Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
aebadi
Staff
Staff

Created on ‎01-18-2023 09:44 PM Edited on ‎06-11-2025 11:34 AM By Staff

Article Id 243281

Troubleshooting Tip: High root disk usage on collector due to clickhouse service

Description

This article provides the steps to free up space consumed by the clickhouse service on the root partition of the FortiSIEM collector.
Scope FortiSIEM Collector v6.5.0, v7.1.0, v7.1.3, v7.1.4, v7.1.6, v7.2.5, v7.2.6.
Solution
  1. Run the following command first to know if the disk usage is due to clickhouse directories (/var/lib/clickhouse and /var/log/clickhouse-server).

    du --max-depth=4 -xh / | sort -hr | head -n 20

  2. Stop and disable clickhouse-server service:

    systemctl stop clickhouse-server.service
    systemctl disable clickhouse-server.service

  3. Remove clickhouse data:

    rm -rf /var/log/clickhouse-server/
    rm -rf /var/lib/clickhouse/
1975
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.