SearchBlox provides multiple logs for troubleshooting and monitoring. The log files are available in
- index.log (crawler indexing activities)
- query.log (search queries)
- status.log (startup, status, errors, warnings and license/IP address issues)
- es.log (elasticsearch activities)
- auth.log (user login in admin dashboard)
- activity.log (creation- and deletion-related activities for collections)
- parameter.log (parameters)
- user.log (users added/deleted/modified)
- securesearch.log (logs related to secure search)
- pretext.log (logs related to pretext activities)
Elasticsearch, status, Index, query, and other logs are rotated daily and deleted after every fourteen days.
SearchBlox service-related activities can be found the wrapper.log in
To turn off logging for searchblox.log follow the below configuration:
In Windows: Go to
<installation-folder>/service/service.xml file. Edit the below configuration by updating
<log mode="roll-by-time"> to
In Linux: Go to
<installation-folder>/bin/start.sh file and update below command as shown:
**eval java $JAVA_OPTS -jar start.jar \ &**
Note: Once you make the change please stop and start SearchBlox to take effect.
The following log files are recommended for monitoring:
The status.log and es.log files can be monitored for the following errors:
- gc overhead limit exceeded (memory issue)
- java.lang.OutOfMemoryError: Java heap space
- java.lang.OutOfMemoryError: PermGen space
- shutdown or Shutdown
- high disk watermark [*] exceeded
- Too many open files
- Errors 1 - 4 are due to insufficient RAM. Please increase memory allocation and restart.
- Error 5 indicates shutdown (reasons could be memory or disk issue or network issue)
- Error 6 indices insufficient disk space issue. Please increase disk space allocated.
- Error 7 occurs in Linux if the ulimit value is not set to maximum.
Error specific to
/opt/searchblox/elasticsearch/logs/searchblox.log for Linux:
- max virtual memory areas vm.max_map_count  is too low, increase to at least 
Increase map count using the command:
sysctl -w vm.max_map_count=262144
If this error is observed in index.log or status.log it is required to increase the ulimit.
- Check the ulimit using the command:
- Edit the limits.conf file using the command:
- Give the following in the file before the end of file
* soft nofile 100000 * hard nofile 100000 root soft nofile 100000 root hard nofile 100000
- Now you can check the ulimit value using the command:
- ulimit value should be 100000 or higher
- Please reboot after this change.
SearchBlox ingests and retrieves data from elasticsearch, which you can access to view the data.
To check the status of elasticsearch index, go to https://localhost:9200/_cat/indices.
Alternatively, if you use Linux versions of SearchBlox you can use the following curl command
`curl -k -u <elasticsearch-username>:<elasticsearch-password> https://localhost:9200/_cat/indices?pretty=true`
URL for accessing elasticsearch is https://localhost:9200/
If you are using a custom domain or port in elasticsearch.yml please use the relevant domain and port to access elasticsearch.
Updated 4 months ago