Elasticsearch problem
4,153 views
Skip to first unread message
Mark Rafa
Jan 22, 2021, 10:28:08 AM1/22/21
to Wazuh mailing list
Hello,
I cant see logs on kibana due to a elasticsearch error.
I have these logs below in my elasticsearch.log:
Kibana is not opening and I have this log below in elasticsearch.log:
GC did not bring memory usage down, before
[2021-01-13T12:45:54][INFO ][o.e.i.b.HierarchyCircuitBreakerService] [xxx] attempting to trigger G1GC due to high heap usage
I have enough resource and space on my server.
I need to fix this since I can not do anything.
Can you please help me how to fix this issue.
Best,
Alfonso Ruiz-Bravo
Feb 16, 2021, 4:12:54 AM2/16/21
to Wazuh mailing list
Hello Markrafa,
If this is the problem it is related to Elasticsearch resources. The heap configuration is limited. We would have to see if you can increase the heap memory depending on the resources of your Elasticsearch host.
It seems that the error has its origin in the prevention of an OutOfMemory problem. This usually occurs when the heap of the Elasticsearch JVM is at maximum usage and more memory than is available is requested to perform certain operations.
Could you provide us with the resources available to the Elasticsearch host and /etc/elasticsearch/jvm.options content.?
We would be interested in the following section:
################################################################
## IMPORTANT: JVM heap size
################################################################
. . .
# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space
In this section, you will have the values assigned to the heap of the Elasticsearch JVM. Normally it is given a maximum and minimum value equal to half of the RAM available to Elasticsearch. For example, if your Elasticsearch host has 8GB RAM you should have heap memory like this:
-Xms4g
-Xmx4g
If you have other values less than half of your RAM, try increasing it and restarting the Elasticsearch service for the changes to take effect.
I hope this is helpful. If this is not the problem, let us know and we will look into the problem further.
Regards,
Alfonso Ruiz-Bravo
Reply all
Reply to author
Forward
0 new messages