[Bro] Splunk or ELK to parse Bro logs

C. L. Martinez carlopmart at gmail.com
Wed Feb 22 00:32:11 PST 2017

On Mon, Feb 20, 2017 at 08:43:59AM -0500, Joe Blow wrote:
> You could just change the JVM you're using elasticsearch/logstash on to
> only allocate 1GB of RAM.  On that VM if you give it 2.5GB of RAM, then
> only 1GB of it will be used by your Elasticsearch install.  The rest will
> be used by the OS (disk cache) and logstash.
> In CentOS land, you'd make your /etc/sysconfig/elasticsearch file say this:
> Cheers,
> JB

Many thanks to all for your inputs. Regarding to use ELK, is it safe to use latest versions of Logstash, Elasticsearch adn Kibana? What version do you recommend?

C. L. Martinez

More information about the Bro mailing list