Kibana CPU Load

zsnops · February 12, 2024, 1:01am

Hi,

I am running a small single ELK instance just for visualizing some logs.

Because the process consumes around 12 % CPU when idle, I have tried to deactivate a few things in kibana.yml:

telemetry.enabled: false
xpack.fleet.enabled: false
xpack.securitySolution.enabled: false
xpack.uptime.enabled: false
xpack.apm.enabled: false
xpack.reporting.enabled: false
xpack.actions.enabledActionTypes: []

But that made no difference :(.

According to the logs, alerting and taskManager are still started. How can I deactivate these plugins?

[2024-02-12T01:45:45.279+01:00][INFO ][plugins.alerting] Installing ILM policy .alerts-ilm-policy
[2024-02-12T01:45:45.283+01:00][INFO ][plugins.alerting] Installing component template .alerts-framework-mappings
[2024-02-12T01:45:45.287+01:00][INFO ][plugins.alerting] Installing component template .alerts-legacy-alert-mappings
[2024-02-12T01:45:45.328+01:00][INFO ][plugins.alerting] Installing component template .alerts-ecs-mappings
[2024-02-12T01:45:46.585+01:00][INFO ][plugins.ruleRegistry] Installing component template .alerts-technical-mappings
[2024-02-12T01:45:49.604+01:00][INFO ][http.server.Kibana] http server running at https://xx.xx.xx.xx:xx
[2024-02-12T01:45:49.785+01:00][INFO ][status.plugins.alerting] alerting plugin is now available: Alerting is (probably) ready
[2024-02-12T01:45:49.785+01:00][WARN ][status.plugins.taskManager] taskManager plugin is now degraded: Task Manager is unhealthy - Reason: setting HealthStatus.Error because of expired cold timestamps
[2024-02-12T01:45:49.785+01:00][INFO ][status.plugins.licensing] licensing plugin is now available: License fetched
[2024-02-12T01:45:49.908+01:00][ERROR][plugins.observabilityAIAssistant] Failed to resolve ELSER model definition: Error: Platinum, Enterprise or trial license needed
[2024-02-12T01:45:49.921+01:00][WARN ][status] Kibana is now degraded: 0 service(s) and 1 plugin(s) are degraded: taskManager
[2024-02-12T01:45:49.981+01:00][INFO ][plugins.alerting] Installing component template .alerts-stack.alerts-mappings
[2024-02-12T01:45:49.982+01:00][INFO ][plugins.alerting] Installing component template .alerts-ml.anomaly-detection.alerts-mappings
[2024-02-12T01:45:50.028+01:00][INFO ][plugins.observabilityAIAssistant.service] Creating concrete write index - .kibana-observability-ai-assistant-conversations-000001
[2024-02-12T01:45:50.063+01:00][INFO ][plugins.alerting] Installing index template .alerts-stack.alerts-default-index-template
[2024-02-12T01:45:50.065+01:00][INFO ][plugins.alerting] Installing index template .alerts-ml.anomaly-detection.alerts-default-index-template
[2024-02-12T01:45:50.184+01:00][INFO ][plugins.alerting] Creating concrete write index - .internal.alerts-stack.alerts-default-000001
[2024-02-12T01:45:50.194+01:00][INFO ][plugins.alerting] Creating concrete write index - .internal.alerts-ml.anomaly-detection.alerts-default-000001
[2024-02-12T01:45:50.211+01:00][INFO ][plugins.observabilityAIAssistant.service] Creating concrete write index - .kibana-observability-ai-assistant-kb-000001
[2024-02-12T01:45:50.307+01:00][INFO ][plugins.observabilityAIAssistant.service] Successfully set up index assets
[2024-02-12T01:45:50.714+01:00][INFO ][plugins.screenshotting.chromium] Browser executable: /usr/share/kibana/node_modules/@kbn/screenshotting-plugin/chromium/headless_shell-linux_x64/headless_shell
[2024-02-12T01:45:55.698+01:00][INFO ][status.plugins.taskManager] taskManager plugin is now available: Task Manager is healthy
[2024-02-12T01:45:55.781+01:00][INFO ][status] Kibana is now available (was degraded)

What else could be causing the permanent load?

leandrojmp · February 12, 2024, 1:24am

What are the specs of your server? Are you running anything else in the server besides Kibana?

Also, is this causing any issues? And by idle you mean that no one is accessing Kibana?

This looks like normal behavior, I don't think disabling those plugins will change anything.

zsnops · February 12, 2024, 1:49am

It is a VM - the hypervisor is running on an Intel N100 SoC.

In that particular VM are Kibana + Logstash + single Elasticsearch running. It is just for visualizing firewall logs.

Yes, idle = no one is accessing Kibana.

It's not really a problem, but I'm wondering why Kibana seems to be permanently querying Elasticsearch.

system · March 11, 2024, 1:50am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana Performance, Plugins and Task Manager Kibana	2	804	March 21, 2022
Disabling unwanted tabs/plugins in Kibana 6.8.3 Kibana	3	2325	December 16, 2019
How to disable task manager Kibana	3	501	November 3, 2020
Kibana 7.4.2 is taking too much time to load Kibana	5	2015	May 14, 2020
High CPU usages in Elastic Node Kibana	3	855	August 5, 2021

Kibana CPU Load

Related topics