Hello I am new to elastic stack and need some help. I use the elastic cloud for the Siem functionality and the endpoint defend.
Everything is good but I get very high cpu utilization that makes it difficult for me to use the Siem. My node has 8gb of ram and I use frozen tier to move data. I have some prebuilt ml jobs running and I use elastic defend , network package capture and Alienvault OTX on every endpoint.
I support 55 endpoints and my cpu usage is always at 100% except some days that half the endpoints are turned off. Is it normal? Is the number of endpoints too much for my cloud deployment?
Also I would like to ask if the network packet capture is the problem here. Maybe installing it to every machine is not the optimal way to do it? Any suggestions ?
Hi @LaserBits, I'm sorry that you're having issues with your Elastic Cloud environment. I think the best way to resolve it would be via opening a support case at Elastic Support Hub. Our support engineers will help you troubleshoot the issue and scale the deployment appropriately.
Well I did but the support said they can not offer consulting about the configuration, they help only on deployment issues.
I really would like to hear if someone had a problem like that. As I am new to elastic I need to know if the problem is the number of endpoints or something I should do in my setup. Thanks.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.