Skip to main content
Version: 2.0

Elasticsearch Operations

GraphGrid uses Elasticsearch to maintain search functionality. Click here for more information about Elasticsearch.

Elasticsearch has the following default packaging settings:

 elasticsearch:
    image: 754290812573.dkr.ecr.us-west-2.amazonaws.com/elasticsearch:6.3.2
    restart: on-failure
    networks:
      - default
    ports:
      - 9200
      - 9300
    environment:
      - ES_JAVA_OPTS=-Xmx1024m -Xms1024m
      - cluster.name=elasticsearch
      - bootstrap.memory_lock=true
      - xpack.security.enabled=false
      - LOG4J_FORMAT_MSG_NO_LOOKUPS=true
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ${GRAPHGRID_DATA}/elasticsearch/data:/usr/share/elasticsearch/data
    logging:
      driver: json-file
      options:
        max-size: 10m
        max-file: '6'

Disk Usage

Troubleshooting Memory Leak

The Elasticsearch cluster can get too full over time as a result of GraphGrid-related default indices bloating the disc.

To check the disk usage of Elasticsearch, you can run docker ps -s | grep elasticsearch which will display two-different on-disk sizes for each container.

We recommend removing the GraphGrid-related indices every so often to prevent the disc from filling up and causing slow search functionality.

The offending GraphGrid-related indices are (txreqest, txrestult, apm, and logstash). In order to make requests to delete these indices from Elasticsearch, it is necessary to either access the running Elasticsearch container or find the port connected 9200.

To clear out the above indices, proceed with the steps found in either of these methods:

danger

While this procedure does free-up memory for Elasticsearch, be aware that deleting these indices will delete information about logs (logstash), metrics (apm), and queries previously executed on the graph (txRequest/txResult).

Method 1: Make requests from inside the Elasticsearch container

  1. In a terminal, access the server instance and ensure you are in the GraphGrid package directory.
  2. Locate and copy the Elasticsearch container Id with this command: docker ps | grep elasticsearch|awk '{ print $1 }'
  3. Enter the Elasticsearch container by using the container Id from the previous step in this command: docker exec -it <containerId> bash. This allows you to run shell commands from inside the running container.
  4. Run the following curl requests to delete the GraphGrid-related indices.
curl -XDELETE 'localhost:9200/txrequest*';
curl -XDELETE 'localhost:9200/txresult*';
curl -XDELETE 'localhost:9200/apm*';
curl -XDELETE 'localhost:9200/logstash*';

Method 2: Make Requests from outside the Elasticsearch container

If for some reason you are unable to run shell commands from inside the container itself, you can find the port connected to 9200 (Elasticsearch). To do this, run docker ps | grep elasticsearch, the port should look something like ::3241->9200/tcp. From there you can issue the same curl commands above but using that port instead of 9200.

curl -XDELETE 'localhost:3241/txrequest*';
curl -XDELETE 'localhost:3241/txresult*';
curl -XDELETE 'localhost:3241/apm*';
curl -XDELETE 'localhost:3241/logstash*';