search

deviantony / docker-elk

The Elastic stack (ELK) powered by Docker and Compose.
MIT License
17.36k stars 6.81k forks source link

Issue when starting due to expired license #1030

Closed IanLee1521 closed 1 week ago

IanLee1521 commented 1 week ago

Problem description

Fresh clone and stand up is leading to an expired license issue:

elasticsearch-1  | {"@timestamp":"2024-11-12T22:28:06.823Z", "log.level":"ERROR", "message":"blocking [indices:monitor/stats] operation due to expired license. Cluster health, cluster stats and indices stats \noperations are blocked on license expiration. All data operations (read and write) continue to work. \nIf you have a new license, please update it. Otherwise, please reach out to your support contact.", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][scheduler][T#1]","log.logger":"org.elasticsearch.xpack.security.action.filter.SecurityActionFilter","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}

Looks like specifically: 

elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:37.085Z", "log.level": "WARN", "message":"LICENSE [EXPIRED] ON [SATURDAY, AUGUST 10, 2024].\n# IF YOU HAVE A NEW LICENSE, PLEASE UPDATE IT. OTHERWISE, PLEASE REACH OUT TO\n# YOUR SUPPORT CONTACT.\n# \n# COMMERCIAL PLUGINS OPERATING WITH REDUCED FUNCTIONALITY\n# - security\n#  - Cluster health, cluster stats and indices stats operations are blocked\n#  - All data operations (read and write) continue to work\n# - watcher\n#  - PUT / GET watch APIs are disabled, DELETE watch API continues to work\n#  - Watches execute and write to the history\n#  - The actions of the watches don't execute\n# - monitoring\n#  - The agent will stop collecting cluster and indices metrics\n# - graph\n#  - Graph explore APIs are disabled\n# - ml\n#  - Machine learning APIs are disabled\n# - logstash\n#  - Logstash will continue to poll centrally-managed pipelines\n# - beats\n#  - Beats will continue to poll centrally-managed configuration\n# - deprecation\n#  - Deprecation APIs are disabled\n# - upgrade\n#  - Upgrade API is disabled\n# - sql\n#  - SQL support is disabled\n# - enterprise_search\n#  - Search Applications, query rules and behavioral analytics will be disabled\n# - rollup\n#  - Creating and Starting rollup jobs will no longer be allowed.\n#  - Stopping/Deleting existing jobs, RollupCaps API and RollupSearch continue to function.\n# - transform\n#  - Creating, starting, updating transforms will no longer be allowed.\n#  - Stopping/Deleting existing transforms continue to function.\n# - analytics\n#  - Aggregations provided by Analytics plugin are no longer usable.\n# - ccr\n#  - Creating new follower indices will be blocked\n#  - Configuring auto-follow patterns will be blocked\n#  - Auto-follow patterns will no longer discover new leader indices\n#  - The CCR monitoring endpoint will be blocked\n#  - Existing follower indices will continue to replicate data\n# - redact_processor\n#  - Executing a redact processor in an ingest pipeline will fail.", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.license.ClusterStateLicenseService","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}

Extra information

Stack configuration

Using a fresh clone of this repo, commit 7fecf0942d873b6818011595faecb4d9bd37a948

Docker setup

$ docker version
Client:
 Version:           27.3.1
 API version:       1.47
 Go version:        go1.22.7
 Git commit:        ce12230
 Built:             Fri Sep 20 11:38:18 2024
 OS/Arch:           darwin/arm64
 Context:           desktop-linux

Server: Docker Desktop 4.35.1 (173168)
 Engine:
  Version:          27.3.1
  API version:      1.47 (minimum version 1.24)
  Go version:       go1.22.7
  Git commit:       41ca978
  Built:            Fri Sep 20 11:41:19 2024
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.7.21
  GitCommit:        472731909fa34bd7bc9c087e4c27943f9835f111
 runc:
  Version:          1.1.13
  GitCommit:        v1.1.13-0-g58aa920
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
$ docker compose version

Docker Compose version v2.29.7-desktop.1

Container logs

$ docker compose logs

### Problem description

Fresh clone and stand up is leading to an expired license issue:

elasticsearch-1 | {"@timestamp":"2024-11-12T22:28:06.823Z", "log.level":"ERROR", "message":"blocking [indices:monitor/stats] operation due to expired license. Cluster health, cluster stats and indices stats \noperations are blocked on license expiration. All data operations (read and write) continue to work. \nIf you have a new license, please update it. Otherwise, please reach out to your support contact.", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][scheduler][T#1]","log.logger":"org.elasticsearch.xpack.security.action.filter.SecurityActionFilter","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}


### Extra information

#### Stack configuration

Using a fresh clone of this repo, commit `7fecf0942d873b6818011595faecb4d9bd37a948`

