]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.852Z", "log.level": "INFO", "message":"loaded module [transform]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.853Z", "log.level": "INFO", "message":"loaded module [transport-netty4]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.853Z", "log.level": "INFO", "message":"loaded module [unsigned-long]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.853Z", "log.level": "INFO", "message":"loaded module [vector-tile]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.853Z", "log.level": "INFO", "message":"loaded module [vectors]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.854Z", "log.level": "INFO", "message":"loaded module [wildcard]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.854Z", "log.level": "INFO", "message":"loaded module [x-pack-aggregate-metric]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.854Z", "log.level": "INFO", "message":"loaded module [x-pack-analytics]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.854Z", "log.level": "INFO", "message":"loaded module [x-pack-async]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.855Z", "log.level": "INFO", "message":"loaded module [x-pack-async-search]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.855Z", "log.level": "INFO", "message":"loaded module [x-pack-autoscaling]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.855Z", "log.level": "INFO", "message":"loaded module [x-pack-ccr]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.855Z", "log.level": "INFO", "message":"loaded module [x-pack-core]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.856Z", "log.level": "INFO", "message":"loaded module [x-pack-data-streams]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.856Z", "log.level": "INFO", "message":"loaded module [x-pack-deprecation]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.856Z", "log.level": "INFO", "message":"loaded module [x-pack-enrich]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.856Z", "log.level": "INFO", "message":"loaded module [x-pack-eql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.857Z", "log.level": "INFO", "message":"loaded module [x-pack-fleet]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.857Z", "log.level": "INFO", "message":"loaded module [x-pack-graph]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.857Z", "log.level": "INFO", "message":"loaded module [x-pack-identity-provider]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.857Z", "log.level": "INFO", "message":"loaded module [x-pack-ilm]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.858Z", "log.level": "INFO", "message":"loaded module [x-pack-logstash]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.858Z", "log.level": "INFO", "message":"loaded module [x-pack-ml]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.858Z", "log.level": "INFO", "message":"loaded module [x-pack-monitoring]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.858Z", "log.level": "INFO", "message":"loaded module [x-pack-ql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.859Z", "log.level": "INFO", "message":"loaded module [x-pack-rollup]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.859Z", "log.level": "INFO", "message":"loaded module [x-pack-security]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.859Z", "log.level": "INFO", "message":"loaded module [x-pack-shutdown]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.859Z", "log.level": "INFO", "message":"loaded module [x-pack-sql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.860Z", "log.level": "INFO", "message":"loaded module [x-pack-stack]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.860Z", "log.level": "INFO", "message":"loaded module [x-pack-text-structure]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.860Z", "log.level": "INFO", "message":"loaded module [x-pack-voting-only-node]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.861Z", "log.level": "INFO", "message":"loaded module [x-pack-watcher]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.861Z", "log.level": "INFO", "message":"no plugins loaded", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.932Z", "log.level": "INFO", "message":"using [1] data paths, mounts [[/ (overlay)]], net usable_space [457.8gb], net total_space [491.1gb], types [overlay]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.env.NodeEnvironment","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.933Z", "log.level": "INFO", "message":"heap size [3.8gb], compressed ordinary object pointers [true]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.env.NodeEnvironment","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:48.963Z", "log.level": "INFO", "message":"node name [46a240dfb819], node ID [ZqlMpYVpRtS2vJm1Anx9VQ], cluster name [docker-cluster], roles [ingest, data_frozen, ml, data_hot, transform, data_content, data_warm, master, remote_cluster_client, data, data_cold]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:57.659Z", "log.level": "INFO", "message":"[controller/308] [Main.cc@123] controller (64 bit): Version 8.0.0 (Build 5e85495ea85316) Copyright (c) 2022 Elasticsearch BV", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"ml-cpp-log-tail-thread","log.logger":"org.elasticsearch.xpack.ml.process.logging.CppLogMessageHandler","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:57.955Z", "log.level": "INFO", "message":"Security is enabled", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.security.Security","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:58.428Z", "log.level": "INFO", "message":"license mode is [trial], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.security.authc.Realms","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:19:58.445Z", "log.level": "INFO", "message":"parsed [0] roles from file [/usr/share/elasticsearch/config/roles.yml]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.security.authz.store.FileRolesStore","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:20:00.932Z", "log.level": "INFO", "message":"creating NettyAllocator with the following configs: [name=elasticsearch_configured, chunk_size=1mb, suggested_max_allocation_size=1mb, factors={es.unsafe.use_netty_default_chunk_and_page_size=false, g1gc_enabled=true, g1gc_region_size=4mb}]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.transport.netty4.NettyAllocator","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:20:01.039Z", "log.level": "INFO", "message":"using discovery type [zen] and seed hosts providers [settings]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.discovery.DiscoveryModule","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:20:02.924Z", "log.level": "INFO", "message":"initialized", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:20:02.925Z", "log.level": "INFO", "message":"starting ...", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:20:02.984Z", "log.level": "INFO", "message":"persistent cache index loaded", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.searchablesnapshots.cache.full.PersistentCache","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:20:02.986Z", "log.level": "INFO", "message":"deprecation component started", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.deprecation.logging.DeprecationIndexingComponent","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:20:03.239Z", "log.level": "INFO", "message":"publish_address {10.89.0.2:9300}, bound_addresses {[::]:9300}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.transport.TransportService","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:20:03.439Z", "log.level": "INFO", "message":"bound or publishing to a non-loopback address, enforcing bootstrap checks", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.bootstrap.BootstrapChecks","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
ERROR: [1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch.
