unable to connect t o Elastic search
55 views
Skip to first unread message
mc...@students.ptcollege.edu
Mar 16, 2018, 9:06:08 AM3/16/18
to Wazuh mailing list
Every morning when I go to check the manager, I am greeted with Unable to connect to elastic search at http://localhost:9200
The heap used is around 90% heap total.
I attached a screen shot..
Does this require the heap size to be adjusted?
I was allotted 3 GB of ram total (OS and Wazuh single architecture)
This seems to resolve it self eventually, but I assume this is not the intended functionality haha.
Thanks,
Mike
jesus.g...@wazuh.com
Mar 16, 2018, 9:20:04 AM3/16/18
to Wazuh mailing list
Hi Mike,
Please paste the output of the above command. Also it would be nice if you check the following commands whenever you see Elasticsearch down:
Finally, please could you paste the output of the following commands?
Whenever you see that error means Elasticsearch is down for any kind of reason. As I can see, your first problem is to have less RAM than we usually recommend.
You need more than 3 GB to have a Wazuh Manager + Elastic stack single host. Keep in mind that Logstash could waste 2GB pretty easy, a crashing is very probably.
On the other hand, have you checked Elasticsearch logs?
# cat /var/log/elasticsearch/elasticsearch.logPlease paste the output of the above command. Also it would be nice if you check the following commands whenever you see Elasticsearch down:
# systemctl status elasticsearch -l
# journalctl -xeFinally, please could you paste the output of the following commands?
# df -h
# free -hBest regards,
Jesús
Message has been deleted
jesus.g...@wazuh.com
Mar 16, 2018, 12:01:34 PM3/16/18
to Wazuh mailing list
Hi Mike, your last email was sent directly to my own mail, next time please ensure you are replying to the mailing list,
Another interesting tip is to keep your hard drive with enough space, keep in mind that Elasticsearch will consume more and more
all the community will be glad to see your problems and how we help you to solve them. Any case, and regarding to your last mail
there some things to take care next time:
If Elasticsearch has a memory RAM peak ending on crash you can should see some error logs:
# cat /var/log/elasticsearch/elasticsearch.log | grep -i "ERR"Also if your operating system is who killed the Elasticsearch process, you should see something at messages log:
# cat /var/log/messages | grep -i "err"
# cat /var/log/messages | grep -i "elastic"
# cat /var/log/messages | grep -i "java"Another interesting tip is to keep your hard drive with enough space, keep in mind that Elasticsearch will consume more and more
space day by day. If your hard drive reaches 85% usage, Elasticsearch stops its indexing process.
And finally, definetively you need more RAM for your server, depending on the amount of data, but I suggest to start at least with 8GB and
increase it after some days if you see that it's needed.
Regarding to the heap total vs heap used, it's normal, you could have a heap peak, but it usually works like stairs, goes up and goes down continuously
Hope it helps!
Best regards,
Jesús
El viernes, 16 de marzo de 2018, 14:06:08 (UTC+1), mc...@students.ptcollege.edu escribió:
Reply all
Reply to author
Forward
0 new messages