Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Is the New Elasticsearch SSPL License a Threat to Your Business?

  • Thomas Russell
  • January 24, 2021
Share article
elastic sspl license change

Recent changes to the Elasticsearch license could have consequences on your intellectual property. Elasticsearch and Kibana as recently published by Elastic will no longer be licensed under the OSS Apache license effective from Elasticsearch version 7.11.

There is a lot of false information out there regarding this move. We at Coralogix aren’t impacted by Elastic’s departure from the previous Open Source Apache V2 License. However, for many of our customers and industry peers the change might have real implications.

While we’re not making any changes to our own roadmap, we have concerns about ramifications for the wider community. As such, we’ve provided this honest outline of the new license and offered guidance for those of you uncomfortable working under a source available license.

Elastic – A Cornerstone of Modern Analytics

There is a reason any major changes to Elastic’s license terms create conversation. Passing the 100 million download milestone as far back as 2017, the ELK stack was an integral ingredient to most log analytics stacks in the last decade.

Elasticsearch, Logstash, and Kibana have become household names in analytics. It should be noted that the former two, Logstash and Kibana, were OSS until the top developers on the projects moved over to Elasticsearch. From that point the ELK stack became a unified force. Entire businesses are built on services that rely on the ELK stack. From humble beginnings as open-source projects, ELK is now a software name that is synonymous with monitoring, observability, and analytics.

However, the ELK stack’s open source roots are also the reason it was adopted and embraced so widely. Open-source licensing gave businesses access to cutting edge tools with no risk of a legal grey area around intellectual property ownership. The new dual Elastic and SSPL license adopted by Elastic affects this legal protection, and also seems to contradict the values that led to ELK’s popularity among engineers and businesses in the first place.

The New Elasticsearch SSPL License

Openness was at the heart of Elastic’s message during their rise to industry prominence. In the past, after changing some of their advanced features license, they have stated outright that they remained dedicated to the previous Apache 2.0 license. To quote Elastic directly:

“We did not change the license of any of the Apache 2.0 code of Elasticsearch, Kibana, Beats, and Logstash — and we never will.

The reason for Elastic’s previous commitment to the Apache 2.0 license was simple. Apache 2.0 is an open-source license as recognized by the OSI (Open Source Initiative) that allows for commercial adoption and redistribution of ELK code as part of another platform, product, or service, without restriction.

ELK became a staple of analytics development and engineering partly because of Elastic’s outspoken championship of open source values and because of the legal freedom that came with them. These license changes have been seen by many as a move away from these values for a more commercial mindset.

What is the difference between open source and source available?

The new dual license gives users the choice between the Elastic license and SSPL, which is often falsely cited as an open-source license. SSPL has never been certified by the OSI as an open-source license, it’s actually a source available license.

Incorporating software distributed under an open-source license into your stack brings no redistribution restrictions. You hold full ownership of the code, and aren’t required to make it publicly available.

Under a source available license this is not the case. To quote the SSPL directly:

“13. Offering the Program as a Service.

If you make the functionality of the Program or a modified version available to third parties as a service, you must make the Service Source Code available via network download to everyone at no charge, under the terms of this License.”

Under SSPL licensing any product or service that makes use of ELK functionality must have its code made public. What is more, that code must be redistributed under the same SSPL license. This is the issue with the SSPL license – the definition of “making functionality available” is very loose.

What does this mean for my business?

The broad and vague language used by the license leaves much open to speculation. Potentially anything offered by your business to customers or clients that makes use of Elasticsearch and/or Kibana is at risk of having to be made readily available online, free of charge.

When you consider how sensitive some of the data handled by ELK-reliant systems can be, and how widespread the use of Elastic’s products has become, this could compromise entire businesses. Many managed Security Operations Centers rely on ELK to protect their customers and clients. Will managed SOC’s have to expose their code, leaving their clients vulnerable to attack?

This is only one of the many sectors at potential risk. The banking and finance sector relies on Elasticsearch for internal tools that allow their customers to find the best loan offers, etc. The code of these tools is business critical. Having better search tools than your competitor could be what moves customers from your rivals’ books to yours. It could be argued that this is offering Elastic functionality as a service. Does SSPL force the banks to put their trade secrets online as OSS?

