在配置ELK环境时,我们经常会遇到一些错误,下面对工作中遇到的常见错误做个总结:


出现:Kibana server is not ready yet


请参考以下几点信息逐一排查:

1、KB、ES版本不一致(网上大部分都是这么说的)

解决方法:把KB和ES版本调整为统一版本


2、kibana.yml中配置有问题(通过查看日志,发现了Error: No Living connections的问题)

解决方法:将配置文件kibana.yml中的elasticsearch.url改为正确的链接,默认为: http://elasticsearch:9200

改为:http://ES服务器IP:9200


3、浏览器没有缓过来

解决方法:刷新几次浏览器。


4、查看kibana日志是否有:[warning][migrations] Another Kibana instance appears to be migrating the index. Waiting for that migration to complete. If no other Kibana instance is attempting migrations, you can get past this message by deleting index .kibana_1 and restarting Kibana.

解决方法:curl -X DELETE http://ES服务器IP:9200/.kibana_1


5、[warning][admin][elasticsearch] No living connections

解决方法:

检查ES服务是否工作正常,检查方法执行:curl http://ES服务器IP:9200

查看kibana配置文件kibana.yml中配置的ES服务器地址是否正确


6、Unable to find driver class via URLClassLoader in given driver jars: com.mysql.jdbc.Driver and com.

解决方法:

将mysql connector驱动器,即mysql-connector-java-5.1.4x-bin.jar拷贝到 logstash目录\logstash-core\lib\jars下,重启服务问题即可解决


7、使用nohup启动报错: Bad file descriptor - Bad file descriptor

出现此错误是因为logstash在同步数据时出错了,可以直接在前台运行logstash来输出所有日志查看详情。

解决方法:

在nohup启动命令后加: > /dev/null 2>&1 &


8、解决logstash使用jdbc导入mysql中的数据到elasticsearch,tinyint(1)类型被转成布尔型的问题:

错误提示1:[2020-11-06T13:37:02,666][WARN ][logstash.outputs.elasticsearch][main] Could not index event to Elasticsearch. {:status=>400, :action=>["update", {:_id=>"415", :_index=>"qom_items", :_type=>"_doc", :routing=>nil, :retry_on_conflict=>1}, #<LogStash::Event:0x52c4d1e2>], :response=>{"update"=>{"_index"=>"qom_items", "_type"=>"_doc", "_id"=>"415", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse field [itmtp] of type [integer] in document with id '415'. Preview of field's value: 'true'", "caused_by"=>{"type"=>"json_parse_exception", "reason"=>"Current token (VALUE_TRUE) not numeric, can not use numeric value accessors\n at [Source: org.elasticsearch.common.bytes.BytesReference$MarkSupportingStreamInputWrapper@5891ac1f; line: 1, column: 40]"}}}}}


错误提示2:[WARN ][logstash.outputs.elasticsearch][main] Could not index event to Elasticsearch. {:status=>400, :action=>["update", {:_id=>"311", :_index=>"qom_items", :_type=>"_doc", :routing=>nil, :retry_on_conflict=>1}, #<LogStash::Event:0x12c985dc>], :response=>{"update"=>{"_index"=>"qom_items", "_type"=>"_doc", "_id"=>"311", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse field [delfg] of type [boolean] in document with id '311'. Preview of field's value: '0'", "caused_by"=>{"type"=>"json_parse_exception", "reason"=>"Current token (VALUE_NUMBER_INT) not of boolean type\n at [Source: org.elasticsearch.common.bytes.BytesReference$MarkSupportingStreamInputWrapper@4ac971e8; line: 1, column: 1313]"}}}}}


解决方法:

方法1:修改数据库表结构tinyint(1)为tinyint(n)n>=2(此方案在系统上线的情况下基本会被否定)

方法2:在JDBC连接字符串后面加上:tinyInt1isBit=false(测试不能解决所有问题)

示例:jdbc_connection_string => "jdbc:mysql://172.16.16.251:3306/my_db?tinyInt1isBit=false"

方法3:在查询SQL语句中使用字段名*1 AS 字段名,强制转换为数值。

方法4:使用logstash的mapping模版强制类型转换。

使用上述方法logstash向ES导入数据仍然报错的情况下,可以删除对应ES中的索引,然后尝试重建索引。