bootstrap check failure [1] of [1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
ERROR: Elasticsearch did not exit normally - check the logs at /usr/share/elasticsearch/logs/docker-cluster.log
{"@timestamp":"2022-02-25T12:20:03.501Z", "log.level": "INFO", "message":"stopping ...", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"Thread-2","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:20:03.702Z", "log.level": "INFO", "message":"stopped", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"Thread-2","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:20:03.703Z", "log.level": "INFO", "message":"closing ...", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"Thread-2","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:20:03.752Z", "log.level": "INFO", "message":"closed", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"Thread-2","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-25T12:20:03.756Z", "log.level": "INFO", "message":"Native controller process has stopped - no new native processes can be started", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"ml-cpp-log-tail-thread","log.logger":"org.elasticsearch.xpack.ml.process.NativeController","elasticsearch.node.name":"46a240dfb819","elasticsearch.cluster.name":"docker-cluster"}
以下のようなエラーが出力されていました。
ERROR: [1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch.
bootstrap check failure [1] of [1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
ERROR: Elasticsearch did not exit normally - check the logs at /usr/share/elasticsearch/logs/docker-cluster.log
OSのメモリ関連のパラメーターvm.max_map_countの設定値が低いということで怒られています。
vm.max_map_count
Defines the maximum number of memory map areas that a process can use. The default value is 65530. Increase this value if your application needs more memory map areas.
デフォルト値の65530のままになっていてそれだと足りないようです。262144以上必要ということなので変更します。
※ここはroot権限で実行します。
/etc/sysctl.confを編集して、以下の最終行を追記します。
/etc/sysctl.conf
net.ipv4.tcp_syncookies=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.conf.all.accept_redirects=0
net.ipv4.conf.all.send_redirects = 0
vm.max_map_count=262144
変更を反映させます。
[TOMOTAG@ISEI20220214-2245-natural-2 ~]$ sudo sysctl -p
net.ipv4.tcp_syncookies = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
vm.max_map_count = 262144
確認
[TOMOTAG@ISEI20220214-2245-natural-2 ~]$ sudo cat /proc/sys/vm/max_map_count
262144
コンテナ・ネットワークの作成
※ここではサブネットを明示的に指定してネットワークを作成します(後続ステップのコンテナ作成時にIPアドレスを明示指定するため)。
[elkusr01@ISEI20220214-2245-natural-2 ~]$ podman network create --subnet 10.100.0.0/24 elastic
/mnt/elkusr01/.config/cni/net.d/elastic.conflist
[elkusr01@ISEI20220214-2245-natural-2 ~]$ podman network ls
NETWORK ID NAME VERSION PLUGINS
2f259bab93aa podman 0.4.0 bridge,portmap,firewall,tuning
986051385fea elastic 0.4.0 bridge,portmap,firewall,tuning
参考: Configuring container networking with Podman
※Podmanで動かす際にNetworkの所で詰まったのですが、以下の記事が非常に参考になりました。
参考: Podmanでの複数コンテナの連携方法 - Podman Network の作成と固定IPのコンテナ作成
Elasticsearchコンテナ作成/起動
※注意: 参考にしているドキュメントの記述にはありませんが、ここではElasticsearchのコンテナ作成時にIPアドレスを明示指定しています。Podmanを使っているせいかもしれませんが、コンテナ作成後に起動/停止を繰り返すとその都度割り当てられるIPアドレスが違ってしまい、Kibanaとの接続がうまくいきませんでした。そのため、先のネットワーク作成時にサブネットを指定し、コンテナ作成時にはIPアドレスを明示指定するようにしています。(Kibanaの構成時にElasticseachのIPアドレスが静的に設定されてしまうので)
コマンド: podman run --name es01 --net elastic --ip 10.100.0.10 -p 9200:9200 -it docker.elastic.co/elasticsearch/elasticsearch:8.0.0
参考: Elasticsearch起動ログ
[elkusr01@ISEI20220214-2245-natural-2 ~]$ podman run --name es01 --net elastic --ip 10.100.0.10 -p 9200:9200 -it docker.elastic.co/elasticsearch/elasticsearch:8.0.0
{"@timestamp":"2022-02-27T03:36:03.109Z", "log.level": "INFO", "message":"version[8.0.0], pid[7], build[default/docker/1b6a7ece17463df5ff54a3e1302d825889aa1161/2022-02-03T16:47:57.507843096Z], OS[Linux/4.18.0-348.12.2.el8_5.x86_64/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/17.0.1/17.0.1+12]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:03.117Z", "log.level": "INFO", "message":"JVM home [/usr/share/elasticsearch/jdk], using bundled JDK [true]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:03.117Z", "log.level": "INFO", "message":"JVM arguments [-Xshare:auto, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -Djava.security.manager=allow, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j2.formatMsgNoLookups=true, -Djava.locale.providers=SPI,COMPAT, --add-opens=java.base/java.io=ALL-UNNAMED, -XX:+UseG1GC, -Djava.io.tmpdir=/tmp/elasticsearch-13228629507283790034, -XX:+HeapDumpOnOutOfMemoryError, -XX:+ExitOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Des.cgroups.hierarchy.override=/, -Xms3971m, -Xmx3971m, -XX:MaxDirectMemorySize=2082471936, -XX:G1HeapRegionSize=4m, -XX:InitiatingHeapOccupancyPercent=30, -XX:G1ReservePercent=15, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/usr/share/elasticsearch/config, -Des.distribution.flavor=default, -Des.distribution.type=docker, -Des.bundled_jdk=true]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:06.168Z", "log.level": "WARN", "message":"SLF4J: Failed to load class \"org.slf4j.impl.StaticLoggerBinder\".", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"stderr","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:06.170Z", "log.level": "WARN", "message":"SLF4J: Defaulting to no-operation (NOP) logger