I have setup ELK for watching logs on Kibana on Linux redhat-6.8 with 16gb RAM and allocated 6GB for Heap. Index size is 1.5gb per day with 7 days retention period. Observed when I query with very simple patterns on Kibana, Heap is getting filled up and after querying for some time elastic is going down. Could you suggest how to calculate RAM/Heap requirements. I am using elastic 7.9, Kibana 7.9 and logstatsh-6.7.
That sounds odd as 6GB heap should be more than enough for that amount of data. Please make sure you are using Elasticsearch 7.9.1 or later as there was a memory leak in 7.9.0.
Thanks for a quick reply, I am using elastic serach 7.9.0 only. Let me try with 7.9.1 and will post the observation with the new version