Error activating rule

saudmajed99 · August 14, 2023, 10:28am

Hi there,

We have faced the issue when activated the rule and the appear this Error
Alert type siem.signals is disabled because your basic license has expired
My version ELK: 7.17.8
Basic license

can you hlep me ?

vitaliidm · August 15, 2023, 12:47pm

Hi @saudmajed99 , welcome to Elastic community!

I suspect your basic license might not be active at the moment.

Can you please run this API call Get license API | Elasticsearch Guide [7.17] | Elastic and check the status of the license.

Here is an example response from that API call

{
  "license" : {
    "status" : "active",
    "uid" : "cbff45e7-c553-41f7-ae4f-9205eabd80xx",
    "type" : "trial",
    "issue_date" : "2018-10-20T22:05:12.332Z",
    "issue_date_in_millis" : 1540073112332,
    "expiry_date" : "2018-11-19T22:05:12.332Z",
    "expiry_date_in_millis" : 1542665112332,
    "max_nodes" : 1000,
    "issued_to" : "test",
    "issuer" : "elasticsearch",
    "start_date_in_millis" : -1
  }
}

Please, do not share here any sensitive information(issued, uid, etc). Just let us know what the status and type properties are from that response.

If it happen, status is not active and type is "basic" you can try to run this API: Get basic status API | Elasticsearch Guide [7.17] | Elastic

And after try to start basic license by using this API: Start basic API | Elasticsearch Guide [7.17] | Elastic, as I was advised by relevant team.

I hope, that would help to resolve your issue
Thanks, Vitalii

saudmajed99 · August 15, 2023, 1:03pm

Hi vitalii

How to check license from server ELK

vitaliidm · August 15, 2023, 1:21pm

you can run queries either in Kibana dev console Run Elasticsearch API requests | Kibana Guide [7.17] | Elastic

or copy query as curl from API page

It will target ES host. You will need just put there through setting correct url and username or edit it manually

saudmajed99 · August 15, 2023, 1:43pm

Ok, I did result not active then used this command

GET /_license/basic_status

response: "eligible_to_start_basic" : false

can you help me the solve issue

TimV · August 21, 2023, 6:42am

It looks like something very strange is going on with your cluster's license

Can you provide the details from the GET /_license API call that @vitaliidm directed you to?

We need to see the actual response in order to be able to recommend next steps.

system · September 18, 2023, 6:43am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
"Your trial license is expired" Elasticsearch	5	2377	March 20, 2020
[security_exception] current license is non-compliant for [security], with { license.expired.feature="security" } Elasticsearch	3	38980	September 16, 2017
License Expiry issue in Elasticsearch 7.10.2 Elasticsearch	2	1411	February 20, 2021
Your trial license is expired help Elasticsearch docker	8	1107	February 26, 2023
License is expired Elasticsearch license	5	519	June 28, 2021

Error activating rule

Related Topics