implementation", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"stderr","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:06.171Z", "log.level": "WARN", "message":"SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"stderr","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.821Z", "log.level": "INFO", "message":"loaded module [aggs-matrix-stats]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.822Z", "log.level": "INFO", "message":"loaded module [analysis-common]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.822Z", "log.level": "INFO", "message":"loaded module [constant-keyword]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.822Z", "log.level": "INFO", "message":"loaded module [frozen-indices]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.823Z", "log.level": "INFO", "message":"loaded module [ingest-common]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.823Z", "log.level": "INFO", "message":"loaded module [ingest-geoip]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.823Z", "log.level": "INFO", "message":"loaded module [ingest-user-agent]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.824Z", "log.level": "INFO", "message":"loaded module [kibana]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.824Z", "log.level": "INFO", "message":"loaded module [lang-expression]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.824Z", "log.level": "INFO", "message":"loaded module [lang-mustache]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.824Z", "log.level": "INFO", "message":"loaded module [lang-painless]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.825Z", "log.level": "INFO", "message":"loaded module [legacy-geo]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.825Z", "log.level": "INFO", "message":"loaded module [mapper-extras]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.825Z", "log.level": "INFO", "message":"loaded module [mapper-version]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.825Z", "log.level": "INFO", "message":"loaded module [parent-join]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.826Z", "log.level": "INFO", "message":"loaded module [percolator]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.826Z", "log.level": "INFO", "message":"loaded module [rank-eval]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.826Z", "log.level": "INFO", "message":"loaded module [reindex]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.827Z", "log.level": "INFO", "message":"loaded module [repositories-metering-api]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.827Z", "log.level": "INFO", "message":"loaded module [repository-azure]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.827Z", "log.level": "INFO", "message":"loaded module [repository-encrypted]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.827Z", "log.level": "INFO", "message":"loaded module [repository-gcs]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.828Z", "log.level": "INFO", "message":"loaded module [repository-s3]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.828Z", "log.level": "INFO", "message":"loaded module [repository-url]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.828Z", "log.level": "INFO", "message":"loaded module [runtime-fields-common]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.829Z", "log.level": "INFO", "message":"loaded module [search-business-rules]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.829Z", "log.level": "INFO", "message":"loaded module [searchable-snapshots]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.829Z", "log.level": "INFO", "message":"loaded module [snapshot-based-recoveries]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.829Z", "log.level": "INFO", "message":"loaded module [snapshot-repo-test-kit]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.829Z", "log.level": "INFO", "message":"loaded module [spatial]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.829Z", "log.level": "INFO", "message":"loaded module [transform]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.830Z", "log.level": "INFO", "message":"loaded module [transport-netty4]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.830Z", "log.level": "INFO", "message":"loaded module [unsigned-long]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.830Z", "log.level": "INFO", "message":"loaded module [vector-tile]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.830Z", "log.level": "INFO", "message":"loaded module [vectors]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.831Z", "log.level": "INFO", "message":"loaded module [wildcard]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.831Z", "log.level": "INFO", "message":"loaded module [x-pack-aggregate-metric]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.831Z", "log.level": "INFO", "message":"loaded module [x-pack-analytics]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.831Z", "log.level": "INFO", "message":"loaded module [x-pack-async]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.832Z", "log.level": "INFO", "message":"loaded module [x-pack-async-search]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.832Z", "log.level": "INFO", "message":"loaded module [x-pack-autoscaling]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.832Z", "log.level": "INFO", "message":"loaded module [x-pack-ccr]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.833Z", "log.level": "INFO", "message":"loaded module [x-pack-core]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.833Z", "log.level": "INFO", "message":"loaded