Briefly, this error occurs when you’re using a trial license of Elasticsearch and you haven’t explicitly enabled security. Elasticsearch requires security to be enabled for trial licenses to ensure data protection. To resolve this issue, you can enable security by setting “xpack.security.enabled” to true in the elasticsearch.yml configuration file. Also, ensure to configure the built-in users (like elastic, kibana etc.) and TLS/SSL for inter-node communication for a secure setup.
This guide will help you check for common problems that cause the log ” Security must be explicitly enabled when using a trial license. ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: filter, license, plugin.
Overview
When a query is executed, Elasticsearch by default calculates the relevance score of the matching documents. But in some conditions, it does not require scores to be calculated. For instance, if a document falls in the range of two given timestamps or if a document contains a given list of tags. For all these Yes/No criteria, also known as structured search, a filter clause is used.
When it is not desired or not necessary to compute scores, filters should be used instead of queries, as frequently used filters can be cached automatically by Elasticsearch to improve performance.
There are multiple ways to specify filters, such as when using the `filter` and `must_not` parameters of the `bool` query, the `filter` parameter of the `constant_score` query or the `filter` aggregation.
What it is used for
When a query is executed, Elasticsearch by default calculates the relevance score of the matching documents. But in some conditions it does not require scores to be calculated, for instance if a document falls in the range of two given timestamps. For all these Yes/No criteria, a filter clause is used.
Examples
To return all the documents of a given index that fall between a date range, we can use the `range` filter, as shown below:
GET my_index/_search { "query": { "bool": { "filter": [ { "range": { "created_at": { "gte": "2020-01-01", "lte": "2020-01-10" } } } ] } } }
To retrieve all the documents that contain at least one tag from a given list, we can use the `terms` filter, as shown below:
GET my_index/_search { "query": { "bool": { "filter": [ { "terms": { "tags": ["tag1", "tag2", "tag3"] } } ] } } }
To retrieve all the documents that contain a given field having a non-null value, we can use the `exists` filter, as shown below:
GET my_index/_search { "query": { "bool": { "filter": [ { "exists": { "field": "field_name" } } ] } } }
There are many other filters that we can use in order to reduce the document set that needs to be scored, such as `fuzzy`, `prefix`, `wildcard`, `regexp`, `script`, and many more.
It is also worth noting that filters can be combined since the `bool/filter` and `bool/must_not` parameters are arrays. In the example below, we retrieve all documents falling within a data range, containing a list of tags and not having a specific field:
GET my_index/_search { "query": { "bool": { "filter": [ { "range": { "created_at": { "gte": "2020-01-01", "lte": "2020-01-10" } } }, { "terms": { "tags": ["tag1", "tag2", "tag3"] } } ], "must_not": [ { "exists": { "field": "field_name" } } ] } } }
Notes
- Queries are used to find out how relevant a document is to a particular query by calculating a score for each document, whereas filters are used to match certain criteria and are cacheable to enable faster execution.
- Filters do not contribute to scoring and thus are faster to execute.
- There are major changes introduced in Elasticsearch version 2.x onward related to how query and filters are written and performed internally and each newer version comes with its load of new improvements.
Common problems
- The most common problem with filters is incorrect use inside the query. If filters are not used correctly, query performance can be significantly affected. So filters must be used wherever there is scope of not calculating the score.
- Another problem often arises when using date range filters, if “now” is used to represent the current time. It has to be noted that “now” is continuously changing the timestamp and thus Elasticsearch cannot use caching of the response since the data set will keep changing.
Log Context
Log “Security must be explicitly enabled when using a trial license.” class name is SecurityActionFilter.java. We extracted the following from Elasticsearch source code for those seeking an in-depth context :
} catch (Exception e) { listener.onFailure(e); } } else if (SECURITY_ACTION_MATCHER.test(action)) { if (licenseState.isSecurityDisabledByTrialLicense()) { listener.onFailure(new ElasticsearchException("Security must be explicitly enabled when using a trial license. " + "Enable security by setting [xpack.security.enabled] to [true] in the elasticsearch.yml file " + "and restart the node.")); } else { listener.onFailure(LicenseUtils.newComplianceException(XPackField.SECURITY)); }