Getting started

OpenSearch is a distributed search and analytics engine based on Apache Lucene. After adding your data to OpenSearch, you can perform full-text searches on it with all of the features you might expect: search by field, search multiple indexes, boost fields, rank results by score, sort results by field, and aggregate results.

Unsurprisingly, builders often use a search engine like OpenSearch as the backend for a search application—think Wikipedia or an online store. It offers excellent performance and can scale up or down as the needs of the application grow or shrink.

An equally popular, but less obvious use case is log analytics, in which you take the logs from an application, feed them into OpenSearch, and use the rich search and visualization functionality to identify issues. For example, a malfunctioning web server might throw a 500 error 0.5% of the time, which can be hard to notice unless you have a real-time graph of all HTTP status codes that the server has thrown in the past four hours. You can use OpenSearch Dashboards to build these sorts of visualizations from data in OpenSearch.

Components

OpenSearch is more than just the core engine. It also includes the following components:

  • OpenSearch Dashboards: The OpenSearch data visualization UI.
  • Data Prepper: A server-side data collector capable of filtering, enriching, transforming, normalizing, and aggregating data for downstream analysis and visualization.
  • Clients: Language APIs that let you communicate with OpenSearch in several popular programming languages.

Use cases

OpenSearch supports a variety of use cases, for example:

  • Observability: Visualize data-driven events by using Piped Processing Language (PPL) to explore, discover, and query data stored in OpenSearch.
  • Search: Choose the best search method for your application, from regular lexical search to conversational search powered by machine learning (ML).
  • Machine learning: Integrate ML models into your OpenSearch application.
  • Security analytics: Investigate, detect, analyze, and respond to security threats that can jeopardize organizational success and online operations.

Next steps