module [x-pack-data-streams]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.833Z", "log.level": "INFO", "message":"loaded module [x-pack-deprecation]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.834Z", "log.level": "INFO", "message":"loaded module [x-pack-enrich]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.834Z", "log.level": "INFO", "message":"loaded module [x-pack-eql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.834Z", "log.level": "INFO", "message":"loaded module [x-pack-fleet]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.834Z", "log.level": "INFO", "message":"loaded module [x-pack-graph]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.834Z", "log.level": "INFO", "message":"loaded module [x-pack-identity-provider]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.835Z", "log.level": "INFO", "message":"loaded module [x-pack-ilm]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.835Z", "log.level": "INFO", "message":"loaded module [x-pack-logstash]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.835Z", "log.level": "INFO", "message":"loaded module [x-pack-ml]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.835Z", "log.level": "INFO", "message":"loaded module [x-pack-monitoring]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.836Z", "log.level": "INFO", "message":"loaded module [x-pack-ql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.836Z", "log.level": "INFO", "message":"loaded module [x-pack-rollup]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.836Z", "log.level": "INFO", "message":"loaded module [x-pack-security]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.836Z", "log.level": "INFO", "message":"loaded module [x-pack-shutdown]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.837Z", "log.level": "INFO", "message":"loaded module [x-pack-sql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.837Z", "log.level": "INFO", "message":"loaded module [x-pack-stack]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.838Z", "log.level": "INFO", "message":"loaded module [x-pack-text-structure]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.838Z", "log.level": "INFO", "message":"loaded module [x-pack-voting-only-node]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.838Z", "log.level": "INFO", "message":"loaded module [x-pack-watcher]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.839Z", "log.level": "INFO", "message":"no plugins loaded", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.897Z", "log.level": "INFO", "message":"using [1] data paths, mounts [[/ (overlay)]], net usable_space [454.7gb], net total_space [491.1gb], types [overlay]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.env.NodeEnvironment","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.898Z", "log.level": "INFO", "message":"heap size [3.8gb], compressed ordinary object pointers [true]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.env.NodeEnvironment","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:07.932Z", "log.level": "INFO", "message":"node name [fa125dd49687], node ID [DQrTnk6sQMGK_2XKSomHsA], cluster name [docker-cluster], roles [transform, data_hot, ml, data_frozen, ingest, data_cold, data, remote_cluster_client, master, data_warm, data_content]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:16.469Z", "log.level": "INFO", "message":"[controller/305] [Main.cc@123] controller (64 bit): Version 8.0.0 (Build 5e85495ea85316) Copyright (c) 2022 Elasticsearch BV", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"ml-cpp-log-tail-thread","log.logger":"org.elasticsearch.xpack.ml.process.logging.CppLogMessageHandler","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:16.707Z", "log.level": "INFO", "message":"Security is enabled", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.security.Security","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:17.181Z", "log.level": "INFO", "message":"license mode is [trial], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.security.authc.Realms","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:17.192Z", "log.level": "INFO", "message":"parsed [0] roles from file [/usr/share/elasticsearch/config/roles.yml]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.security.authz.store.FileRolesStore","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:19.376Z", "log.level": "INFO", "message":"creating NettyAllocator with the following configs: [name=elasticsearch_configured, chunk_size=1mb, suggested_max_allocation_size=1mb, factors={es.unsafe.use_netty_default_chunk_and_page_size=false, g1gc_enabled=true, g1gc_region_size=4mb}]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.transport.netty4.NettyAllocator","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:19.480Z", "log.level": "INFO", "message":"using discovery type [zen] and seed hosts providers [settings]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.discovery.DiscoveryModule","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:21.214Z", "log.level": "INFO", "message":"initialized", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:21.214Z", "log.level": "INFO", "message":"starting ...", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:21.233Z", "log.level": "INFO", "message":"persistent cache index