The first run of ElasticSearch and the ELK stack, often results in an:
In our experience, the most common reason is related to RAM memory allocation, and here are some troubleshooting tips.
Troubleshooting Step 1: vm.max_map_count
To set the value to the correct one, you can type
This command needs to be run as root user.
Sidenote: If you are using containers, the containers will automatically use this value from the host, unless instructed otherwise.
Troubleshooting Step 2: Heap Memory
ElasticSearch is based on Java, and Java’s memory management is key.
If not set specifically, the heap size is relative to the available memory of the host. To avoid issues, it is recommended to always set the expected memory manually when starting up ElasticSearch by setting the XMX and XMS settings to at least 4GB each. More information on how to do that can be found here.
Troubleshooting 3: Container/User Limitations
As mentioned in Troubleshooting Step 2, the Java Heap memory is by default calculated with respect to the available memory on the system.
Find container and application configuration intersections
CoGuard is a code scanner for configuration files. It has a Generalized Infrastructure Model that identifies intersections of configuration parameters between applications, operating systems and devices/containers like those described above. You can scan your IaC configurations, containers and cloud infrastructure for misconfigurations and security best practices.
Get started for free today »