From 5f9397edb7c135c2759c151806cf504693377eaf Mon Sep 17 00:00:00 2001
From: blacktop <blacktop@users.noreply.github.com>
Date: Sat, 24 Nov 2018 11:20:37 -0500
Subject: [PATCH] update README

---
 README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index be27e334..1805d625 100644
--- a/README.md
+++ b/README.md
@@ -121,13 +121,15 @@ docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
 
 ### Known Issues :warning:
 
+#### If you are having issues with `malice` connecting/writting to `elasticsearch` please see the following:
+
 I have noticed when running the new **5.0+** version of [malice/elasticsearch](https://github.com/maliceio/elasticsearch) on a linux host you need to increase the memory map areas with the following command
 
 ```bash
 sudo sysctl -w vm.max_map_count=262144
 ```
 
-Elasticsearch requires at least **4GB** of RAM to run. You can lower it to **2GB** by running the following _(**before running a scan**)_:
+Elasticsearch requires a **LOT** of RAM to run smoothly. You can lower it to **2GB** by running the following _(**before running a scan**)_:
 
 ```bash
 $ docker run -d \