#### Docker setup

```console
$ docker version
Client:
 Version:           27.3.1
 API version:       1.47
 Go version:        go1.22.7
 Git commit:        ce12230
 Built:             Fri Sep 20 11:38:18 2024
 OS/Arch:           darwin/arm64
 Context:           desktop-linux

Server: Docker Desktop 4.35.1 (173168)
 Engine:
  Version:          27.3.1
  API version:      1.47 (minimum version 1.24)
  Go version:       go1.22.7
  Git commit:       41ca978
  Built:            Fri Sep 20 11:41:19 2024
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.7.21
  GitCommit:        472731909fa34bd7bc9c087e4c27943f9835f111
 runc:
  Version:          1.1.13
  GitCommit:        v1.1.13-0-g58aa920
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
$ docker compose version

Docker Compose version v2.29.7-desktop.1

Container logs

$ docker compose logs

...snip...
kibana-1    | [2024-11-12T22:27:52.529+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] INIT -> WAIT_FOR_YELLOW_SOURCE. took: 14ms.
kibana-1    | [2024-11-12T22:27:52.530+00:00][INFO ][savedobjects-service] [.kibana] INIT -> WAIT_FOR_YELLOW_SOURCE. took: 21ms.
kibana-1    | [2024-11-12T22:27:52.531+00:00][INFO ][savedobjects-service] [.kibana_analytics] INIT -> WAIT_FOR_YELLOW_SOURCE. took: 19ms.
kibana-1    | [2024-11-12T22:27:52.532+00:00][INFO ][savedobjects-service] [.kibana_ingest] INIT -> WAIT_FOR_YELLOW_SOURCE. took: 16ms.
kibana-1    | [2024-11-12T22:27:52.533+00:00][INFO ][savedobjects-service] [.kibana_security_solution] INIT -> WAIT_FOR_YELLOW_SOURCE. took: 20ms.
kibana-1    | [2024-11-12T22:27:52.535+00:00][ERROR][savedobjects-service] [.kibana_alerting_cases] Action failed with 'security_exception
kibana-1    |   Root causes:
kibana-1    |       security_exception: current license is non-compliant for [security]'. Retrying attempt 1 in 2 seconds.
kibana-1    | [2024-11-12T22:27:52.536+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 6ms.
kibana-1    | [2024-11-12T22:27:52.537+00:00][ERROR][savedobjects-service] [.kibana] Action failed with 'security_exception
kibana-1    |   Root causes:
kibana-1    |       security_exception: current license is non-compliant for [security]'. Retrying attempt 1 in 2 seconds.
kibana-1    | [2024-11-12T22:27:52.537+00:00][INFO ][savedobjects-service] [.kibana] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 7ms.
kibana-1    | [2024-11-12T22:27:52.538+00:00][ERROR][savedobjects-service] [.kibana_analytics] Action failed with 'security_exception
kibana-1    |   Root causes:
kibana-1    |       security_exception: current license is non-compliant for [security]'. Retrying attempt 1 in 2 seconds.
kibana-1    | [2024-11-12T22:27:52.538+00:00][INFO ][savedobjects-service] [.kibana_analytics] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 7ms.
kibana-1    | [2024-11-12T22:27:52.539+00:00][ERROR][savedobjects-service] [.kibana_ingest] Action failed with 'security_exception
kibana-1    |   Root causes:
kibana-1    |       security_exception: current license is non-compliant for [security]'. Retrying attempt 1 in 2 seconds.
kibana-1    | [2024-11-12T22:27:52.539+00:00][INFO ][savedobjects-service] [.kibana_ingest] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 7ms.
kibana-1    | [2024-11-12T22:27:52.539+00:00][ERROR][savedobjects-service] [.kibana_task_manager] Action failed with 'security_exception
kibana-1    |   Root causes:
kibana-1    |       security_exception: current license is non-compliant for [security]'. Retrying attempt 1 in 2 seconds.
kibana-1    | [2024-11-12T22:27:52.539+00:00][INFO ][savedobjects-service] [.kibana_task_manager] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 13ms.
kibana-1    | [2024-11-12T22:27:52.540+00:00][ERROR][savedobjects-service] [.kibana_security_solution] Action failed with 'security_exception
kibana-1    |   Root causes:
kibana-1    |       security_exception: current license is non-compliant for [security]'. Retrying attempt 1 in 2 seconds.
kibana-1    | [2024-11-12T22:27:52.540+00:00][INFO ][savedobjects-service] [.kibana_security_solution] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 7ms.
kibana-1    | [2024-11-12T22:27:52.925+00:00][INFO ][plugins.screenshotting.chromium] Browser executable: /usr/share/kibana/node_modules/@kbn/screenshotting-plugin/chromium/headless_shell-linux_arm64/headless_shell
kibana-1    | [2024-11-12T22:27:54.550+00:00][ERROR][savedobjects-service] [.kibana] Action failed with 'security_exception
kibana-1    |   Root causes:
kibana-1    |       security_exception: current license is non-compliant for [security]'. Retrying attempt 2 in 4 seconds.
kibana-1    | [2024-11-12T22:27:54.550+00:00][INFO ][savedobjects-service] [.kibana] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 2013ms.
kibana-1    | [2024-11-12T22:27:54.551+00:00][ERROR][savedobjects-service] [.kibana_alerting_cases] Action failed with 'security_exception
kibana-1    |   Root causes:
kibana-1    |       security_exception: current license is non-compliant for [security]'. Retrying attempt 2 in 4 seconds.
kibana-1    | [2024-11-12T22:27:54.552+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 2016ms.
kibana-1    | [2024-11-12T22:27:54.553+00:00][ERROR][savedobjects-service] [.kibana_security_solution] Action failed with 'security_exception
kibana-1    |   Root causes:
kibana-1    |       security_exception: current license is non-compliant for [security]'. Retrying attempt 2 in 4 seconds.
kibana-1    | [2024-11-12T22:27:54.553+00:00][INFO ][savedobjects-service] [.kibana_security_solution] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 2013ms.
kibana-1    | [2024-11-12T22:27:54.554+00:00][ERROR][savedobjects-service] [.kibana_analytics] Action failed with 'security_exception
kibana-1    |   Root causes:
kibana-1    |       security_exception: current license is non-compliant for [security]'. Retrying attempt 2 in 4 seconds.
kibana-1    | [2024-11-12T22:27:54.554+00:00][INFO ][savedobjects-service] [.kibana_analytics] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 2016ms.
kibana-1    | [2024-11-12T22:27:54.555+00:00][ERROR][savedobjects-service] [.kibana_task_manager] Action failed with 'security_exception
kibana-1    |   Root causes:
