Error 'java.lang.OutOfMemoryError: Java heap space' occurs when handling large incidents from an Endpoint Data at Rest discover scan. You may also see another variant of this error - 'java.lang.OutOfMemory gc overhead limit exceeded'.
Note - Depending on each service's current java heap settings and the actual size of the .IDC files being processed, you may not see OutOfMemory errors in all of the services listed below:
SEVERE: Stack array is empty. The following exception does not have a proper stack trace.
java.lang.Exception: java.lang.OutOfMemoryError: Java heap space
com.vontu.util.jdbc.DatabaseRuntimeException: java.sql.SQLRecoverableException: ORA-01034: ORACLE not available
ORA-27102: out of memory
The incidents being persisted exceed the max Java heap size allocated to the affected services.
In order to accommodate very large incident files, you will have to increase the Java max heap sizes for the affected DLP services, and the Oracle database server memory_target to a point that the large .IDC files can be persisted. How high you have to go on each of these is dependent on the size of the .IDC files being received, and the rate at which they are being received by the Endpoint Detection Server and Detection Server Controller Service (MonitorController). For IncidentPersister, both the size, and number of threads being utilized to persist incidents (Enforce, IncidentPersister.properties, persister.threadPoolSize parameter) affects how high the max heap size needs to be:
See also: Error 'java.lang.OutOfMemoryError at java.io.ByteArrayOutputStream.hugeCapacity' when persisting large incidents over 2GB
See also: Guidelines for tuning Symantec Data Loss Prevention to scan large files
See also: Enforce Shows System Event Code 1818 - "Incident is oversized"
Endpoint Discover Notes