## **Logs**
SearchBlox provides multiple logs for troubleshooting and monitoring. The log files are available in `
<SEARCHBLOX_INSTALLATION_PATH>/webapps/ROOT/logs`index.log (crawler indexing activities)
query.log (search queries)
status.log (startup, status, errors, warnings and license/IP address issues)
es.log (elasticsearch activities)
auth.log (user login in admin dashboard)
activity.log (creation- and deletion-related activities for collections)
parameter.log (parameters)
user.log (users added/deleted/modified)
securesearch.log (logs related to secure search)
pretext.log (logs related to pretext activities)
Elasticsearch and status logs are rotated daily and are not deleted.
Index, query, and other logs are rotated daily and deleted after every fourteen days.
SearchBlox service-related activities can be found the wrapper.log in `
../services/log`To turn off logging for searchblox.log follow the below configuration:
In Windows: Go to `<installation-folder>/service/service.xml` file. Edit the below configuration by updating `<log mode="roll-by-time">` to `**<log mode="OFF">**`
In Linux: Go to `<installation-folder>/bin/start.sh` file and update below command as shown:
`**eval java $JAVA_OPTS -jar start.jar \ &**`
**Note**: _Once you make the change please stop and start SearchBlox to take effect._
## **Log Files for Monitoring**
The following log files are recommended for monitoring:
`<SEARCHBLOX_INSTALLATION_PATH>/webapps/ROOT/logs/status.log`
`<SEARCHBLOX_INSTALLATION_PATH>/webapps/ROOT/logs/es.log`
**Linux path**
`/opt/searchblox/webapps/ROOT/logs`
**Windows path**
`C:/SearchbloxServer/webapps/ROOT/logs`
## **Error Messages Within the Logs**
### Terms/errors to be monitored in the application log files
The status.log and es.log files can be monitored for the following errors:
gc overhead limit exceeded (memory issue)
OutOfMemoryError
java.lang.OutOfMemoryError: Java heap space
java.lang.OutOfMemoryError: PermGen space
shutdown or Shutdown
high disk watermark [*] exceeded
Too many open files
### Possible Causes
Errors 1 - 4 are due to insufficient RAM. Please increase memory allocation and restart.
Error 5 indicates shutdown (reasons could be memory or disk issue or network issue)
Error 6 indices insufficient disk space issue. Please increase disk space allocated.
Error 7 occurs in Linux if the ulimit value is not set to maximum.
## **Troubleshooting**
### Elasticsearch log in Linux
Error specific to `/opt/searchblox/elasticsearch/logs/searchblox.log` for Linux:
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
**Resolution:**
Increase map count using the command:
`sysctl -w vm.max_map_count=262144`
### Too Many Open Files
If this error is observed in index.log or status.log it is required to increase the ulimit.
Check the ulimit using the command: `
ulimit -n`Edit the limits.conf file using the command: `
vi /etc/security/limits.conf`Give the following in the file before the end of file
Now you can check the ulimit value using the command: `
ulimit -n`ulimit value should be 100000 or higher
Please reboot after this change.
## **Elasticsearch Indices**
SearchBlox ingests and retrieves data from elasticsearch, which you can access to view the data.
To check the status of elasticsearch index, go to https://localhost:9200/_cat/indices.
Alternatively, if you use Linux versions of SearchBlox you can use the following curl command
Important Information:
URL for accessing elasticsearch is https://localhost:9200/ If you are using a custom domain or port in elasticsearch.yml please use the relevant domain and port to access elasticsearch.