[prev in list] [next in list] [prev in thread] [next in thread]
List: security-onion
Subject: Re: [security-onion] Re: Kibana timing out on basic visualizations, scant resources consumed
From: Steve Sirag <stevesirag () gmail ! com>
Date: 2019-05-29 13:57:42
Message-ID: CANs33cV-hMgxsKr80g+kHgst_5Oe-_Fv2uiPT4SnTGrwTX=PgA () mail ! gmail ! com
[Download RAW message or body]
Heap size didn't have much effect, but the pipeline workers is helping.
Thanks!
On Wed, May 29, 2019 at 8:33 AM Wes Lambert <wlambertts@gmail.com> wrote:
> One thing to try may be increasing the heap size for Elasticseach in
> /etc/elasticsearch/jvm.options.
>
> Additionally, try setting the Logstash pipeline workers to one or two in
> /etc/logstash/logstash.yml.
>
> Thanks,
> Wes
>
> On Tue, May 28, 2019 at 10:29 AM Steve Sirag <stevesirag@gmail.com> wrote:
>
> > On Friday, May 24, 2019 at 11:09:44 AM UTC-4, Steve Sirag wrote:
> > > I've been trying to get my Kibana working effectively; anything but the
> > shortest timeslice results in timeouts. I've extended the timeouts to 90
> > seconds, no improvement. I've watched the server's resources (see
> > screenshot) during a failed visualizations load, and it shows well under
> > max resources are being consumed, so I don't think further extension of
> > timeout or extra resources committed will help.
> > >
> > > How do I troubleshoot this?
> >
> > Bro indices output is attached.
> > The heavy node (OSSEC collector) has 6 vCPU's, 10 GB RAM assigned.
> > I'm not sure how to tell how many shards per index...we haven't altered
> > from default.
> >
> > --
> > Follow Security Onion on Twitter!
> > https://twitter.com/securityonion
> > ---
> > You received this message because you are subscribed to the Google Groups
> > "security-onion" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to security-onion+unsubscribe@googlegroups.com.
> > To post to this group, send email to security-onion@googlegroups.com.
> > Visit this group at https://groups.google.com/group/security-onion.
> > To view this discussion on the web visit
> > https://groups.google.com/d/msgid/security-onion/dc731ca1-1df5-4686-b28d-3913bc1f7f80%40googlegroups.com
> >
> > .
> > For more options, visit https://groups.google.com/d/optout.
> >
>
>
> --
> https://twitter.com/therealwlambert
> https://securityonion.net/
>
> --
> Follow Security Onion on Twitter!
> https://twitter.com/securityonion
> ---
> You received this message because you are subscribed to the Google Groups
> "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to security-onion+unsubscribe@googlegroups.com.
> To post to this group, send email to security-onion@googlegroups.com.
> Visit this group at https://groups.google.com/group/security-onion.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/security-onion/CAHjBB6Ea7BDJKqzxdGziKo%3DokBQ02kD4X4UFOxXMuKiL8j4X0A%40mail.gmail.com
> <https://groups.google.com/d/msgid/security-onion/CAHjBB6Ea7BDJKqzxdGziKo%3DokBQ02kD4X4UFOxXMuKiL8j4X0A%40mail.gmail.com?utm_medium=email&utm_source=footer>
>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
https://groups.google.com/group/security-onion. To view this discussion on the web \
visit https://groups.google.com/d/msgid/security-onion/CANs33cV-hMgxsKr80g%2BkHgst_5Oe-_Fv2uiPT4SnTGrwTX%3DPgA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
[Attachment #3 (text/html)]
<div dir="ltr">Heap size didn't have much effect, but the pipeline workers is \
helping. Thanks!</div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Wed, May 29, 2019 at 8:33 AM Wes Lambert <<a \
href="mailto:wlambertts@gmail.com">wlambertts@gmail.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">One \
thing to try may be increasing the heap size for Elasticseach in \
/etc/elasticsearch/jvm.options.<div><br></div><div>Additionally, try setting the \
Logstash pipeline workers to one or two in \
/etc/logstash/logstash.yml.</div><div><br></div><div>Thanks,</div><div>Wes</div></div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, May 28, 2019 at 10:29 \
AM Steve Sirag <<a href="mailto:stevesirag@gmail.com" \
target="_blank">stevesirag@gmail.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">On Friday, May 24, 2019 at 11:09:44 AM UTC-4, \
Steve Sirag wrote:<br> > I've been trying to get my Kibana working \
effectively; anything but the shortest timeslice results in timeouts. I've \
extended the timeouts to 90 seconds, no improvement. I've watched the \
server's resources (see screenshot) during a failed visualizations load, and it \
shows well under max resources are being consumed, so I don't think further \
