147 lines
5.3 KiB
Markdown
147 lines
5.3 KiB
Markdown
---
|
|
layout: default
|
|
title: Ship events to OpenSearch
|
|
parent: Logstash
|
|
nav_order: 220
|
|
---
|
|
|
|
# Ship events to OpenSearch
|
|
|
|
You can Ship Logstash events to an OpenSearch cluster and then visualize your events with OpenSearch Dashboards.
|
|
|
|
Make sure you have [Logstash]({{site.url}}{{site.baseurl}}/clients/logstash/index/#install-logstash), [OpenSearch]({{site.url}}{{site.baseurl}}/opensearch/install/index/), and [OpenSearch Dashboards]({{site.url}}{{site.baseurl}}/dashboards/install/index/).
|
|
{: .note }
|
|
|
|
## OpenSearch output plugin
|
|
|
|
To run the OpenSearch output plugin, add the following configuration in your `pipeline.conf` file:
|
|
|
|
```yml
|
|
output {
|
|
opensearch {
|
|
hosts => "https://localhost:9200"
|
|
user => "admin"
|
|
password => "admin"
|
|
index => "logstash-logs-%{+YYYY.MM.dd}"
|
|
ssl_certificate_verification => false
|
|
}
|
|
}
|
|
```
|
|
|
|
|
|
## Sample walkthrough
|
|
|
|
1. Open the `config/pipeline.conf` file and add in the following configuration:
|
|
|
|
```yml
|
|
input {
|
|
stdin {
|
|
codec => json
|
|
}
|
|
}
|
|
|
|
output {
|
|
opensearch {
|
|
hosts => "https://localhost:9200"
|
|
user => "admin"
|
|
password => "admin"
|
|
index => "logstash-logs-%{+YYYY.MM.dd}"
|
|
ssl_certificate_verification => false
|
|
}
|
|
}
|
|
```
|
|
|
|
This Logstash pipeline accepts JSON input through the terminal and ships the events to an OpenSearch cluster running locally. Logstash writes the events to an index with the `logstash-logs-%{+YYYY.MM.dd}` naming convention.
|
|
|
|
2. Start Logstash:
|
|
|
|
```bash
|
|
$ bin/logstash -f config/pipeline.conf --config.reload.automatic
|
|
```
|
|
|
|
`config/pipeline.conf` is a relative path to the `pipeline.conf` file. You can use an absolute path as well.
|
|
|
|
3. Add a JSON object in the terminal:
|
|
|
|
```json
|
|
{ "amount": 10, "quantity": 2}
|
|
```
|
|
|
|
4. Start OpenSearch Dashboards and choose **Dev Tools**:
|
|
|
|
```json
|
|
GET _cat/indices?v
|
|
|
|
health | status | index | uuid | pri | rep | docs.count | docs.deleted | store.size | pri.store.size
|
|
green | open | logstash-logs-2021.07.01 | iuh648LYSnmQrkGf70pplA | 1 | 1 | 1 | 0 | 10.3kb | 5.1kb
|
|
```
|
|
|
|
## Adding different Authentication mechanisms in the Output plugin
|
|
|
|
## auth_type to support different authentication mechanisms
|
|
|
|
In addition to the existing authentication mechanisms, if we want to add new authentication then we will be adding them in the configuration by using auth_type
|
|
|
|
Example Configuration for basic authentication:
|
|
|
|
```yml
|
|
output {
|
|
opensearch {
|
|
hosts => ["https://hostname:port"]
|
|
auth_type => {
|
|
type => 'basic'
|
|
user => 'admin'
|
|
password => 'admin'
|
|
}
|
|
index => "logstash-logs-%{+YYYY.MM.dd}"
|
|
}
|
|
}
|
|
```
|
|
### Parameters inside auth_type
|
|
|
|
- type (string) - We should specify the type of authentication
|
|
- We should add credentials required for that authentication like 'user' and 'password' for 'basic' authentication
|
|
- We should also add other parameters required for that authentication mechanism like we added 'region' for 'aws_iam' authentication
|
|
|
|
## Configuration for AWS IAM Authentication
|
|
|
|
To run the Logstash Output Opensearch plugin using aws_iam authentication, simply add a configuration following the below documentation.
|
|
|
|
Example Configuration:
|
|
|
|
```yml
|
|
output {
|
|
opensearch {
|
|
hosts => ["https://hostname:port"]
|
|
auth_type => {
|
|
type => 'aws_iam'
|
|
aws_access_key_id => 'ACCESS_KEY'
|
|
aws_secret_access_key => 'SECRET_KEY'
|
|
region => 'us-west-2'
|
|
}
|
|
index => "logstash-logs-%{+YYYY.MM.dd}"
|
|
}
|
|
}
|
|
```
|
|
|
|
### Required Parameters
|
|
|
|
- hosts (array of string) - AmazonOpensearchService domain endpoint : port number
|
|
- auth_type (Json object) - Which holds other parameters required for authentication
|
|
- type (string) - "aws_iam"
|
|
- aws_access_key_id (string) - AWS access key
|
|
- aws_secret_access_key (string) - AWS secret access key
|
|
- region (string, :default => "us-east-1") - region in which the domain is located
|
|
- if we want to pass other optional parameters like profile, session_token,etc. They needs to be added in auth_type
|
|
- port (string) - AmazonOpensearchService listens on port 443 for HTTPS
|
|
- protocol (string) - The protocol used to connect to AmazonOpensearchService is 'https'
|
|
|
|
### Optional Parameters
|
|
- The credential resolution logic can be described as follows:
|
|
- User passed aws_access_key_id and aws_secret_access_key in configuration
|
|
- Environment variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY (RECOMMENDED since they are recognized by all the AWS SDKs and CLI except for .NET), or AWS_ACCESS_KEY and AWS_SECRET_KEY (only recognized by Java SDK)
|
|
- Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI
|
|
- Instance profile credentials delivered through the Amazon EC2 metadata service
|
|
- template (path) - You can set the path to your own template here, if you so desire. If not set, the included template will be used.
|
|
- template_name (string, default => "logstash") - defines how the template is named inside Opensearch
|