Graylog 3.1 - Enterprise License Violation

I added a Free Enterprise Lic while my daily logs were over the 5 GB limit I was able to get the logs under 5 GB consistently every day since by filtering out the noise, but I am still getting the red banner on all screens Graylog Enterprise License Violation. Will the alert go away and subsequent features become active when the daily stays under 5 GB after a thirty day period?

he @asnook

that is right. if the sliding window does not contain the violation anymore the warning will disappear.

Jan

Great to hear (I have three days to see that or not see it as the case may be) that said will the subsequent features that are current disabled also, will they activate at that time?

subsequent features that are current disabled also, will they activate at that time?

in exactly that minute

2 days ago my daily output has gone under 5 GB for the 30 days. Checking to verify the server can connect to https://api.graylog.com/releases/active proved that it connects fine and has the correct version, but my server still has the same licence error
" Graylog Enterprise License Violation

At least one term of your Graylog Enterprise license has been violated. Go to the Licenses page for more information or contact your Graylog account manager."
Plus none of the enterprise add on functions have started either.

This is what the licence page says.

Details: Daily traffic limit: 5.0GiB (allowed violations per 30 days: 5)
Requires remote checks: Yes (allowed consecutive check failures: 72)
License expiration warning: 30 days before Violations detected

State: This cluster is not covered by the license.

The output from running curl -v -XGET https://api.graylog.com/releases/active is:

  • About to connect() to api.graylog.com port 443 (#0)
  • Trying 3.219.64.173…
  • Connected to api.graylog.com (3.219.64.173) port 443 (#0)
  • Initializing NSS with certpath: sql:/etc/pki/nssdb
  • CAfile: /etc/pki/tls/certs/ca-bundle.crt
    CApath: none
  • SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • Server certificate:
  •   subject: CN=api.graylog.com
    
  •   start date: Oct 18 23:12:03 2019 GMT
    
  •   expire date: Jan 16 23:12:03 2020 GMT
    
  •   common name: api.graylog.com
    
  •   issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
    

GET /releases/active HTTP/1.1
User-Agent: curl/7.29.0
Host: api.graylog.com
Accept: /

< HTTP/1.1 200 OK
< Server: Cowboy
< Connection: keep-alive
< Date: Tue, 12 Nov 2019 16:38:45 GMT
< Content-Type: application/json
< Vary: Accept-Encoding
< Content-Length: 215
< Via: 1.1 vegur
<

it looks like your cluster ID is not part of this license:

State: This cluster is not covered by the license.

That is the error if the cluster id of the license and the cluster id of the server is not the same.

So I guess I need to resubmit for the free lic. with hopefully the correct cluster ID. Which I thought I had.