kibana-1    |       security_exception: current license is non-compliant for [security]'. Retrying attempt 2 in 4 seconds.
kibana-1    | [2024-11-12T22:27:54.556+00:00][INFO ][savedobjects-service] [.kibana_task_manager] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 2016ms.
kibana-1    | [2024-11-12T22:27:54.556+00:00][ERROR][savedobjects-service] [.kibana_ingest] Action failed with 'security_exception
kibana-1    |   Root causes:
kibana-1    |       security_exception: current license is non-compliant for [security]'. Retrying attempt 2 in 4 seconds.
kibana-1    | [2024-11-12T22:27:54.556+00:00][INFO ][savedobjects-service] [.kibana_ingest] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 2017ms.
kibana-1    | [2024-11-12T22:27:58.264+00:00][INFO ][root] SIGTERM received - initiating shutdown
kibana-1    | [2024-11-12T22:27:58.265+00:00][INFO ][root] Kibana is shutting down
kibana-1    | [2024-11-12T22:27:58.269+00:00][INFO ][plugins-system.preboot] Stopping all plugins.
kibana-1    | [2024-11-12T22:27:58.269+00:00][INFO ][plugins-system.preboot] All plugins stopped.
kibana-1    | [2024-11-12T22:27:58.270+00:00][INFO ][plugins-system.standard] Stopping all plugins.
kibana-1    | [2024-11-12T22:27:58.271+00:00][INFO ][plugins.monitoring.monitoring.kibana-monitoring] Monitoring stats collection is stopped
kibana-1    | [2024-11-12T22:27:58.278+00:00][INFO ][plugins-system.standard] All plugins stopped.
elasticsearch-1  | Created elasticsearch keystore in /usr/share/elasticsearch/config/elasticsearch.keystore
elasticsearch-1  | Nov 12, 2024 10:27:29 PM sun.util.locale.provider.LocaleProviderAdapter <clinit>
elasticsearch-1  | WARNING: COMPAT locale provider will be removed in a future release
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:29.850Z", "log.level": "INFO", "message":"Using native vector library; to disable start with -Dorg.elasticsearch.nativeaccess.enableVectorLibrary=false", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.nativeaccess.NativeAccess","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:29.874Z", "log.level": "INFO", "message":"Using [jdk] native provider and native methods for [Linux]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.nativeaccess.NativeAccess","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:30.017Z", "log.level": "INFO", "message":"Java vector incubator API enabled; uses preferredBitSize=128; FMA enabled", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.apache.lucene.internal.vectorization.PanamaVectorizationProvider","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:30.352Z", "log.level": "INFO", "message":"version[8.15.3], pid[175], build[docker/f97532e680b555c3a05e73a74c28afb666923018/2024-10-09T22:08:00.328917561Z], OS[Linux/6.10.11-linuxkit/aarch64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/22.0.1/22.0.1+8-16]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:30.352Z", "log.level": "INFO", "message":"JVM home [/usr/share/elasticsearch/jdk], using bundled JDK [true]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:30.352Z", "log.level": "INFO", "message":"JVM arguments [-Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -Djava.security.manager=allow, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j2.formatMsgNoLookups=true, -Djava.locale.providers=SPI,COMPAT, --add-opens=java.base/java.io=org.elasticsearch.preallocate, --enable-native-access=org.elasticsearch.nativeaccess,org.apache.lucene.core, -Des.cgroups.hierarchy.override=/, -XX:ReplayDataFile=logs/replay_pid%p.log, -Djava.library.path=/usr/share/elasticsearch/lib/platform/linux-aarch64:/usr/java/packages/lib:/usr/lib64:/lib64:/lib:/usr/lib, -Djna.library.path=/usr/share/elasticsearch/lib/platform/linux-aarch64:/usr/java/packages/lib:/usr/lib64:/lib64:/lib:/usr/lib, -Des.distribution.type=docker, -XX:+UnlockDiagnosticVMOptions, -XX:G1NumCollectionsKeepPinned=10000000, -XX:+UseG1GC, -Djava.io.tmpdir=/tmp/elasticsearch-2313083597608479435, --add-modules=jdk.incubator.vector, -XX:+HeapDumpOnOutOfMemoryError, -XX:+ExitOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,level,pid,tags:filecount=32,filesize=64m, -Xms512m, -Xmx512m, -XX:MaxDirectMemorySize=268435456, -XX:G1HeapRegionSize=4m, -XX:InitiatingHeapOccupancyPercent=30, -XX:G1ReservePercent=15, --module-path=/usr/share/elasticsearch/lib, --add-modules=jdk.net, --add-modules=ALL-MODULE-PATH, -Djdk.module.main=org.elasticsearch.server]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:30.353Z", "log.level": "INFO", "message":"Default Locale [en_US]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
...snip...
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:32.485Z", "log.level": "INFO", "message":"using [1] data paths, mounts [[/usr/share/elasticsearch/data (/dev/vda1)]], net usable_space [47.1gb], net total_space [58.3gb], types [ext4]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.env.NodeEnvironment","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:32.485Z", "log.level": "INFO", "message":"heap size [512mb], compressed ordinary object pointers [true]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.env.NodeEnvironment","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:32.543Z", "log.level": "INFO", "message":"node name [elasticsearch], node ID [wrM8R2F3QEWP2wMNi_pB2Q], cluster name [docker-cluster], roles [ingest, data_frozen, ml, data_hot, transform, data_content, data_warm, master, remote_cluster_client, data, data_cold]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:34.315Z", "log.level": "INFO", "message":"using rate limit [40mb] with [default=40mb, read=0b, write=0b, max=0b]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.indices.recovery.RecoverySettings","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:34.396Z", "log.level": "INFO", "message":"Registered local node features [data_stream.auto_sharding, data_stream.lifecycle.global_retention, data_stream.rollover.lazy, desired_node.version_deprecated, esql.agg_values, esql.async_query, esql.base64_decode_encode, esql.casting_operator, esql.counter_types, esql.disable_nullable_opts, esql.from_options, esql.metadata_fields, esql.metrics_counter_fields, esql.mv_ordering_sorted_ascending, esql.mv_sort, esql.spatial_points_from_source, esql.spatial_shapes, esql.st_centroid_agg, esql.st_contains_within, esql.st_disjoint, esql.st_intersects, esql.st_x_y, esql.string_literal_auto_casting, esql.string_literal_auto_casting_extended, esql.timespan_abbreviations, features_supported, file_settings, geoip.downloader.database.configuration, health.dsl.info, health.extended_repository_indicator, knn_retriever_supported, license-trial-independent-version, mapper.index_sorting_on_nested, mapper.keyword_dimension_ignore_above, mapper.pass_through_priority, mapper.range.null_values_off_by_one_fix, mapper.source.synthetic_source_fallback, mapper.source.synthetic_source_stored_fields_advance_fix, mapper.track_ignored_source, mapper.vectors.bit_vectors, mapper.vectors.int4_quantization, rest.capabilities_action, retrievers_supported, rrf_retriever_supported, script.hamming, search.vectors.k_param_supported, security.migration_framework, security.roles_metadata_flattened, standard_retriever_supported, stats.include_disk_thresholds, text_similarity_reranker_retriever_supported, unified_highlighter_matched_fields, usage.data_tiers.precalculate_stats]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.features.FeatureService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:34.525Z", "log.level": "INFO", "message":"[controller/205] [Main.cc@123] controller (64 bit): Version 8.15.3 (Build 44a990dc4c07de) Copyright (c) 2024 Elasticsearch BV", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"ml-cpp-log-tail-thread","log.logger":"org.elasticsearch.xpack.ml.process.logging.CppLogMessageHandler","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:34.634Z", "log.level": "INFO", "message":"Sending apm metrics is disabled", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.telemetry.apm.APM","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:34.634Z", "log.level": "INFO", "message":"Sending apm tracing is disabled", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.telemetry.apm.APM","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:34.654Z", "log.level": "INFO", "message":"Security is enabled", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.security.Security","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:34.855Z", "log.level": "INFO", "message":"parsed [0] roles from file [/usr/share/elasticsearch/config/roles.yml]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.security.authz.store.FileRolesStore","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:35.081Z", "log.level": "INFO", "message":"Watcher initialized components at 2024-11-12T22:27:35.081Z", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.watcher.Watcher","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:35.122Z", "log.level": "INFO", "message":"Profiling is enabled", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.profiling.ProfilingPlugin","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:35.130Z", "log.level": "INFO", "message":"profiling index templates will not be installed or reinstalled", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.profiling.ProfilingPlugin","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:35.132Z", "log.level": "INFO", "message":"APM ingest plugin is enabled", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.apmdata.APMPlugin","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:35.153Z", "log.level": "INFO", "message":"APM index template registry is enabled", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.apmdata.APMIndexTemplateRegistry","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:35.423Z", "log.level": "INFO", "message":"creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=1mb, factors={es.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=4mb, heap_size=512mb}]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.transport.netty4.NettyAllocator","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:35.452Z", "log.level": "INFO", "message":"using discovery type [single-node] and seed hosts providers [settings]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.discovery.DiscoveryModule","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:36.060Z", "log.level": "INFO", "message":"initialized", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:36.061Z", "log.level": "INFO", "message":"starting ...", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:36.079Z", "log.level": "INFO", "message":"persistent cache index loaded", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.searchablesnapshots.cache.full.PersistentCache","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:36.079Z", "log.level": "INFO", "message":"deprecation component started", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.deprecation.logging.DeprecationIndexingComponent","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:36.127Z", "log.level": "INFO", "message":"publish_address {172.18.0.2:9300}, bound_addresses {[::]:9300}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.transport.TransportService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:36.627Z", "log.level": "WARN", "message":"Transport SSL must be enabled if security is enabled. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/8.15/bootstrap-checks-xpack.html#bootstrap-checks-tls]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.bootstrap.BootstrapChecks","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:36.627Z", "log.level": "INFO", "message":"this node is locked into cluster UUID [W0Wc4CU_Tqupykaa7g_pwQ] and will not attempt further cluster bootstrapping", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.cluster.coordination.ClusterBootstrapService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:36.760Z", "log.level": "INFO", "message":"elected-as-master ([1] nodes joined in term 13)[_FINISH_ELECTION_, {elasticsearch}{wrM8R2F3QEWP2wMNi_pB2Q}{es_rhxxFSuWjyg-Fx9yezQ}{elasticsearch}{172.18.0.2}{172.18.0.2:9300}{cdfhilmrstw}{8.15.3}{7000099-8512000} completing election], term: 13, version: 1275, delta: master node changed {previous [], current [{elasticsearch}{wrM8R2F3QEWP2wMNi_pB2Q}{es_rhxxFSuWjyg-Fx9yezQ}{elasticsearch}{172.18.0.2}{172.18.0.2:9300}{cdfhilmrstw}{8.15.3}{7000099-8512000}]}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.MasterService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:36.808Z", "log.level": "INFO", "message":"master