loaded", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.searchablesnapshots.cache.full.PersistentCache","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:21.234Z", "log.level": "INFO", "message":"deprecation component started", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.deprecation.logging.DeprecationIndexingComponent","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:21.356Z", "log.level": "INFO", "message":"publish_address {10.100.0.10:9300}, bound_addresses {[::]:9300}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.transport.TransportService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:21.488Z", "log.level": "INFO", "message":"bound or publishing to a non-loopback address, enforcing bootstrap checks", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.bootstrap.BootstrapChecks","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:21.501Z", "log.level": "INFO", "message":"setting initial configuration to VotingConfiguration{DQrTnk6sQMGK_2XKSomHsA}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.cluster.coordination.Coordinator","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:21.947Z", "log.level": "INFO", "message":"elected-as-master ([1] nodes joined)[{fa125dd49687}{DQrTnk6sQMGK_2XKSomHsA}{_uofzC5QR8y9CC9GsaKg3g}{10.100.0.10}{10.100.0.10:9300}{cdfhilmrstw} elect leader, _BECOME_MASTER_TASK_, _FINISH_ELECTION_], term: 1, version: 1, delta: master node changed {previous [], current [{fa125dd49687}{DQrTnk6sQMGK_2XKSomHsA}{_uofzC5QR8y9CC9GsaKg3g}{10.100.0.10}{10.100.0.10:9300}{cdfhilmrstw}]}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.MasterService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:22.160Z", "log.level": "INFO", "message":"cluster UUID set to [DM2isnPeSjKRfLOimcqTgQ]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][generic][T#4]","log.logger":"org.elasticsearch.cluster.coordination.CoordinationState","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:22.296Z", "log.level": "INFO", "message":"master node changed {previous [], current [{fa125dd49687}{DQrTnk6sQMGK_2XKSomHsA}{_uofzC5QR8y9CC9GsaKg3g}{10.100.0.10}{10.100.0.10:9300}{cdfhilmrstw}]}, term: 1, version: 1, reason: Publication{term=1, version=1}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.ClusterApplierService","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:22.414Z", "log.level": "INFO", "message":"publish_address {10.100.0.10:9200}, bound_addresses {[::]:9200}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.http.AbstractHttpServerTransport","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:22.415Z", "log.level": "INFO", "message":"started", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:22.702Z", "log.level": "INFO", "message":"recovered [0] indices into cluster_state", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.gateway.GatewayService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:23.011Z", "log.level": "INFO", "message":"adding template [.monitoring-alerts-7] for index patterns [.monitoring-alerts-7]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:23.127Z", "log.level": "INFO", "message":"adding template [.monitoring-logstash] for index patterns [.monitoring-logstash-7-*]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:23.204Z", "log.level": "INFO", "message":"adding template [.monitoring-kibana] for index patterns [.monitoring-kibana-7-*]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:23.298Z", "log.level": "INFO", "message":"adding template [.monitoring-beats] for index patterns [.monitoring-beats-7-*]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:23.377Z", "log.level": "INFO", "message":"adding template [.monitoring-es] for index patterns [.monitoring-es-7-*]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:23.526Z", "log.level": "INFO", "message":"adding index template [.monitoring-beats-mb] for index patterns [.monitoring-beats-8-*]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:23.602Z", "log.level": "INFO", "message":"adding index template [.monitoring-kibana-mb] for index patterns [.monitoring-kibana-8-*]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:23.700Z", "log.level": "INFO", "message":"adding index template [.monitoring-logstash-mb] for index patterns [.monitoring-logstash-8-*]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:23.965Z", "log.level": "INFO", "message":"adding index template [.monitoring-es-mb] for index patterns [.monitoring-es-8-*]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:24.122Z", "log.level": "INFO", "message":"adding index template [.ml-anomalies-] for index patterns [.ml-anomalies-*]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:24.204Z", "log.level": "INFO", "message":"adding index template [.ml-state] for index patterns [.ml-state*]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:24.280Z", "log.level": "INFO", "message":"adding component template [synthetics-mappings]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:24.342Z", "log.level": "INFO", "message":"adding component template [metrics-settings]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:24.411Z", "log.level": "INFO", "message":"adding component template [data-streams-mappings]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:24.474Z", "log.level": "INFO", "message":"adding component template [logs-settings]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:24.538Z", "log.level": "INFO", "message":"adding component template [metrics-mappings]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:24.600Z", "log.level": "INFO", "message":"adding component template [synthetics-settings]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:24.661Z", "log.level": "INFO", "message":"adding component template [logs-mappings]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:24.720Z", "log.level": "INFO", "message":"adding index template [.ml-notifications-000002] for index patterns [.ml-notifications-000002]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:24.776Z", "log.level": "INFO", "message":"adding index template [.ml-stats] for index patterns [.ml-stats-*]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:24.948Z", "log.level": "INFO", "message":"adding index template [ilm-history] for index patterns [ilm-history-5*]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:25.046Z", "log.level": "INFO", "message":"adding index template [.watch-history-16] for index patterns [.watcher-history-16*]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:25.134Z", "log.level": "INFO", "message":"adding index template [.slm-history] for index patterns [.slm-history-5*]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:25.199Z", "log.level": "INFO", "message":"adding component template [.deprecation-indexing-mappings]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:25.252Z", "log.level": "INFO", "message":"adding component template [.deprecation-indexing-settings]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:25.307Z", "log.level": "INFO", "message":"adding index template [metrics] for index patterns [metrics-*-*]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:25.369Z", "log.level": "INFO", "message":"adding index template [synthetics] for index patterns [synthetics-*-*]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:25.428Z", "log.level": "INFO", "message":"adding index template [logs] for index patterns [logs-*-*]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:25.488Z", "log.level": "INFO", "message":"adding index template [.deprecation-indexing-template] for index patterns [.logs-deprecation.*]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:25.542Z", "log.level": "INFO", "message":"adding index lifecycle policy [.monitoring-8-ilm-policy]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:25.616Z", "log.level": "INFO", "message":"adding index lifecycle policy [ml-size-based-ilm-policy]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:25.669Z", "log.level": "INFO", "message":"adding index lifecycle policy [metrics]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:25.718Z", "log.level": "INFO", "message":"adding index lifecycle policy [logs]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:25.775Z", "log.level": "INFO", "message":"adding index lifecycle policy [synthetics]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:25.826Z", "log.level": "INFO", "message":"adding index lifecycle policy [7-days-default]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:25.886Z", "log.level": "INFO", "message":"adding index lifecycle policy [30-days-default]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:25.936Z", "log.level": "INFO", "message":"adding index lifecycle policy [365-days-default]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:25.987Z", "log.level": "INFO", "message":"adding index lifecycle policy [90-days-default]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:26.057Z", "log.level": "INFO", "message":"adding index lifecycle policy [180-days-default]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:26.108Z", "log.level": "INFO", "message":"adding index lifecycle policy [watch-history-ilm-policy-16]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:26.158Z", "log.level": "INFO", "message":"adding index lifecycle policy [ilm-history-ilm-policy]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:26.203Z", "log.level": "INFO", "message":"adding index lifecycle policy [slm-history-ilm-policy]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:26.247Z", "log.level": "INFO", "message":"adding index lifecycle policy [.fleet-actions-results-ilm-policy]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:26.293Z", "log.level": "INFO", "message":"adding index lifecycle policy [.deprecation-indexing-ilm-policy]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:26.444Z", "log.level": "INFO", "message":"license [bf77bb6e-c0ed-49c9-9f25-6f9225872c95] mode [basic] - valid", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.license.LicenseService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:26.445Z", "log.level": "INFO", "message":"license mode is [basic], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.Realms","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:27.325Z", "log.level": "INFO", "message":"[.geoip_databases] creating index, cause [auto(bulk api)], templates [], shards [1]/[0]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataCreateIndexService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:27.587Z", "log.level": "INFO", "current.health":"GREEN","message":"Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.geoip_databases][0]]]).","previous.health":"YELLOW","reason":"shards started [[.geoip_databases][0]]" , "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:28.250Z", "log.level": "INFO", "message":"successfully downloaded geoip database [GeoLite2-ASN.