OpenSearch employs circuit breakers to prevent nodes from running out of Java Virtual Machine (JVM) heap memory, which could lead to crashes. These circuit breakers estimate the memory required for operations and compare it to the available heap size. If an operation exceeds the configured limit, OpenSearch throws a CircuitBreakerException to avoid potential OutOfMemoryErrors. Types of Circuit […]
Step 1:Write a Query to Monitor Multiple Sources Identify the log sources you want to monitor. Create a Splunk search query that checks for events from those sources within a specific timeframe. Example query: Query without additional fields Query with additional fields “message” For example, on the screenshot, I set two hosts to monitor and […]
When working with Elasticsearch, you may encounter the following error during complex queries involving cardinality aggregations: This error typically occurs when Elasticsearch’s dynamic pruning mechanism, designed to optimize aggregation queries, struggles to handle high cardinality (i.e., a large number of unique terms or values). Let’s dive into what this means and how to resolve it. […]
When processing event streams with Logstash, you may encounter a need to calculate the duration of a session — the difference between its start and end times. This is a common scenario when analyzing time-sensitive data.Logstash provides the flexibility to perform such operations by embedding custom Ruby code into your pipeline configuration. Here’s how you […]
To update the GeoLite2 database in your ArcSight Manager environment, follow these steps: 1. Register on the MaxMind Portal Visit the MaxMind Portal and log into your account. If you don’t have an account, register for one. 2. Download the GeoLite2 Database Once logged in, navigate to the Account Portal. In the sidebar menu, select “Download Files”. This will take […]
LDAP (Lightweight Directory Access Protocol) is a popular method for centralizing user authentication and access control across an organization. Configuring Elasticsearch to use LDAP over a secure connection (LDAPS) adds an additional layer of security by encrypting communication between Elasticsearch and the LDAP server. This article provides a step-by-step guide to setting up LDAPS for […]
To start with Index State Management, first of all, you need to set up policies.You can use Visual Editor or Dev-tools. If you choose Visual Editor, then do the following:In Index Management > State management policies, choose Create policy and click Continue: Inside the Create policy, you need to set the policy info: Policy ID Description (optional) Set Error […]
Occasionally, as Elasticsearch administrators we may encounter a situation where all indices are automatically set to read_only_allow_delete=true, preventing write operations. Usually, this occurs when the cluster runs out of available disk space. Let’s discuss why this happens, how to resolve it, and how to prevent it in the future. So, why do indices become read_only_allow_delete=true? […]
I had a problem with long-running stuck tasks. These tasks were stuck due to various reasons, such as resource constraints, bugs, or other issues. How I resolved it:I followed these steps: 1) You need to identify the stuck tasks by using the command below When you use the above command, you will get lists of […]
When working with Elasticsearch, you may encounter the following error during complex queries involving cardinality aggregations: This error typically occurs when Elasticsearch’s dynamic pruning mechanism, designed to optimize aggregation queries, struggles to handle high cardinality (i.e., a large number of unique terms or values). Let’s dive into what this means and how to resolve it. […]