node changed {previous [], current [{elasticsearch}{wrM8R2F3QEWP2wMNi_pB2Q}{es_rhxxFSuWjyg-Fx9yezQ}{elasticsearch}{172.18.0.2}{172.18.0.2:9300}{cdfhilmrstw}{8.15.3}{7000099-8512000}]}, term: 13, version: 1275, reason: Publication{term=13, version=1275}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.ClusterApplierService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:36.826Z", "log.level": "INFO", "message":"node-join: [{elasticsearch}{wrM8R2F3QEWP2wMNi_pB2Q}{es_rhxxFSuWjyg-Fx9yezQ}{elasticsearch}{172.18.0.2}{172.18.0.2:9300}{cdfhilmrstw}{8.15.3}{7000099-8512000}] with reason [completing election]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.coordination.NodeJoinExecutor","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:36.826Z", "log.level": "INFO", "message":"publish_address {172.18.0.2:9200}, bound_addresses {[::]:9200}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.http.AbstractHttpServerTransport","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:36.833Z", "log.level": "INFO", "message":"started {elasticsearch}{wrM8R2F3QEWP2wMNi_pB2Q}{es_rhxxFSuWjyg-Fx9yezQ}{elasticsearch}{172.18.0.2}{172.18.0.2:9300}{cdfhilmrstw}{8.15.3}{7000099-8512000}{ml.allocated_processors=12, ml.allocated_processors_double=12.0, ml.max_jvm_size=536870912, ml.config_version=12.0.0, xpack.installed=true, transform.config_version=10.0.0, ml.machine_memory=8217686016}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:36.841Z", "log.level": "INFO", "message":"updating [action.auto_create_index] from [true] to [.ent-search-*-logs-*,-.ent-search-*,+*]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.common.settings.ClusterSettings","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:37.082Z", "log.level": "INFO", "message":"license mode is [trial], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.Realms","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:37.084Z", "log.level": "WARN", "message":"license [51d2dff7-b977-401d-bc92-b645aa81bfe1] - expired", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.license.ClusterStateLicenseService","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:37.084Z", "log.level": "INFO", "message":"license [51d2dff7-b977-401d-bc92-b645aa81bfe1] mode [trial] - valid", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.license.ClusterStateLicenseService","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:37.085Z", "log.level": "WARN", "message":"LICENSE [EXPIRED] ON [SATURDAY, AUGUST 10, 2024].\n# IF YOU HAVE A NEW LICENSE, PLEASE UPDATE IT. OTHERWISE, PLEASE REACH OUT TO\n# YOUR SUPPORT CONTACT.\n# \n# COMMERCIAL PLUGINS OPERATING WITH REDUCED FUNCTIONALITY\n# - security\n#  - Cluster health, cluster stats and indices stats operations are blocked\n#  - All data operations (read and write) continue to work\n# - watcher\n#  - PUT / GET watch APIs are disabled, DELETE watch API continues to work\n#  - Watches execute and write to the history\n#  - The actions of the watches don't execute\n# - monitoring\n#  - The agent will stop collecting cluster and indices metrics\n# - graph\n#  - Graph explore APIs are disabled\n# - ml\n#  - Machine learning APIs are disabled\n# - logstash\n#  - Logstash will continue to poll centrally-managed pipelines\n# - beats\n#  - Beats will continue to poll centrally-managed configuration\n# - deprecation\n#  - Deprecation APIs are disabled\n# - upgrade\n#  - Upgrade API is disabled\n# - sql\n#  - SQL support is disabled\n# - enterprise_search\n#  - Search Applications, query rules and behavioral analytics will be disabled\n# - rollup\n#  - Creating and Starting rollup jobs will no longer be allowed.\n#  - Stopping/Deleting existing jobs, RollupCaps API and RollupSearch continue to function.\n# - transform\n#  - Creating, starting, updating transforms will no longer be allowed.\n#  - Stopping/Deleting existing transforms continue to function.\n# - analytics\n#  - Aggregations provided by Analytics plugin are no longer usable.\n# - ccr\n#  - Creating new follower indices will be blocked\n#  - Configuring auto-follow patterns will be blocked\n#  - Auto-follow patterns will no longer discover new leader indices\n#  - The CCR monitoring endpoint will be blocked\n#  - Existing follower indices will continue to replicate data\n# - redact_processor\n#  - Executing a redact processor in an ingest pipeline will fail.", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.license.ClusterStateLicenseService","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:37.085Z", "log.level": "WARN", "message":"LICENSE [EXPIRED] ON [SATURDAY, AUGUST 10, 2024].\n# IF YOU HAVE A NEW LICENSE, PLEASE UPDATE IT. OTHERWISE, PLEASE REACH OUT TO\n# YOUR SUPPORT CONTACT.\n# \n# COMMERCIAL PLUGINS OPERATING WITH REDUCED FUNCTIONALITY\n# - security\n#  - Cluster health, cluster stats and indices stats operations are blocked\n#  - All data operations (read and write) continue to work\n# - watcher\n#  - PUT / GET watch APIs are disabled, DELETE watch API continues to work\n#  - Watches execute and write to the history\n#  - The actions of the watches don't execute\n# - monitoring\n#  - The agent will stop collecting cluster and indices metrics\n# - graph\n#  - Graph explore APIs are disabled\n# - ml\n#  - Machine learning APIs are disabled\n# - logstash\n#  - Logstash will continue to poll centrally-managed pipelines\n# - beats\n#  - Beats will continue to poll centrally-managed configuration\n# - deprecation\n#  - Deprecation APIs are disabled\n# - upgrade\n#  - Upgrade API is disabled\n# - sql\n#  - SQL support is disabled\n# - enterprise_search\n#  - Search Applications, query rules and behavioral analytics will be disabled\n# - rollup\n#  - Creating and Starting rollup jobs will no longer be allowed.\n#  - Stopping/Deleting existing jobs, RollupCaps API and RollupSearch continue to function.\n# - transform\n#  - Creating, starting, updating transforms will no longer be allowed.\n#  - Stopping/Deleting existing transforms continue to function.\n# - analytics\n#  - Aggregations provided by Analytics plugin are no longer usable.