'syscall filter' error in Windows 7

pradeeptp · January 21, 2016, 3:59pm

I have windows 7 operating system. I am new to Elasticsearch.

I downloaded the latest version of the Elasticsearch today and when I start the 'elasticsearch.bat' file, I get the error message is "unable to install syscall filter: syscall filtering not supported for OS: 'Windows 7'". This is followed by a lot of error message which I am pasting here. I could not find any help on internet related to this error.

[2016-01-21 16:55:55,860][WARN ][bootstrap ] unable to install syscall filter: syscall filtering not supported for OS: 'Windows 7'
[2016-01-21 16:55:56,121][INFO ][node ] [PKSearch1] version[2.1.1], pid[9008], build[40e2c53/2015-12-15T13:05:55Z]
[2016-01-21 16:55:56,122][INFO ][node ] [PKSearch1] initializing ...
[2016-01-21 16:55:56,221][INFO ][plugins ] [PKSearch1] loaded [], sites []
[2016-01-21 16:55:56,240][INFO ][env ] [PKSearch1] using [1] data paths, mounts [[Local Disk (D:)]], net usable_space [10.7gb], net total_space [193.4gb], spins? [unknown], types [NTFS]
[2016-01-21 16:55:58,183][INFO ][node ] [PKSearch1] initialized
[2016-01-21 16:55:58,184][INFO ][node ] [PKSearch1] starting ...
[2016-01-21 16:55:58,247][INFO ][transport ] [PKSearch1] publish_address {127.0.0.1:9300}, bound_addresses {127.0.0.1:9300}
[2016-01-21 16:55:58,254][INFO ][discovery ] [PKSearch1] My-Cluster-Dev/QUUs0uqvSASVUBVBL5Rhog
[2016-01-21 16:56:02,299][INFO ][cluster.service ] [PKSearch1] new_master {PKSearch1}{QUUs0uqvSASVUBVBL5Rhog}{127.0.0.1}{127.0.0.1:9300}, reason: zen-d
isco-join(elected_as_master, [0] joins received)
[2016-01-21 16:56:02,323][INFO ][http ] [PKSearch1] publish_address {127.0.0.1:9200}, bound_addresses {127.0.0.1:9200}
[2016-01-21 16:56:02,324][INFO ][node ] [PKSearch1] started
[2016-01-21 16:56:02,427][INFO ][gateway ] [PKSearch1] recovere
d [1] indices into cluster_state
[2016-01-21 16:56:32,331][WARN ][cluster.routing.allocation.decider] [PKSearch1]
high disk watermark [90%] exceeded on [QUUs0uqvSASVUBVBL5Rhog][PKSearch1][D:\El
asticSearch\data\My-Cluster-Dev\nodes\0] free: 10.7gb[5.5%], shards will be
relocated away from this node
[2016-01-21 16:56:32,333][INFO ][cluster.routing.allocation.decider] [PKSearch1]
rerouting shards: [high disk watermark exceeded on one or more nodes]
[2016-01-21 16:57:02,356][WARN ][cluster.routing.allocation.decider] [PKSearch1]
high disk watermark [90%] exceeded on [QUUs0uqvSASVUBVBL5Rhog][PKSearch1][D:\El
asticSearch\data\My-Cluster-Dev\nodes\0] free: 10.7gb[5.5%], shards will be
relocated away from this node

jasontedor · January 21, 2016, 5:34pm

The system call filtering message is not an error, it's a warning. Note that a few lines later Elasticsearch does start up successfully:

[2016-01-21 16:56:02,324][INFO ][node ] [PKSearch1] started

It is odd that you're seeing this warning though. Elasticsearch detects the OS at start up by inspecting the system property "os.name" which the warning message indicates is "Windows 7". This should be detected as "Windows" where Elasticsearch can install system call filtering. Can you share the response of a GET request against localhost:9200/_nodes/os?pretty=true (since you're on Windows, just hit it in a browser; this is assuming that your Elasticsearch instance is listening for HTTP requests on localhost port 9200)?

The vast majority of the logs that you pasted are not error messages, they are just info about the node as it starts up.

The later warning that you see in the logs about high disk watermark indicate that you do not have a lot of disk space free on your system; this is important for the allocation service. To address you can either free up some disk space, or increase the high watermark.

pradeeptp · January 22, 2016, 8:17am

hi Jason,

I am pasting the output of the http://localhost:9200/_nodes/os?pretty=1 below. The elasticsearch folder on my laptop is on D: drive, which has 10 GB Free space. Can you please let me know, how much free space is required by Elasticsearch to get rid of this warning message. Can you also please confirm that Elasticsearch server is running fine if I ignore these warnings?. Thanks!

{
"cluster_name" : "My-Cluster-Dev",
"nodes" : {
"b57Gr4c7TBuIAAuQq0BgEQ" : {
"name" : "PKSearch1",
"transport_address" : "127.0.0.1:9300",
"host" : "127.0.0.1",
"ip" : "127.0.0.1",
"version" : "2.1.1",
"build" : "40e2c53",
"http_address" : "127.0.0.1:9200",
"os" : {
"refresh_interval_in_millis" : 1000,
"name" : "Windows 7",
"arch" : "amd64",
"version" : "6.1",
"available_processors" : 4,
"allocated_processors" : 4
}
}
}
}

jasontedor · January 23, 2016, 3:27pm

The low disk watermark and the high disk watermark are the relevant settings. These are 85% and 90%, respectively. If you have less space than that free you will see warnings.

I can not confirm it because it's not correct. These watermarks are in place for a reason; running a server (the Elasticsearch process) that is storing data with low disk space is a risky proposition and I can not confirm that it is okay.

PhaedrusTheGreek · June 1, 2016, 8:46pm

Also seeing this warning on Server 2012 R2

[2016-06-01 19:32:48,151][WARN ][bootstrap ] unable to install syscall filter: syscall filtering not supported for OS: 'Windows Server 2012 R2'

Is this not expected? @jasontedor

jasontedor · June 7, 2016, 4:14pm

seccomp support for Windows was not added until version 2.2.0. Earlier versions in the 2.x series of Elasticsearch will produce that warning message.