OpenSearch tools

This section provides documentation for OpenSearch-supported tools, including:

For information about Data Prepper, the server-side data collector for filtering, enriching, transforming, normalizing, and aggregating data for downstream analytics and visualization, see Data Prepper.

Agents and ingestion tools

Historically, many multiple popular agents and ingestion tools have worked with Elasticsearch OSS, such as Beats, Logstash, Fluentd, FluentBit, and OpenTelemetry. OpenSearch aims to continue to support a broad set of agents and ingestion tools, but not all have been tested or have explicitly added OpenSearch compatibility.

As an intermediate compatibility solution, OpenSearch has a setting that instructs the cluster to return version 7.10.2 rather than its actual version.

If you use clients that include a version check, such as versions of Logstash OSS or Filebeat OSS between 7.x - 7.12.x, enable the setting:

  1. PUT _cluster/settings
  2. {
  3. "persistent": {
  4. "compatibility": {
  5. "override_main_response_version": true
  6. }
  7. }
  8. }

Just like any other setting, the alternative is to add the following line to opensearch.yml on each node and then restart the node:

  1. compatibility.override_main_response_version: true

Logstash OSS 8.0 introduces a breaking change where all plugins run in ECS compatibility mode by default. If you use a compatible OSS client you must override the default value to maintain legacy behavior:

  1. ecs_compatibility => disabled

Downloads

You can download the OpenSearch output plugin for Logstash from OpenSearch downloads. The Logstash output plugin is compatible with OpenSearch and Elasticsearch OSS (7.10.2 or lower).

These are the latest versions of Beats OSS with OpenSearch compatibility. For more information, see the Compatibility matrices section, below.

Some users report compatibility issues with ingest pipelines on these versions of Beats. If you use ingest pipelines with OpenSearch, consider using the 7.10.2 versions of Beats instead.

Compatibility matrices

Italicized cells are untested, but indicate what a value theoretically should be based on existing information.

Compatibility matrix for Logstash

 Logstash OSS 7.0.0 to 7.11.xLogstash OSS 7.12.x*Logstash 7.13.x-7.16.x without OpenSearch output pluginLogstash 7.13.x-7.16.x with OpenSearch output pluginLogstash 8.x+ with OpenSearch output plugin
Elasticsearch OSS 7.0.0 to 7.9.xYesYesNoYesYes
Elasticsearch OSS 7.10.2YesYesNoYesYes
ODFE 1.0 to 1.12YesYesNoYesYes
ODFE 1.13YesYesNoYesYes
OpenSearch 1.x to 2.xYes via version settingYes via version settingNoYesYes, with Elastic Common Schema Setting

* Most current compatible version with Elasticsearch OSS.

Compatibility matrix for Beats

 Beats OSS 7.0.0 to 7.11.x*Beats OSS 7.12.xBeats 7.13.x
Elasticsearch OSS 7.0.0 to 7.9.xYesYesNo
Elasticsearch OSS 7.10.2YesYesNo
ODFE 1.0 to 1.12YesYesNo
ODFE 1.13YesYesNo
OpenSearch 1.x to 2.xYes via version settingYes via version settingNo
Logstash OSS 7.0.0 to 7.11.xYesYesYes
Logstash OSS 7.12.x*YesYesYes
Logstash 7.13.x with OpenSearch output pluginYesYesYes

* Most current compatible version with Elasticsearch OSS.

** Beats OSS includes all Apache 2.0 Beats agents (that is, Filebeat, Metricbeat, Auditbeat, Heartbeat, Winlogbeat, and Packetbeat).

Beats versions newer than 7.12.x are not supported by OpenSearch. If you must update the Beats agent(s) in your environment to a newer version, you can work around the incompatibility by directing traffic from Beats to Logstash and using the Logstash Output plugin to ingest the data to OpenSearch.

OpenSearch CLI

The OpenSearch CLI command line interface (opensearch-cli) lets you manage your OpenSearch cluster from the command line and automate tasks. For more information about OpenSearch CLI, see OpenSearch CLI.

OpenSearch Kubernetes operator

The OpenSearch Kubernetes (K8s) Operator is an open-source kubernetes operator that helps automate the deployment and provisioning of OpenSearch and OpenSearch Dashboards in a containerized environment. For information about how to use the K8s operator, see OpenSearch Kubernetes operator