Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ELK fails to start on MAC M1 #367

Open
syberkitten opened this issue Apr 26, 2022 · 8 comments
Open

ELK fails to start on MAC M1 #367

syberkitten opened this issue Apr 26, 2022 · 8 comments

Comments

@syberkitten
Copy link

Hi
Not able to start the service on Mac OSX M1, getting this error:

Couldn't start Elasticsearch. Exiting.
elk_1 | Elasticsearch log follows below.
elk_1 | [2022-04-26T13:11:01,933][WARN ][o.e.b.JNANatives ] [elk] unable to install syscall filter:
elk_1 | java.lang.UnsupportedOperationException: seccomp unavailable: CONFIG_SECCOMP not compiled into kernel, CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed

Looking it up we probably need to disable this:

bootstrap.system_call_filter

Can someone please guide to where / how this can be changed?
@syberkitten
Copy link
Author

syberkitten commented Apr 26, 2022
edited

tried building an image from this project, adding this line to the elasticsearch.yml
but then i got a failure of a different kind:

elk_1       | qemu-x86_64: Could not open '/lib64/ld-linux-x86-64.so.2': No such file or directory
elk_1       |    ...fail!


 Couldn't start Elasticsearch. Exiting.
elk_1       | Elasticsearch log follows below.
elk_1       | cat: /var/log/elasticsearch/elasticsearch.log: No such file or directory

@BonesyWonesy
Copy link

Also getting this as an issue with a Mac M1. Currently on macOS 12.4. But this specific issue seems to be a duplicate of: #357

@lylek
Copy link

lylek commented Sep 2, 2022

Also getting this as an issue with a Mac M1. Currently on macOS 12.4. But this specific issue seems to be a duplicate of: #357

I'm getting the same issue. That issue you referenced looks different to me.

@jgreffe
Copy link

jgreffe commented Oct 6, 2022

@syberkitten : did you resolve this issue? Having the same error :/

@maxonfjvipon
Copy link

maxonfjvipon commented Nov 2, 2022
edited

@jgreffe Hey! Did you find the solution? I got the same issue (obviously)

@BonesyWonesy
Copy link

I ended up doing similar to what was done on this post to get it all working on my M1:

https://blog.devgenius.io/elastic-search-8-2-3-kibana-enterprise-search-developer-env-setup-notes-docker-only-6c39e7520f80

@Talar1997
Copy link

I had same issue with syscall filter.

I was able to run elk stack on M1 using docker with images from this repo. Here's my solution based on docs from https://elk-docker.readthedocs.io/#building-image-arm64 with my extra steps:

  1. Pull phusion/baseimage:master-arm64 (because docker build thrown errors) docker pull phusion/baseimage:master-arm64
  2. Build with command from docs (with added tag) docker build --build-arg IMAGE=master-arm64 --build-arg ARCH=aarch64 . -t m1/elk
  3. Run: docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -p 7777:7777/udp -v $PWD/.docker/elk/udp.conf:/etc/logstash/conf.d/99-input-udp.conf -e MAX_MAP_COUNT=262144 -it --name distnode-elk m1/elk

Here's also ma config (udp.conf)

input {
    udp {
        id => "nodejs_udp_logs"
        port => 7777
        codec => json
    }
}
output {
    elasticsearch {
        hosts => ["localhost:9200"]
        document_type => "nodelog"
        manage_template => false
        index => "nodejs-%{+YYYY.MM.dd}"
    }
}

@xtakeit
Copy link

xtakeit commented Nov 18, 2023
edited

I had same issue with syscall filter.

I was able to run elk stack on M1 using docker with images from this repo. Here's my solution based on docs from https://elk-docker.readthedocs.io/#building-image-arm64 with my extra steps:

  1. Pull phusion/baseimage:master-arm64 (because docker build thrown errors) docker pull phusion/baseimage:master-arm64
  2. Build with command from docs (with added tag) docker build --build-arg IMAGE=master-arm64 --build-arg ARCH=aarch64 . -t m1/elk
  3. Run: docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -p 7777:7777/udp -v $PWD/.docker/elk/udp.conf:/etc/logstash/conf.d/99-input-udp.conf -e MAX_MAP_COUNT=262144 -it --name distnode-elk m1/elk

Here's also ma config (udp.conf)

input {
    udp {
        id => "nodejs_udp_logs"
        port => 7777
        codec => json
    }
}
output {
    elasticsearch {
        hosts => ["localhost:9200"]
        document_type => "nodelog"
        manage_template => false
        index => "nodejs-%{+YYYY.MM.dd}"
    }
}

but I meet something diffrence.
the image master-arm64 is no found. so I change to phusion/baseimage:focal-1.2.0.

Operation Steps :

Pull arm64 paltform image: docker pull --platform=linux/arm64 phusion/baseimage:focal-1.2.0
Build with local image focal-1.2.0: docker build --build-arg IMAGE=focal-1.2.0 --build-arg ARCH=aarch64 . -t sebp/elk-arm64

Run: sudo docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -it --name arm64-elk sebp/elk-arm64

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@lylek @syberkitten @Talar1997 @BonesyWonesy @jgreffe @maxonfjvipon @xtakeit