Issue description
When using build version 12411 and below, you may get this in-product critical notification: Low memory detected on Log360's elasticsearch, increase the memory to at least X GB. This article explains the error message and what actions you can take to resolve the issue.
Possible cause
This error might occur if the amount of data stored in Elasticsearch has increased. As more data gets indexed, Elasticsearch needs more heap memory to process and manage it. This can lead to memory-related errors.
Prerequisites
Access to the EventLog Analyzer server as an administrator.
Resolution
EventLog Analyzer contains live indexed data in Elasticsearch, which consumes the server's memory to make the data available ready to load. To ensure fair performance, maintaining the heap to data ratio of 1:60 is recommended. This indicates that approximately 1 GB of memory (heap) is allocated for every 60 GB of data in the Elasticsearch node (the maximum
ratio). For optimal performance, lowering this ratio (i.e., 1:30) is even better for increasing indexing and loading speed.
In the latest version of EventLog Analyzer, this notification is not classified as a critical alert, but a recommendation for smooth indexing and optimized performance.
Increasing heap memory is not required unless you're experiencing performance lag or latency while retrieving data.
Solution 1:
Solution 2:
To increase the heap allocated manually as per the notification's suggestion:
1. As an administrator, navigate to the ManageEngine\elasticsearch\ES\conf folder and take a backup. Then, use a text editor to open the es-additional-wrapper.conf file.
2. Update the initmemory and maxmemory with same value, in MB, as recommended in the error notification.
3. Open the Command Prompt.
4. Navigate to the ManageEngine\Elasticsearch\es\bin folder.
5. Execute startES.bat
Note: The server must have the allocated memory available for Elasticsearch to perform properly.
Tips
Related articles