Issue: When the Elasticsearch nodes are down or when the disk space in all the Elasticsearch nodes are almost full, Collector Manager displays the following error in the logs:
|SEVERE|I/O dispatcher 21|esecurity.ccs.comp.event.visualization.EventVisualizationProcessor$3.onFailure
Failed to forward <number> events in this batch, copying back to persist queue
As a result, Collector Manager starts buffering events and eventually may result in memory dump issue on the Collector Manager.
Fix: Perform any of the following:
Ensure that all the nodes are up and running.
Increase the disk space in Elasticsearch nodes.
Add additional nodes in the Elasticsearch cluster.