[Bro] Splunk or ELK to parse Bro logs
C. L. Martinez
carlopmart at gmail.com
Wed Feb 22 00:32:11 PST 2017
On Mon, Feb 20, 2017 at 08:43:59AM -0500, Joe Blow wrote:
> You could just change the JVM you're using elasticsearch/logstash on to
> only allocate 1GB of RAM. On that VM if you give it 2.5GB of RAM, then
> only 1GB of it will be used by your Elasticsearch install. The rest will
> be used by the OS (disk cache) and logstash.
>
> In CentOS land, you'd make your /etc/sysconfig/elasticsearch file say this:
>
> ES_HEAP_SIZE=1g
>
> Cheers,
>
> JB
>
Many thanks to all for your inputs. Regarding to use ELK, is it safe to use latest versions of Logstash, Elasticsearch adn Kibana? What version do you recommend?
--
Greetings,
C. L. Martinez
More information about the Bro
mailing list