We have elasticsearch running in our product, its not a cluster configuration. We have noticed despite maximum FD limit set to 65536, it has opened too many Pipes/
If we look for particular elasticsearch process under /proc//fd we have about 671 open FD. But I can understand why for elastic user so many other FDs are opened in the system
lsof as you have done is not an accurate way to count open file descriptors. For example, as you have done will count memory-mapped portions of files which do not count individually as file descriptors. Additionally, lsof will duplicate the same file descriptor multiple times for multiple threads. The correct way to check the number of file descriptors is the number of entires in /proc/<pid>/fd.
I agree, but on a idle system, why we should have so may open FDs pointed by elasticsearch. There are several other services but elastic is still contributing about 80% of open FDs in system
_cat/shards?v
index shard prirep state docs store ip node
DB2_v1 0 p STARTED 0 159b 127.0.0.1 Cletus Kasady
DB2_v1 0 r UNASSIGNED
DB1_v2 0 p STARTED 4686 2.1mb 127.0.0.1 Cletus Kasady
DB1_v2 0 r UNASSIGNED
Every file (translog, shard locks, segments, JARs, etc.) opened by Elasticsearch counts as a file descriptor. So do network sockets. I would turn this around: if you think there are too many open, have a look at ls -al /proc/<PID>/fd and tell me what you see that is problematic?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.