\n# - ccr\n#  - Creating new follower indices will be blocked\n#  - Configuring auto-follow patterns will be blocked\n#  - Auto-follow patterns will no longer discover new leader indices\n#  - The CCR monitoring endpoint will be blocked\n#  - Existing follower indices will continue to replicate data\n# - redact_processor\n#  - Executing a redact processor in an ingest pipeline will fail.", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.license.ClusterStateLicenseService","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:37.086Z", "log.level": "INFO", "message":"starting file watcher ...", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.common.file.AbstractFileWatchingService","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:37.088Z", "log.level": "INFO", "message":"file settings service up and running [tid=69]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[file-watcher[/usr/share/elasticsearch/config/operator/settings.json]]","log.logger":"org.elasticsearch.common.file.AbstractFileWatchingService","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:37.088Z", "log.level": "INFO", "message":"setting file [/usr/share/elasticsearch/config/operator/settings.json] not found, initializing [file_settings] as empty", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[file-watcher[/usr/share/elasticsearch/config/operator/settings.json]]","log.logger":"org.elasticsearch.reservedstate.service.FileSettingsService","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:37.088Z", "log.level": "INFO", "message":"recovered [109] indices into cluster_state", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.gateway.GatewayService","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:37.319Z", "log.level": "INFO", "message":"Node [{elasticsearch}{wrM8R2F3QEWP2wMNi_pB2Q}] is selected as the current health node.", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][management][T#1]","log.logger":"org.elasticsearch.health.node.selection.HealthNodeTaskExecutor","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:37.585Z", "log.level":"ERROR", "message":"exception during geoip databases update", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][generic][T#4]","log.logger":"org.elasticsearch.ingest.geoip.GeoIpDownloader","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster","error.type":"javax.net.ssl.SSLHandshakeException","error.message":"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target","error.stack_trace":"javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\n\tat java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)\n\tat java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:378)\n\tat java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)\n\tat java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:316)\n\tat java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:651)\n\tat java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:471)\n\tat java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:367)\n\tat java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393)\n\tat java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476)\n\tat java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447)\n\tat java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)\n\tat java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)\n\tat java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1507)\n\tat java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1422)\n\tat java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)\n\tat java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)\n\tat java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:586)\n\tat java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:187)\n\tat java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1691)\n\tat java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1615)\n\tat java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:531)\n\tat java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:307)\n\tat org.elasticsearch.ingest.geoip@8.15.3/org.elasticsearch.ingest.geoip.HttpClient.lambda$get$0(HttpClient.java:96)\n\tat java.base/java.security.AccessController.doPrivileged(AccessController.java:571)\n\tat org.elasticsearch.ingest.geoip@8.15.3/org.elasticsearch.ingest.geoip.HttpClient.doPrivileged(HttpClient.java:156)\n\tat org.elasticsearch.ingest.geoip@8.15.3/org.elasticsearch.ingest.geoip.HttpClient.get(HttpClient.java:90)\n\tat org.elasticsearch.ingest.geoip@8.15.3/org.elasticsearch.ingest.geoip.HttpClient.getBytes(HttpClient.java:77)\n\tat org.elasticsearch.ingest.geoip@8.15.3/org.elasticsearch.ingest.geoip.HttpClient.getBytes(HttpClient.java:73)\n\tat org.elasticsearch.ingest.geoip@8.15.3/org.elasticsearch.ingest.geoip.GeoIpDownloader.fetchDatabasesOverview(GeoIpDownloader.java:167)\n\tat org.elasticsearch.ingest.geoip@8.15.3/org.elasticsearch.ingest.geoip.GeoIpDownloader.updateDatabases(GeoIpDownloader.java:150)\n\tat org.elasticsearch.ingest.geoip@8.15.3/org.elasticsearch.ingest.geoip.GeoIpDownloader.runDownloader(GeoIpDownloader.java:293)\n\tat org.elasticsearch.ingest.geoip@8.15.3/org.elasticsearch.ingest.geoip.GeoIpDownloaderTaskExecutor.nodeOperation(GeoIpDownloaderTaskExecutor.java:162)\n\tat org.elasticsearch.ingest.geoip@8.15.3/org.elasticsearch.ingest.geoip.GeoIpDownloaderTaskExecutor.nodeOperation(GeoIpDownloaderTaskExecutor.java:61)\n\tat org.elasticsearch.server@8.15.3/org.elasticsearch.persistent.NodePersistentTasksExecutor$1.doRun(NodePersistentTasksExecutor.java:34)\n\tat org.elasticsearch.server@8.15.3/org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:984)\n\tat org.elasticsearch.server@8.15.3/org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:26)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)\n\tat java.base/java.lang.Thread.run(Thread.java:1570)\nCaused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\n\tat java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:388)\n\tat java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:271)\n\tat java.base/sun.security.validator.Validator.validate(Validator.java:256)\n\tat java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:230)\n\tat java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)\n\tat java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:635)\n\t... 