Cluster setup with ELK 5.0.1

I was trying to create a cluster with 3 nodes having ELK 5.0 on Redhat server

The following are the steps which I have followed:

• I have used Ansible and Tinc VPN for security purpose.

• Binded to my VPN IP (, and in /etc/elasticsearch/elasticsearch.yml by editing the to my VPN interface name “tun0”
as [tun0, local].

• Set cluster name and node name for each node, but when I am trying to start the service elasticsearch it is getting locked by showing the error, but when I am editing the with localhost its working fine.

These are the logs for Elasticsearch, please have a look at it.

[2016-11-18T12:03:11,258][INFO ][o.e.n.Node ] [node03] stopping ...
[2016-11-18T12:03:13,075][INFO ][o.e.n.Node ] [node03] stopped
[2016-11-18T12:03:13,076][INFO ][o.e.n.Node ] [node03] closing ...
[2016-11-18T12:03:13,338][INFO ][o.e.n.Node ] [node03] closed
[2016-11-18T12:03:24,081][WARN ][o.e.b.JNANatives ] unable to install syscall filter:
java.lang.UnsupportedOperationException: seccomp unavailable: CONFIG_SECCOMP not compiled into kernel, CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed
at org.elasticsearch.bootstrap.Seccomp.linuxImpl( ~[elasticsearch-5.0.0.jar:5.0.0]
at org.elasticsearch.bootstrap.Seccomp.init( ~[elasticsearch-5.0.0.jar:5.0.0]
at org.elasticsearch.bootstrap.JNANatives.trySeccomp( [elasticsearch-5.0.0.jar:5.0.0]
at org.elasticsearch.bootstrap.Natives.trySeccomp( [elasticsearch-5.0.0.jar:5.0.0]
at org.elasticsearch.bootstrap.Bootstrap.initializeNatives( [elasticsearch-5.0.0.jar:5.0.0]
at org.elasticsearch.bootstrap.Bootstrap.setup( [elasticsearch-5.0.0.jar:5.0.0]
at org.elasticsearch.bootstrap.Bootstrap.init( [elasticsearch-5.0.0.jar:5.0.0]
at org.elasticsearch.bootstrap.Elasticsearch.init( [elasticsearch-5.0.0.jar:5.0.0]
at org.elasticsearch.bootstrap.Elasticsearch.execute( [elasticsearch-5.0.0.jar:5.0.0]
at org.elasticsearch.cli.SettingCommand.execute( [elasticsearch-5.0.0.jar:5.0.0]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling( [elasticsearch-5.0.0.jar:5.0.0]
at org.elasticsearch.cli.Command.main( [elasticsearch-5.0.0.jar:5.0.0]
at org.elasticsearch.bootstrap.Elasticsearch.main( [elasticsearch-5.0.0.jar:5.0.0]
at org.elasticsearch.bootstrap.Elasticsearch.main( [elasticsearch-5.0.0.jar:5.0.0]
max number of threads [1024] for user [elasticsearch] likely too low, increase to at least [2048]
[2016-11-18T12:03:33,569][INFO ][o.e.n.Node ] [node03] stopping ...
[2016-11-18T12:03:33,624][INFO ][o.e.n.Node ] [node03] stopped
[2016-11-18T12:03:33,625][INFO ][o.e.n.Node ] [node03] closing ...
[2016-11-18T12:03:33,649][INFO ][o.e.n.Node ] [node03] closed

But when I tried the same with elasticsearch 2.3.5 it worked,please can anyone let me know what is the problem.
[This is the link which I followed for clustering]


I suppose ES 2.3.5 doesn't require CONFIG_SECCOMP or care about the max number of threads.

Can you please let me know that is there any solution, if we need to do it on ELK 5.0.

I tried the same (clustering) with latest version 5.0.2, thinking that the bug might have been solved but the issue is same, can someone please help me to solve the same.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.