From 89bfc38118e3fd0608a3fbfb88c638de7fe2245d Mon Sep 17 00:00:00 2001
From: Marco Ochse <t3chn0m4g3@users.noreply.github.com>
Date: Mon, 20 Dec 2021 15:03:56 +0100
Subject: [PATCH] Created T-Pot, RAM and Elastic Stack (markdown)

---
 T-Pot,-RAM-and-Elastic-Stack.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 T-Pot,-RAM-and-Elastic-Stack.md

diff --git a/T-Pot,-RAM-and-Elastic-Stack.md b/T-Pot,-RAM-and-Elastic-Stack.md
new file mode 100644
index 0000000..2da1a35
--- /dev/null
+++ b/T-Pot,-RAM-and-Elastic-Stack.md
@@ -0,0 +1,14 @@
+With the latest Elastic Stack (7.16+) having 16GB of RAM for T-Pot is probably the best choice for all of the Elastic Tools to run and start up without any errors.
+However, not every one has the option for 16GB of RAM. You can adjust `/opt/tpot/etc/tpot.yml` to limit the Elastic RAM usage.
+
+It is assumed you make all the changes as root (`sudo su -`)
+1. Stop T-Pot (`sytemctl stop tpot`)
+2. `vi /opt/tpot/etc/tpot.yml`
+3. Search for `Elasticsearch service` and adjust the following lines to your needs (uncommenting should be enough in most cases):
+```
+#     - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
+#    mem_limit: 4g
+```
+4. Save and `reboot`.
+
+Limiting RAM might have a negative impact on your Elastic Stack performance, especially if you want to run queries for a large timeframe.
\ No newline at end of file