34 more\nCaused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\n\tat java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148)\n\tat java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129)\n\tat java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)\n\tat java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:383)\n\t... 39 more\n"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:38.802Z", "log.level": "INFO",  "current.health":"GREEN","message":"Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[.apm-source-map][0]]]).","previous.health":"RED","reason":"shards started [[.apm-source-map][0]]" , "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:41.400Z", "log.level": "INFO", "message":"updated role [heartbeat_writer]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][management][T#3]","log.logger":"org.elasticsearch.xpack.security.action.role.TransportPutRoleAction","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:41.421Z", "log.level": "INFO", "message":"updated role [metricbeat_writer]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][management][T#3]","log.logger":"org.elasticsearch.xpack.security.action.role.TransportPutRoleAction","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:41.440Z", "log.level": "INFO", "message":"updated role [filebeat_writer]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][management][T#3]","log.logger":"org.elasticsearch.xpack.security.action.role.TransportPutRoleAction","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:41.465Z", "log.level": "INFO", "message":"updated role [logstash_writer]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][management][T#3]","log.logger":"org.elasticsearch.xpack.security.action.role.TransportPutRoleAction","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:52.528Z", "log.level":"ERROR", "message":"blocking [cluster:monitor/health] operation due to expired license. Cluster health, cluster stats and indices stats \noperations are blocked on license expiration. All data operations (read and write) continue to work. \nIf you have a new license, please update it. Otherwise, please reach out to your support contact.", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][transport_worker][T#1]","log.logger":"org.elasticsearch.xpack.security.action.filter.SecurityActionFilter","trace.id":"11b3717933648c2c894dd907a447687d","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:52.530Z", "log.level":"ERROR", "message":"blocking [cluster:monitor/health] operation due to expired license. Cluster health, cluster stats and indices stats \noperations are blocked on license expiration. All data operations (read and write) continue to work. \nIf you have a new license, please update it. Otherwise, please reach out to your support contact.", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][transport_worker][T#6]","log.logger":"org.elasticsearch.xpack.security.action.filter.SecurityActionFilter","trace.id":"11b3717933648c2c894dd907a447687d","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:52.531Z", "log.level":"ERROR", "message":"blocking [cluster:monitor/health] operation due to expired license. Cluster health, cluster stats and indices stats \noperations are blocked on license expiration. All data operations (read and write) continue to work. \nIf you have a new license, please update it. Otherwise, please reach out to your support contact.", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][transport_worker][T#3]","log.logger":"org.elasticsearch.xpack.security.action.filter.SecurityActionFilter","trace.id":"11b3717933648c2c894dd907a447687d","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:52.532Z", "log.level":"ERROR", "message":"blocking [cluster:monitor/health] operation due to expired license. Cluster health, cluster stats and indices stats \noperations are blocked on license expiration. All data operations (read and write) continue to work. \nIf you have a new license, please update it. Otherwise, please reach out to your support contact.", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][transport_worker][T#4]","log.logger":"org.elasticsearch.xpack.security.action.filter.SecurityActionFilter","trace.id":"11b3717933648c2c894dd907a447687d","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:52.533Z", "log.level":"ERROR", "message":"blocking [cluster:monitor/health] operation due to expired license. Cluster health, cluster stats and indices stats \noperations are blocked on license expiration. All data operations (read and write) continue to work. \nIf you have a new license, please update it. Otherwise, please reach out to your support contact.", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][transport_worker][T#7]","log.logger":"org.elasticsearch.xpack.security.action.filter.SecurityActionFilter","trace.id":"11b3717933648c2c894dd907a447687d","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:52.534Z", "log.level":"ERROR", "message":"blocking [cluster:monitor/health] operation due to expired license. Cluster health, cluster stats and indices stats \noperations are blocked on license expiration. All data operations (read and write) continue to work. \nIf you have a new license, please update it. Otherwise, please reach out to your support contact.", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][transport_worker][T#5]","log.logger":"org.elasticsearch.xpack.security.action.filter.SecurityActionFilter","trace.id":"11b3717933648c2c894dd907a447687d","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:54.544Z", "log.level":"ERROR", "message":"blocking [cluster:monitor/health] operation due to expired license. Cluster health, cluster stats and indices stats \noperations are blocked on license expiration. All data operations (read and write) continue to work. \nIf you have a new license, please update it. Otherwise, please reach out to your support contact.", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][transport_worker][T#5]","log.logger":"org.elasticsearch.xpack.security.action.filter.SecurityActionFilter","trace.id":"11b3717933648c2c894dd907a447687d","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:54.545Z", "log.level":"ERROR", "message":"blocking [cluster:monitor/health] operation