elk-docker
elk-docker copied to clipboard
spujadas
ELK fails to start on MAC M1
Hi Not able to start the service on Mac OSX M1, getting this error:
Couldn't start Elasticsearch. Exiting. elk_1 | Elasticsearch log follows below. elk_1 | [2022-04-26T13:11:01,933][WARN ][o.e.b.JNANatives ] [elk] unable to install syscall filter: elk_1 | java.lang.UnsupportedOperationException: seccomp unavailable: CONFIG_SECCOMP not compiled into kernel, CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed
Looking it up we probably need to disable this:
bootstrap.system_call_filter
Can someone please guide to where / how this can be changed?
tried building an image from this project, adding this line to the elasticsearch.yml but then i got a failure of a different kind:
elk_1 | qemu-x86_64: Could not open '/lib64/ld-linux-x86-64.so.2': No such file or directory
elk_1 | ...fail!
Couldn't start Elasticsearch. Exiting.
elk_1 | Elasticsearch log follows below.
elk_1 | cat: /var/log/elasticsearch/elasticsearch.log: No such file or directory
Also getting this as an issue with a Mac M1. Currently on macOS 12.4. But this specific issue seems to be a duplicate of: https://github.com/spujadas/elk-docker/issues/357
Also getting this as an issue with a Mac M1. Currently on macOS 12.4. But this specific issue seems to be a duplicate of: #357
I'm getting the same issue. That issue you referenced looks different to me.
@jgreffe Hey! Did you find the solution? I got the same issue (obviously)
I ended up doing similar to what was done on this post to get it all working on my M1:
https://blog.devgenius.io/elastic-search-8-2-3-kibana-enterprise-search-developer-env-setup-notes-docker-only-6c39e7520f80
I had same issue with syscall filter.
I was able to run elk stack on M1 using docker with images from this repo. Here's my solution based on docs from https://elk-docker.readthedocs.io/#building-image-arm64 with my extra steps:
- Pull phusion/baseimage:master-arm64 (because
docker buildthrown errors)docker pull phusion/baseimage:master-arm64 - Build with command from docs (with added tag)
docker build --build-arg IMAGE=master-arm64 --build-arg ARCH=aarch64 . -t m1/elk - Run:
docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -p 7777:7777/udp -v $PWD/.docker/elk/udp.conf:/etc/logstash/conf.d/99-input-udp.conf -e MAX_MAP_COUNT=262144 -it --name distnode-elk m1/elk
Here's also ma config (udp.conf)
input {
udp {
id => "nodejs_udp_logs"
port => 7777
codec => json
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
document_type => "nodelog"
manage_template => false
index => "nodejs-%{+YYYY.MM.dd}"
}
}
I had same issue with syscall filter.
I was able to run elk stack on M1 using docker with images from this repo. Here's my solution based on docs from https://elk-docker.readthedocs.io/#building-image-arm64 with my extra steps:
- Pull phusion/baseimage:master-arm64 (because
docker buildthrown errors)docker pull phusion/baseimage:master-arm64- Build with command from docs (with added tag)
docker build --build-arg IMAGE=master-arm64 --build-arg ARCH=aarch64 . -t m1/elk- Run:
docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -p 7777:7777/udp -v $PWD/.docker/elk/udp.conf:/etc/logstash/conf.d/99-input-udp.conf -e MAX_MAP_COUNT=262144 -it --name distnode-elk m1/elkHere's also ma config (udp.conf)
input { udp { id => "nodejs_udp_logs" port => 7777 codec => json } } output { elasticsearch { hosts => ["localhost:9200"] document_type => "nodelog" manage_template => false index => "nodejs-%{+YYYY.MM.dd}" } }
but I meet something diffrence. the image master-arm64 is no found. so I change to phusion/baseimage:focal-1.2.0.
Operation Steps :
Pull arm64 paltform image: docker pull --platform=linux/arm64 phusion/baseimage:focal-1.2.0
Build with local image focal-1.2.0: docker build --build-arg IMAGE=focal-1.2.0 --build-arg ARCH=aarch64 . -t sebp/elk-arm64
Run: sudo docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -it --name arm64-elk sebp/elk-arm64
