Hello
ELK version: 7.16.2
Auditbeat version: 7.16.2
I'm trying to set up an Elastic SIEM cluster which is as of now running the way it should but we are still experiencing a memory issue with auditbeat.
It seems that auditbeat just keeps on consuming more and more memory causing or smallest servers to crash (the loadbalancers). It is weird because a lot of network traffic passes through those servers and packetbeat just keeps on running there.
Initially I thought that the issue was only present when the Elasticsearch VM wasn't able to ingest any more logs but now it also happens at random times when there's still more than enough free diskspace on the Elasticsearch VMs.
I have already configured a queue on the disk of 1GB but I think that one will only trigger once the Elasticsearch VM can't ingest data anymore due to for example diskspace issues.
To me, it looks like a memory leak issue.
Is or has anyone else encountered this issue, and so how have you been able to fix it?
All help is appreciated.
Thank you!