due to expired license. Cluster health, cluster stats and indices stats \noperations are blocked on license expiration. All data operations (read and write) continue to work. \nIf you have a new license, please update it. Otherwise, please reach out to your support contact.", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][transport_worker][T#4]","log.logger":"org.elasticsearch.xpack.security.action.filter.SecurityActionFilter","trace.id":"11b3717933648c2c894dd907a447687d","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:54.544Z", "log.level":"ERROR", "message":"blocking [cluster:monitor/health] operation due to expired license. Cluster health, cluster stats and indices stats \noperations are blocked on license expiration. All data operations (read and write) continue to work. \nIf you have a new license, please update it. Otherwise, please reach out to your support contact.", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][transport_worker][T#7]","log.logger":"org.elasticsearch.xpack.security.action.filter.SecurityActionFilter","trace.id":"11b3717933648c2c894dd907a447687d","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:54.545Z", "log.level":"ERROR", "message":"blocking [cluster:monitor/health] operation due to expired license. Cluster health, cluster stats and indices stats \noperations are blocked on license expiration. All data operations (read and write) continue to work. \nIf you have a new license, please update it. Otherwise, please reach out to your support contact.", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][transport_worker][T#3]","log.logger":"org.elasticsearch.xpack.security.action.filter.SecurityActionFilter","trace.id":"11b3717933648c2c894dd907a447687d","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:54.545Z", "log.level":"ERROR", "message":"blocking [cluster:monitor/health] operation due to expired license. Cluster health, cluster stats and indices stats \noperations are blocked on license expiration. All data operations (read and write) continue to work. \nIf you have a new license, please update it. Otherwise, please reach out to your support contact.", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][transport_worker][T#6]","log.logger":"org.elasticsearch.xpack.security.action.filter.SecurityActionFilter","trace.id":"11b3717933648c2c894dd907a447687d","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
elasticsearch-1  | {"@timestamp":"2024-11-12T22:27:54.545Z", "log.level":"ERROR", "message":"blocking [cluster:monitor/health] operation due to expired license. Cluster health, cluster stats and indices stats \noperations are blocked on license expiration. All data operations (read and write) continue to work. \nIf you have a new license, please update it. Otherwise, please reach out to your support contact.", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][transport_worker][T#1]","log.logger":"org.elasticsearch.xpack.security.action.filter.SecurityActionFilter","trace.id":"11b3717933648c2c894dd907a447687d","elasticsearch.cluster.uuid":"W0Wc4CU_Tqupykaa7g_pwQ","elasticsearch.node.id":"wrM8R2F3QEWP2wMNi_pB2Q","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
...snip...
antoineco commented 1 week ago

Here is the section of the README in which the solution is provided: How to disable paid features

The license can be reverted to "basic" as follows:

curl -X POST 'http://localhost:9200/_license/start_basic?acknowledge=true' -u 'elastic:mypassword'
antoineco commented 1 week ago

Another option is to wipe all your old data and start fresh using docker compose down -v (-v for "volumes").

IanLee1521 commented 1 week ago

I did wipe everything, cleaned out all the old containers, manually deleted all my images, etc.

Disabling paid features is an option, but I'd actually prefer to actually leave them there.

antoineco commented 1 week ago

Removing containers doesn't remove your Elasticsearch persistent data. You started a stack on that machine in July and did not wipe the data volume, so that data is still stored on your machine.

LICENSE [EXPIRED] ON [SATURDAY, AUGUST 10, 2024]

...log message continued

> IF YOU HAVE A NEW LICENSE, PLEASE UPDATE IT. OTHERWISE, PLEASE REACH OUT TO > YOUR SUPPORT CONTACT. > > COMMERCIAL PLUGINS OPERATING WITH REDUCED FUNCTIONALITY > - security > - Cluster health, cluster stats and indices stats operations are blocked > - All data operations (read and write) continue to work > - watcher > - PUT / GET watch APIs are disabled, DELETE watch API continues to work > - Watches execute and write to the history > - The actions of the watches don't execute > - monitoring > - The agent will stop collecting cluster and indices metrics > - graph > - Graph explore APIs are disabled > - ml > - Machine learning APIs are disabled > - logstash > - Logstash will continue to poll centrally-managed pipelines > - beats > - Beats will continue to poll centrally-managed configuration > - deprecation > - Deprecation APIs are disabled > - upgrade > - Upgrade API is disabled > - sql > - SQL support is disabled > - enterprise_search > - Search Applications, query rules and behavioral analytics will be disabled > - rollup > - Creating and Starting rollup jobs will no longer be allowed. > - Stopping/Deleting existing jobs, RollupCaps API and RollupSearch continue to function. > - transform > - Creating, starting, updating transforms will no longer be allowed. > - Stopping/Deleting existing transforms continue to function. > - analytics > - Aggregations provided by Analytics plugin are no longer usable. > - ccr > - Creating new follower indices will be blocked > - Configuring auto-follow patterns will be blocked > - Auto-follow patterns will no longer discover new leader indices > - The CCR monitoring endpoint will be blocked > - Existing follower indices will continue to replicate data > - redact_processor > - Executing a redact processor in an ingest pipeline will fail.

Paid features need to be paid for to Elastic by acquiring a software license. (We are not affiliated in any way with the company.) The trial period for paid features expires after 30 days.

IanLee1521 commented 1 week ago

Ah, you are correct. Thank you much for helping with that! User error on my part.