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][generic][T#6]","log.logger":"org.elasticsearch.ingest.geoip.GeoIpDownloader","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:28.502Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-ASN.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][generic][T#1]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:30.677Z", "log.level": "INFO", "message":"successfully downloaded geoip database [GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][generic][T#6]","log.logger":"org.elasticsearch.ingest.geoip.GeoIpDownloader","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:31.091Z", "log.level": "INFO", "message":"successfully downloaded geoip database [GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][generic][T#6]","log.logger":"org.elasticsearch.ingest.geoip.GeoIpDownloader","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:31.205Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][generic][T#4]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:31.767Z", "log.level": "INFO", "message":"HTTPS has been configured with automatically generated certificates, and the CA's hex-encoded SHA-256 fingerprint is [b13d0a43a5e689f4b00fce8df417e0e383e5b9837ec2505ea1521f659a90d0b8]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][generic][T#9]","log.logger":"org.elasticsearch.xpack.security.InitialNodeSecurityAutoConfiguration","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:31.769Z", "log.level": "INFO", "message":"security index does not exist, creating [.security-7] with alias [.security]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][generic][T#9]","log.logger":"org.elasticsearch.xpack.security.support.SecurityIndexManager","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:31.812Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][generic][T#2]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:31.924Z", "log.level": "INFO", "message":"[.security-7] creating index, cause [api], templates [], shards [1]/[0]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataCreateIndexService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:31.946Z", "log.level": "INFO", "message":"security index does not exist, creating [.security-7] with alias [.security]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][security-crypto][T#1]","log.logger":"org.elasticsearch.xpack.security.support.SecurityIndexManager","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:31.949Z", "log.level": "INFO", "message":"security index does not exist, creating [.security-7] with alias [.security]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][security-crypto][T#2]","log.logger":"org.elasticsearch.xpack.security.support.SecurityIndexManager","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-02-27T03:36:32.029Z", "log.level": "INFO", "current.health":"GREEN","message":"Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.security-7][0]]]).","previous.health":"YELLOW","reason":"shards started [[.security-7][0]]" , "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[fa125dd49687][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"DM2isnPeSjKRfLOimcqTgQ","elasticsearch.node.id":"DQrTnk6sQMGK_2XKSomHsA","elasticsearch.node.name":"fa125dd49687","elasticsearch.cluster.name":"docker-cluster"}
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-> Elasticsearch security features have been automatically configured!
-> Authentication is enabled and cluster connections are encrypted.
-> Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):
5xxxxxxxxxxxxxxxxxxZ
-> HTTP CA certificate SHA-256 fingerprint:
bxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx8
-> Configure Kibana to use this cluster:
* Run Kibana and click the configuration link in the terminal when Kibana starts.
* Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):
eyxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxn0=
-> Configure other nodes to join this cluster:
* Copy the following enrollment token and start new Elasticsearch nodes with `bin/elasticsearch --enrollment-token <token>` (valid for the next 30 minutes):
eyxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxn0=
If you're running in Docker, copy the enrollment token and run:
`docker run -e "ENROLLMENT_TOKEN=<token>" docker.elastic.co/elasticsearch/elasticsearch:8.0.0`
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
起動メッセージの途中にパスワードやtokenの情報が出力されますので安全な所にメモっておきます。
(上の例では一部xxxxxというようにサニタイズしています)
Ctrl+P, Ctrl+Qでコンテナをバックグラウンドで稼働させたままコンソールを抜けます。
念のため指定したIPアドレスが割り振られているか確認します。
[elkusr01@ISEI20220214-2245-natural-2 ~]$ podman inspect es01 | grep IPAddress
"IPAddress": "",
"IPAddress": "10.100.0.10",
※このIPアドレスは内部ネットワークで使用されるものですので外部から接続する場合には特に意識はしなくてよいです。
CA証明書取得
コンテナ上に生成されるCA証明書をホスト上にコピーします。
証明書のパス確認
[elkusr01@ISEI20220214-2245-natural-2 ~]$ podman exec -it es01 /bin/bash -c "find /usr/share/elasticsearch -name http_ca.crt"
/usr/share/elasticsearch/config/certs/http_ca.crt
ホスト上にコピー
[elkusr01@ISEI20220214-2245-natural-2 ~]$ mkdir ElasticsearchCert
[elkusr01@ISEI20220214-2245-natural-2 ~]$ cd ElasticsearchCert/
[elkusr01@ISEI20220214-2245-natural-2 ~/ElasticsearchCert]$ podman cp es01:/usr/share/elasticsearch/config/certs/http_ca.crt .
[elkusr01@ISEI20220214-2245-natural-2 ~/ElasticsearchCert]$ ls -la
total 12
drwx------. 2 elkusr01 elkusr01 4096 Feb 27 12:38 .
drwx------. 6 elkusr01 elkusr01 4096 Feb 27 12:38 ..
