improve performance wazuh/ opensearch
956 views
Skip to first unread message
Daan Fleuren
Jan 13, 2023, 5:02:07 AM1/13/23
to Wazuh mailing list
Hello,
I have a problem, that the dashboard gives timeouts very often, well I know that it is possible to adjust the timeout. but this does not seem to be the right solution to the problem.
I have checked the CPU, RAM and DISK i/o, and concluded that is probably the bottleneck. And that this I think is because Wazuh-indexer consumes a lot of virtual memory. as much as c.a. 40g.
However, as shown in the image, it doesn't even use 100% of the real memory, and I don't understand why the virtual memory is so high.
my question therefore, is the only solution to add memory? if so, how much. and/or can i optimize wazuh indexer to consume less memory
I have a problem, that the dashboard gives timeouts very often, well I know that it is possible to adjust the timeout. but this does not seem to be the right solution to the problem.
I have checked the CPU, RAM and DISK i/o, and concluded that is probably the bottleneck. And that this I think is because Wazuh-indexer consumes a lot of virtual memory. as much as c.a. 40g.
However, as shown in the image, it doesn't even use 100% of the real memory, and I don't understand why the virtual memory is so high.
my question therefore, is the only solution to add memory? if so, how much. and/or can i optimize wazuh indexer to consume less memory
Carlos Dams
Jan 13, 2023, 7:56:25 AM1/13/23
to Wazuh mailing list
Hi Daan,
Thanks for using Wazuh!
That value for Wazuh indexer is very common and it is actually recommended, you can check under /etc/wazuh-indexer/jvm.options and assign a value that better suits your environment but about 40-50% of the available RAM is ok, just follow these rules:
- Use no more than 50% of available RAM.
- Use no more than 32 GB.
- Use no more than 50% of available RAM.
- Use no more than 32 GB.
Under /etc/wazuh-indexer/jvm.options find:
# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space
-Xms2g
-Xmx2g
# Xmx represents the maximum size of total heap space
-Xms2g
-Xmx2g
Besides the JVM memory options previously shared, to improve the performance of Wazuh indexer (OpenSearch), this guide can be followed with the following considerations for Wazuh Indexer:
- Edit /etc/wazuh-indexer/opensearch.yml file, add or edit the following value:
- bootstrap.memory_lock: true
- Create the following directory:
- mkdir -p /etc/systemd/system/wazuh-indexer.service.d/
- Create this file and add the following value with this command:
cat > /etc/systemd/system/wazuh-indexer.service.d/wazuh-indexer.conf << EOF
[Service]
LimitMEMLOCK=infinity
EOF - Reload and restart the wazuh-indexer service
systemctl daemon-reload
systemctl restart wazuh-indexer - You can verify that the setting was successfully changed by checking the value of mlockall:
curl -k -u <username>:<password> "https://<wazuh-indexer_ip>:9200/_nodes?filter_path=**.mlockall&pretty"
Also, do you have a screenshot of the timeout errors? is it the session timeout when you have to log in back again?
Reply all
Reply to author
Forward
0 new messages