Error: Low memory detected on Log360's Elasticsearch
Issue description
When using build version 12411 and below, you may get this in-product critical notification: Low memory detected on Log360's elasticsearch, increase the memory to at least X GB. This article explains the error message and what actions you can take to resolve the issue.
Possible cause
This error might occur if the amount of data stored in Elasticsearch has increased. As more data gets indexed, Elasticsearch needs more heap memory to process and manage it. This can lead to memory-related errors.
Prerequisites
Access to the EventLog Analyzer server as an administrator.
Resolution
EventLog Analyzer contains live indexed data in Elasticsearch, which consumes the server's memory to make the data available ready to load. To ensure fair performance, maintaining the heap to data ratio of 1:60 is recommended. This indicates that approximately 1 GB of memory (heap) is allocated for every 60 GB of data in the Elasticsearch node (the maximum
ratio). For optimal performance, lowering this ratio (i.e., 1:30) is even better for increasing indexing and loading speed.
In the latest version of EventLog Analyzer, this notification is not classified as a critical alert, but a recommendation for smooth indexing and optimized performance.
Increasing heap memory is not required unless you're experiencing performance lag or latency while retrieving data.
- Solution 1:
- To avoid receiving this critical error and for optimal performance, upgrade to the latest version of EventLog Analyzer.
- Solution 2:
- To increase the heap allocated manually as per the notification's suggestion:
1. As an administrator, navigate to the ManageEngine\elasticsearch\ES\conf folder and take a backup. Then, use a text editor to open the es-additional-wrapper.conf file.2. Update the initmemory and maxmemory with same value, in MB, as recommended in the error notification.3. Open the Command Prompt.4. Navigate to the ManageEngine\Elasticsearch\es\bin folder.5. Execute startES.batNote: The server must have the allocated memory available for Elasticsearch to perform properly.
Tips
- We recommend you upgrade to the latest version of EventLog Analyzer periodically for optimal performance.
- Elasticsearch auto-increases the heap allocated up to a third of the total RAM allocated based on the indexed data storage size.
- To limit log retention, navigate to Settings > Retention Settings and set the Current Storage Size for a shorter duration.
Related articles
New to ADSelfService Plus?
Related Articles
Changing the location of Elasticsearch index data
Follow the steps below to move the log indices to a different location: Stop the EventLog Analyzer service. Open the command prompt with admin privileges. Navigate to <dir>:\ManageEngine\elasticsearch\ES\bin and execute stopES.bat. Make a backup of ...Error 500 when loading the GUI
Open the <dir>:\ManageEngine\elasticsearch\ES\logs\wrapper.log file and check the status of Elasticsearch (ES). The log traces below are for reference. INFO | jvm 1 | 2021/06/25 16:08:51 | [2021-06-25T16:08:51,108][INFO][o.e.n.Node][int_Server-Name] ...How to troubleshoot JVM Memory Error?
Stop the ManageEngine EventLog Analyzer service. Navigate to <EventLog Analyzer home>/server/conf. Open the file wrapper.conf. Search for wrapper.java.maxmemory. Change the default value (1024) to wrapper.java.maxmemory=4096. (The value should not ...Log import failure during remote log collection in EventLog Analyzer
Issue description EventLog Analyzer will display an error notification in the UI stating that the log import for selected files has failed. This issue will happen when EventLog Analyzer is unable to import a file during the scheduled log import ...How to configure notifications for low disk space in EventLog Analyzer
Objective EventLog Analyzer allows you to configure email alerts for low disk space on the installation drive. When free space drops below a specified limit, an automated notification is sent, helping you take action before log collection or ...