-rw-rw----. 1 elkusr01 elkusr01 1915 Feb 27 12:35 http_ca.crt
Elasticsearchへの接続確認
curlを使ってElasticsearchに接続してみます。※パスワードはElasticsearch起動時に表示されたものを入力します。
[elkusr01@ISEI20220214-2245-natural-2 ~/ElasticsearchCert]$ curl --cacert http_ca.crt -u elastic https://localhost:9200
Enter host password for user 'elastic':
{
"name" : "fa125dd49687",
"cluster_name" : "docker-cluster",
"cluster_uuid" : "DM2isnPeSjKRfLOimcqTgQ",
"version" : {
"number" : "8.0.0",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "1b6a7ece17463df5ff54a3e1302d825889aa1161",
"build_date" : "2022-02-03T16:47:57.507843096Z",
"build_snapshot" : false,
"lucene_version" : "9.0.0",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
上のようにElasticsearchから情報が返されたので接続はOKそうです。
Kibanaコンテナ作成/起動
※こちらもIPアドレス明示指定でコンテナ作成します。
コマンド: podman run --name kibana --net elastic --ip 10.100.0.20 -p 5601:5601 docker.elastic.co/kibana/kibana:8.0.0
[elkusr01@ISEI20220214-2245-natural-2 ~]$ podman run --name kibana --net elastic --ip 10.100.0.20 -p 5601:5601 docker.elastic.co/kibana/kibana:8.0.0
[2022-02-27T03:41:01.652+00:00][INFO ][plugins-service] Plugin "metricsEntities" is disabled.
[2022-02-27T03:41:01.783+00:00][INFO ][http.server.Preboot] http server running at http://0.0.0.0:5601
[2022-02-27T03:41:01.838+00:00][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup]
[2022-02-27T03:41:01.841+00:00][INFO ][preboot] "interactiveSetup" plugin is holding setup: Validating Elasticsearch connection configuration…
[2022-02-27T03:41:01.885+00:00][INFO ][root] Holding setup until preboot stage is completed.
i Kibana has not been configured.
Go to http://0.0.0.0:5601/?code=139832 to get started.
※コンテナから抜けずにコンソールはそのままにしておきます。
別のウィンドウから念のため指定したIPアドレスが割り振られているか確認します。
[elkusr01@ISEI20220214-2245-natural-2 ~]$ podman inspect kibana | grep IPAddress
"IPAddress": "",
"IPAddress": "10.100.0.20",
Kibana構成
ブラウザからKibanaにアクセスします。
Elasticsearch起動時ログに出力されていた、-> Configure Kibana to use this cluster:以下に示されているtokenをコピペして"configure Elastic"ボタンをクリック
※token入力すると、その下にアクセス先のElasticsearchのアドレスが表示されます。つまりこのtokenに宛先情報が埋め込まれてるっぽいです。
以下のような画面が表示されます。
ここで、Kibanaコンテナのコンソールに戻ってみると、以下の様な出力がされています。(※xxx xxxは6桁の数字)
Your verification code is: xxx xxx
ここに示されている数字をブラウザの画面に入力してVerifyをクリック
セットアップが進みます。
セットアップが完了するとログイン画面が表示されるので、Elasticsearch起動時に表示さたユーザーelasticとパスワードでログインします。
Explore on my ownをクリック
ホーム画面が表示されました。
これで基本的な構成はできたはず。
起動/停止
起動/停止は以下のように実施可能
起動:
[elkusr01@ISEI20220214-2245-natural-2 ~]$ podman start es01
es01
[elkusr01@ISEI20220214-2245-natural-2 ~]$ podman start kibana
kibana
[elkusr01@ISEI20220214-2245-natural-2 ~]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fa125dd49687 docker.elastic.co/elasticsearch/elasticsearch:8.0.0 eswrapper 17 minutes ago Up 2 minutes ago 0.0.0.0:9200->9200/tcp es01
d06c050d2983 docker.elastic.co/kibana/kibana:8.0.0 /usr/local/bin/ki... 12 minutes ago Up About a minute ago 0.0.0.0:5601->5601/tcp kibana
停止:
[elkusr01@ISEI20220214-2245-natural-2 ~]$ podman stop kibana
kibana
[elkusr01@ISEI20220214-2245-natural-2 ~]$ podman stop es01
es01
[elkusr01@ISEI20220214-2245-natural-2 ~]$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fa125dd49687 docker.elastic.co/elasticsearch/elasticsearch:8.0.0 eswrapper 18 minutes ago Exited (143) 3 seconds ago 0.0.0.0:9200->9200/tcp es01
d06c050d2983 docker.elastic.co/kibana/kibana:8.0.0 /usr/local/bin/ki... 13 minutes ago Exited (0) 11 seconds ago 0.0.0.0:5601->5601/tcp kibana