Need help with Elasticsearch and Elastic agent

I am facing the problem in my elk server. Whenever I start the elasticsearch service the outgoing traffic increases to >10 MBps. This is what is shown in the processes.

Processess1347×662 286 KB

I also have stopped both filebeat and metricbeat services. What I think is that maybe elastic agent is upgrading the fleet server, filebeat and metricbeat. How to stop that?

The following command (curl -X GET ":9200/_cat/nodes?v=true&s=cpu:desc&pretty") give this output:

heap.percent: 52
ram.percent: 99
cpu: 38
load_1m: 6.18
load_5m: 7.04
load_15m: 7.56
node.role: cdfhilmrstw *
master name: soc

I found that this process is eating the CPU. Any suggestions?

Process1340×114 59 KB

Hello,

On the configuration of the heap memory, it seems to me that elasticsearch recommends that the value of xms be equal to Xmx. However, I see that the elasticsearch process is launched with an Xms 4Mb and an Xmx 64Mb

Hi,

I found that the above process is the one using the cpu and memory. As I am new to this I dont know how to optimize that. Will happy to get any help. Thanks

Please don't post pictures of text, logs or code. They are difficult to read, impossible to search and replicate (if it's code), and some people may not be even able to see them

Initial process:

elastic+  406465  0.0  0.2 2657952 90936 ?       Ssl  Jun08   0:43 /usr/share/elasticsearch/jdk/bin/java -Xms4m -Xmx64m -XX:+UseSerialGC -Dcli.name=server -Dcli.script=/usr/share/elasticsearch/bin/elasticsearch -Dcli.libs=lib/tools/server-cli -Des.path.home=/usr/share/elasticsearch -Des.path.conf=/etc/elasticsearch -Des.distribution.type=deb -cp /usr/share/elasticsearch/lib/*:/usr/share/elasticsearch/lib/cli-launcher/* org.elasticsearch.launcher.CliToolLauncher -p /var/run/elasticsearch/elasticsearch.pid --quiet

Other process:

elastic+  406547 52.1 34.7 507693936 11354816 ?  Sl   Jun08 523:14 /usr/share/elasticsearch/jdk/bin/java -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -Djava.security.manager=allow -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Dlog4j2.formatMsgNoLookups=true -Djava.locale.providers=SPI,COMPAT --add-opens=java.base/java.io=ALL-UNNAMED -XX:+UseG1GC -Djava.io.tmpdir=/tmp/elasticsearch-330912685403022393 -XX:+HeapDumpOnOutOfMemoryError -XX:+ExitOnOutOfMemoryError -XX:HeapDumpPath=/var/lib/elasticsearch -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Xms4g -Xmx4g -XX:MaxDirectMemorySize=2147483648 -XX:G1HeapRegionSize=4m -XX:InitiatingHeapOccupancyPercent=30 -XX:G1ReservePercent=15 -Des.distribution.type=deb --module-path /usr/share/elasticsearch/lib -m org.elasticsearch.server/org.elasticsearch.bootstrap.Elasticsearch

When I create the .options in jvm.options.d/ with following parameters:

-Xms15g 
-Xmx15g

Still the initial process is starting with Xms4m Xmx64m. Any suggestions how to decrease the cpu load and memory consumption. @warkolm

Also can I try and reinstall Elasticsearch and will that remove all the enrolled agents?

Any suggestions @warkolm ?

What is the actual name of the file you created in there?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.