Install Issue (Java)/Kibana


Tried installing on VMware, setup a 50GB VM. Used mostly the partition sizes located on the site.
2 CPU/ 2 Cores
8 GB Memory
(This is not for production, just testing, so specs are not the greatest at the moment)

Looks like it runs through majority of the script (used default setting in the TUI)

Task [Kibana : Blanket Install/update Kibana Objects]

1951.508927 Out of memory: kill process 17863 (java)
Killed Process 18118
Out of memory (java)

Task [Kibana:Configure Kibana]
Fatal: [host] FAILED! +> "changed: false

No more hosts left



@xfaith, thanks for posting to the community! So internally we’ve actually been discussing raising the minimum recommended requirements. Namely, anything less than 10 GB of RAM with all features enabled is going to have some problems, and even with 10 it can get a bit shaky, but it’s doable. I do testing in my vm environment with 16, just so there’s a lot of wiggle room.

That said, you’re just testing the install and setup before you go production, one thing you can do is to disable Stenographer. You’ll lose the PCAP capability, but it will cut down on memory usage considerably. Every process that uses AF_Packet to collect network data (Bro, Suricata, Stenographer), must reserve and lock the memory needed to perform that function. We also have Elasticsearch that will reserve memory for it’s heap usage for the JVM.

So, for the quick fix, disable Stenographer, or add some additional RAM. We’re always trying to improve resource utilization to lower any unnecessary overhead. Thanks for reporting this so we can take a closer look at our requirements vs configuration strategies.



Rgr, well the point was to use Stenographer w/ bro&suricata. Will try and move some resources around and see if that will “fix” it for the time being.