Efficient Solutions for Disk Space Management
Please gather the below details to narrow down the root cause of the issue:
Build number:
If the EventLog Analyzer GUI is accessible, log onto the GUI, click on ? at the right-top corner, and check the build number.
If the EventLog Analyzer GUI is not accessible, open <Dir>:\ManageEngine\EventLogAnalyzer\troubleshooting Build.properties file.
Log Flow rate:
If GUI is accessible: Log onto the GUI > click on Log Receiver at the right-top corner > Select Server Details.
If GUI is not accessible:
Open the <dir>:\ManageEngine\EventLog Analyzer\logs\SysEvtColLogs.out file ⇾ check the latest Windows and Syslogs Session stats. Sample logs are given below:
2021-6-28 21:58:15 [50108]Windows: Lifetime Count = 40380 Lifetime Rate = 1.12164 packets, Session Count = 1811 Session Rate = 0.63366 2021-6-28 21:58:15 [50108]SysLogs: Lifetime Count = 13 Lifetime Rate = 0.000361101 packets, Session Count = 0 Session Rate = 0 |
In the latest build, open the <dir>:\ManageEngine\EventLog Analyzer\logs\Serverout_yyyy-mm-dd.txt file ⇾ check for the LogFlowRate trace.
DB Retention Period (Settings ⇾ Admin Settings ⇾ DB Retention Settings):
The size of the folders given below
<Dir>:\ManageEngine\EventLog Analyzer\archive:
<Dir>:\ManageEngine\EventLog Analyzer\logs:
<Dir>:\ManageEngine\EventLog Analyzer\pgsql:
<Dir>:\ManageEngine\EventLog Analyzer\ES\archive:
<Dir>:\ManageEngine\EventLog Analyzer\ES\CachedRecord:
<Dir>:\ManageEngine\elasticsearch\ES\data:
<Dir>:\ManageEngine\elasticsearch\ES\logs:
If there are any other folders that is consuming abnormal amount of space, collect the name and size of the same.
Note: Applications like TreeSize can be used if available. |
Archive retention period (Settings ⇾ Admin settings ⇾ Manage archives ⇾ 'Settings' at the top-right corner):
Based on the above collected details:
Calculate the required hardware here. If additional resources are required, cascade the same to the customer.
If the <Dir>:\ManageEngine\EventLog Analyzer\ES\archive file is consuming high amount of disk space, suggest moving the folder to another drive in the same machine, to a different machine, or a shared folder. Ensure that the account used in EventLog Analyzer has read/write permission in the new location.
If the <Dir>:\ManageEngine\elasticsearch\ES\data folder is consuming high amount of disk space, the data can be moved to another drive in the same machine or DB Retention can be reduces (after confirming with the customer).
New to ADSelfService Plus?
Related Articles
Understanding your log management solution
Key log terminologies When managing logs, there are terminologies that will help you make the most of the product in hand. Following are the list of such terms and their definitions as used in EventLog Analyzer. Agentless and agent-based log ...Offline Logs Management
How to: change the Archive (Offline Logs) Location - Applicable for Builds <= 12203 Log on to the EventLog Analyzer UI. Go to Settings Tab ⇾ Admin settings ⇾ Manage Archives ⇾ Settings (right-top corner) Update the new Archive location ⇾ click on ...Introduction to EventLog Analyzer
What is log management? An enterprise network consists of different entities—perimeter devices, workstations, servers, applications, and more. Each entity records every activity that unfolds within it in the form of logs. These logs hold information ...Log collection failure alerts
Device down alert: When configured devices don't respond to pings from EventLog Analyzer, it implies either of the following: The selected Syslog devices are not sending logs to EventLog Analyzer. EventLog Analyzer has not collected logs from the ...What to do if the EventLog Analyzer failed to update the IP's geolocation data due to network issue?
This occurs when there is no internet connection on the EventLog Analyzer server or if the creator server is unreachable. Domains/sites to be whitelisted: https://creator.zoho.com https://creatorexport.zoho.com The geolocation feature is used by ...