SearchBlox provides multiple logs for troubleshooting and monitoring. The log files are available in
- index.log (crawler indexing activities)
- query.log (search queries)
- status.log (startup, status, errors, warnings and license/IP address issues)
- es.log (elasticsearch activities)
- auth.log (user login in admin dashboard)
- activity.log (creation- and deletion-related activities for collections)
- parameter.log (parameters)
- user.log (users added/deleted/modified)
- securesearch.log (logs related to secure search)
- pretext.log (logs related to pretext activities)
Elasticsearch and status logs are rotated daily and are not deleted.
Index, query, and other logs are rotated daily and deleted after every fourteen days.
SearchBlox service-related activities can be found the wrapper.log in
To turn off logging for searchblox.log follow the below configuration:
In Windows: Go to
<installation-folder>/service/service.xml file. Edit the below configuration by updating
<log mode="roll-by-time"> to
In Linux: Go to
<installation-folder>/bin/start.sh file and update below command as shown:
**eval java $JAVA_OPTS -jar start.jar \ &**
Note: Once you make the change please stop and start SearchBlox to take effect.
Log Files for Monitoring
The following log files are recommended for monitoring:
Error Messages Within the Logs
Terms/errors to be monitored in the application log files
The status.log and es.log files can be monitored for the following errors:
- gc overhead limit exceeded (memory issue)
- java.lang.OutOfMemoryError: Java heap space
- java.lang.OutOfMemoryError: PermGen space
- shutdown or Shutdown
- high disk watermark [*] exceeded
- Too many open files
- Errors 1 - 4 are due to insufficient RAM. Please increase memory allocation and restart.
- Error 5 indicates shutdown (reasons could be memory or disk issue or network issue)
- Error 6 indices insufficient disk space issue. Please increase disk space allocated.
- Error 7 occurs in Linux if the ulimit value is not set to maximum.
Elasticsearch log in Linux
Error specific to
/opt/searchblox/elasticsearch/logs/searchblox.log for Linux:
- max virtual memory areas vm.max_map_count  is too low, increase to at least 
Increase map count using the command:
sysctl -w vm.max_map_count=262144
Too Many Open Files
If this error is observed in index.log or status.log it is required to increase the ulimit.
- Check the ulimit using the command:
- Edit the limits.conf file using the command:
- Give the following in the file before the end of file
* soft nofile 100000 * hard nofile 100000 root soft nofile 100000 root hard nofile 100000
- Now you can check the ulimit value using the command:
- ulimit value should be 100000 or higher
- Please reboot after this change.
SearchBlox ingests and retrieves data from elasticsearch, which you can access to view the data.
To check the status of elasticsearch index, go to https://localhost:9200/_cat/indices.
Alternatively, if you use Linux versions of SearchBlox you can use the following curl command
`curl -k -u <elasticsearch-username>:<elasticsearch-password> https://localhost:9200/_cat/indices?pretty=true`
URL for accessing elasticsearch is https://localhost:9200/
If you are using a custom domain or port in elasticsearch.yml please use the relevant domain and port to access elasticsearch.
Updated 8 months ago