So is ELK not open source anymore?


This answer may seem blunt, but this isn’t as nuanced a question as many believe. The OSI has clearly stated that SSPL is not an open-source license. SSPL fails to match the criteria that open source licenses, like the previous Apache 2.0 license, meet. The OSI reached their decision and published the results precisely to make consumers and users aware of this fact.

Open-source isn’t a jargon blanket definition given to licenses that are loose around redistribution or sharing rights. It is a very specific legal term, one which cannot be applied to the SSPL license under which Elastic now distributes ELK.

With the previous license, ELK could be freely incorporated into your software. Now, under the new license, there is a real risk of you being forced to release all of your code. The legal and financial ramifications of this for your business cannot be overstated.

Every modern business has its competitive commercial edge, its unique selling point, baked into the code of its software, products, and services. Code is one of the most valuable pieces of intellectual property your business has. If you’ve integrated Elasticsearch, Logstash, or Kibana, the SSPL license could require that your code be made public and readily available to your own competitors.

Will it stop here?

There’s no real answer to that question. Adopting the SSPL license was a colossal change in direction for Elastic. As we’ve seen, it directly contradicts the values and vision for the future they previously espoused. If Elastic is capable of making such radical ideal shifts now, who can say with certainty what changes the coming years could bring? 

If there is one thing this change has exposed, it’s that Elastic’s prevalence has led to what could be seen as an over-reliance on their software. Very rarely does a license change for a single piece of software generate so much genuine worry, let alone put so many businesses at risk of losing valuable intellectual property. 

Could this be a wake-up call for the industry? Are we all now only one Elastic legal decision away from huge disruptions to the way we work, create, and do business?

How have users reacted to the new SSPL license?

On the whole, the news has not been well received by ELK users or the open-source community. Many have stated they are confused, upset, or even betrayed by the move.

Some see the move as a business ploy to undercut/outperform Elastic rivals such as AWS. As you can see by the colorful language this isn’t a move that many take lightly.

elasticsearch red herrings

Some are openly advising businesses to move away from Elastic entirely, on a financial/contributory level too.

redirect contributions

This Twitter user succinctly sums up the widely held community view that Elastic may be trying to impose partial ownership or control on users’ projects.

elastic project

This user brings up another key concern with the license. The language used is incredibly broad. Any intellectual property lawyer will tell you that broad/vague language is often leveraged by license holders like Elastic in legal disputes.

elasticsearch sspl license vs amazon

Some have also seen material put out by Elastic to address key concerns as being thinly veiled marketing to ramp up competition against Amazon, instead of containing any helpful information.

Where to Go From Here

Even for those of us not in scope, this change will have significant ramifications. The integration of Elasticsearch, Logstash, and Kibana forcing businesses into binding redistribution terms has opened up broad conversations about open-source software. Not too long ago there was a security that came with using ELK. Almost overnight, that has proven itself to be an unreliable assumption.

What are your options with your ELK stack?

Continuing to run your ELK stack, as-is, could represent a business risk. While the present license change may not impact you, any corporate lawyer will be rightfully concerned about the legal traps that may await down the road. So what can you do to mitigate this risk?

One option is to cease hosting ELK yourself and purchase a managed ELK stack subscription. This has the benefit of shifting liability away from you, but it can come with a price tag.

How can Coralogix help?

As stated, the Coralogix platform doesn’t rely on Elastic. These licensing changes do not impact our platform or roadmap for the future. We still have the security and peace of mind these changes have taken from businesses the world over.

The Coralogix platform is available as a more-than-suitable alternative if Elastic and/or SSPL licensing aren’t compatible with the future of your business. Our platform can match and improve upon all the core features and functionality your business relies on. With Coralogix you can leverage industry defining alerting, metrics, and observability features powered by machine learning. Not only that, we also offer cost optimization using our own Streama technology.

We are providing free migrations from ELK to the Coralogix platform. Our team of experts can facilitate a smooth and swift transition, mitigating the disruption to your business and allowing you to focus on what matters most; developing and delivering great software products and services.

Where Modern Observability
and Financial Savvy Meet.