extension of timeout or extra resources committed will help.<br> > <br>
> How do I troubleshoot this?<br>
<br>
Bro indices output is attached.<br>
The heavy node (OSSEC collector) has 6 vCPU's, 10 GB RAM assigned.<br>
I'm not sure how to tell how many shards per index...we haven't altered from \
default.<br> <br>
-- <br>
Follow Security Onion on Twitter!<br>
<a href="https://twitter.com/securityonion" rel="noreferrer" \
target="_blank">https://twitter.com/securityonion</a><br>
--- <br>
You received this message because you are subscribed to the Google Groups \
"security-onion" group.<br> To unsubscribe from this group and stop \
receiving emails from it, send an email to <a \
href="mailto:security-onion%2Bunsubscribe@googlegroups.com" \
target="_blank">security-onion+unsubscribe@googlegroups.com</a>.<br> To post to this \
group, send email to <a href="mailto:security-onion@googlegroups.com" \
target="_blank">security-onion@googlegroups.com</a>.<br> Visit this group at <a \
href="https://groups.google.com/group/security-onion" rel="noreferrer" \
target="_blank">https://groups.google.com/group/security-onion</a>.<br> To view this \
discussion on the web visit <a \
href="https://groups.google.com/d/msgid/security-onion/dc731ca1-1df5-4686-b28d-3913bc1f7f80%40googlegroups.com" \
rel="noreferrer" target="_blank">https://groups.google.com/d/msgid/security-onion/dc731ca1-1df5-4686-b28d-3913bc1f7f80%40googlegroups.com</a>.<br>
For more options, visit <a href="https://groups.google.com/d/optout" \
rel="noreferrer" target="_blank">https://groups.google.com/d/optout</a>.<br> \
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" \
class="gmail-m_-297466428051623854gmail_signature"><div dir="ltr"><span \
style="font-size:12.8px"><a href="https://twitter.com/therealwlambert" \
target="_blank">https://twitter.com/therealwlambert</a></span><br><div><span \
style="font-size:12.8px"><a href="https://securityonion.net/" \
target="_blank">https://securityonion.net/</a></span><br></div></div></div>
<p></p>
-- <br>
Follow Security Onion on Twitter!<br>
<a href="https://twitter.com/securityonion" \
target="_blank">https://twitter.com/securityonion</a><br>
--- <br>
You received this message because you are subscribed to the Google Groups \
"security-onion" group.<br> To unsubscribe from this group and stop \
receiving emails from it, send an email to <a \
href="mailto:security-onion+unsubscribe@googlegroups.com" \
target="_blank">security-onion+unsubscribe@googlegroups.com</a>.<br> To post to this \
group, send email to <a href="mailto:security-onion@googlegroups.com" \
target="_blank">security-onion@googlegroups.com</a>.<br> Visit this group at <a \
href="https://groups.google.com/group/security-onion" \
target="_blank">https://groups.google.com/group/security-onion</a>.<br> To view this \
discussion on the web visit <a \
href="https://groups.google.com/d/msgid/security-onion/CAHjBB6Ea7BDJKqzxdGziKo%3DokBQ02kD4X4UFOxXMuKiL8j4X0A%40mail.gmail.com?utm_medium=email&utm_source=footer" \
target="_blank">https://groups.google.com/d/msgid/security-onion/CAHjBB6Ea7BDJKqzxdGziKo%3DokBQ02kD4X4UFOxXMuKiL8j4X0A%40mail.gmail.com</a>.<br>
For more options, visit <a href="https://groups.google.com/d/optout" \
target="_blank">https://groups.google.com/d/optout</a>.<br> </blockquote></div>
<p></p>
-- <br />
Follow Security Onion on Twitter!<br />
<a href="https://twitter.com/securityonion">https://twitter.com/securityonion</a><br \
/>
--- <br />
You received this message because you are subscribed to the Google Groups \
"security-onion" group.<br /> To unsubscribe from this group and stop \
receiving emails from it, send an email to <a \
href="mailto:security-onion+unsubscribe@googlegroups.com">security-onion+unsubscribe@googlegroups.com</a>.<br \
/> To post to this group, send email to <a \
href="mailto:security-onion@googlegroups.com">security-onion@googlegroups.com</a>.<br \
/> Visit this group at <a \
href="https://groups.google.com/group/security-onion">https://groups.google.com/group/security-onion</a>.<br \
/> To view this discussion on the web visit <a \
href="https://groups.google.com/d/msgid/security-onion/CANs33cV-hMgxsKr80g%2BkHgst_5Oe \
-_Fv2uiPT4SnTGrwTX%3DPgA%40mail.gmail.com?utm_medium=email&utm_source=footer">https:// \
groups.google.com/d/msgid/security-onion/CANs33cV-hMgxsKr80g%2BkHgst_5Oe-_Fv2uiPT4SnTGrwTX%3DPgA%40mail.gmail.com</a>.<br \
/> For more options, visit <a \
href="https://groups.google.com/d/optout">https://groups.google.com/d/optout</a>.<br \
/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic