Docker 安装 Elasticsearch 报错

官方文档：
https://www.elastic.co/docs/deploy-manage/deploy/self-managed/install-elasticsearch-docker-basic#_start_a_single_node_cluster

运行：

docker run --name es01 --net elastic -p 9200:9200 -it -m 1GB docker.elastic.co/elasticsearch/elasticsearch:9.1.3

输出类似：

{"@timestamp":"2025-09-10T10:36:21.419Z", "log.level": "INFO", "message":"persistent cache index loaded", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.searchablesnapshots.cache.full.PersistentCache","elasticsearch.node.name":"084eac5ac5bf","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2025-09-10T10:36:21.419Z", "log.level": "INFO", "message":"deprecation component started", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.deprecation.logging.DeprecationIndexingComponent","elasticsearch.node.name":"084eac5ac5bf","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2025-09-10T10:36:21.471Z", "log.level": "INFO", "message":"publish_address {192.168.16.2:9300}, bound_addresses {[::]:9300}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.transport.TransportService","elasticsearch.node.name":"084eac5ac5bf","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2025-09-10T10:36:21.530Z", "log.level": "INFO", "message":"bound or publishing to a non-loopback address, enforcing bootstrap checks", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.bootstrap.BootstrapChecks","elasticsearch.node.name":"084eac5ac5bf","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2025-09-10T10:36:21.533Z", "log.level":"ERROR", "message":"node validation exception\n[1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch. For more information see [https://www.elastic.co/guide/en/elasticsearch/reference/8.18/bootstrap-checks.html]\nbootstrap check failure [1] of [1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/8.18/bootstrap-checks-max-map-count.html]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.bootstrap.Elasticsearch","elasticsearch.node.name":"084eac5ac5bf","elasticsearch.cluster.name":"docker-cluster"}
ERROR: Elasticsearch did not exit normally - check the logs at /usr/share/elasticsearch/logs/docker-cluster.log
{"@timestamp":"2025-09-10T10:36:21.535Z", "log.level": "INFO", "message":"stopping ...", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch-shutdown","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"084eac5ac5bf","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2025-09-10T10:36:21.546Z", "log.level": "INFO", "message":"stopped", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch-shutdown","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"084eac5ac5bf","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2025-09-10T10:36:21.546Z", "log.level": "INFO", "message":"closing ...", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch-shutdown","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"084eac5ac5bf","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2025-09-10T10:36:21.552Z", "log.level": "INFO", "message":"closed", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch-shutdown","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"084eac5ac5bf","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2025-09-10T10:36:21.554Z", "log.level": "INFO", "message":"Native controller process has stopped - no new native processes can be started", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"ml-cpp-log-tail-thread","log.logger":"org.elasticsearch.xpack.ml.process.NativeController","elasticsearch.node.name":"084eac5ac5bf","elasticsearch.cluster.name":"docker-cluster"}

处理办法：
编辑 /etc/sysctl.conf 或 /etc/sysctl.d/elasticsearch.conf，增加一行：

vm.max_map_count=262144

然后执行命令查看效果：

sudo sysctl -p