2.1 KiB
| layout | title | parent | nav_order |
|---|---|---|---|
| default | Ship events to OpenSearch | Logstash | 220 |
Ship events to OpenSearch
You can Ship Logstash events to an OpenSearch cluster and then visualize your events with OpenSearch Dashboards.
Make sure you have Logstash, OpenSearch, and OpenSearch Dashboards. {: .note }
OpenSearch output plugin
To run the OpenSearch output plugin, add the following configuration in your pipeline.conf file:
output {
opensearch {
hosts => "https://localhost:9200"
user => "admin"
password => "admin"
index => "logstash-logs-%{+YYYY.MM.dd}"
ssl_certificate_verification => false
}
}
Sample walkthrough
-
Open the
config/pipeline.conffile and add in the following configuration:input { stdin { codec => json } } output { opensearch { hosts => "https://localhost:9200" user => "admin" password => "admin" index => "logstash-logs-%{+YYYY.MM.dd}" ssl_certificate_verification => false } }This Logstash pipeline accepts JSON input through the terminal and ships the events to an OpenSearch cluster running locally. Logstash writes the events to an index with the
logstash-logs-%{+YYYY.MM.dd}naming convention. -
Start Logstash:
$ bin/logstash -f config/pipeline.conf --config.reload.automaticconfig/pipeline.confis a relative path to thepipeline.conffile. You can use an absolute path as well. -
Add a JSON object in the terminal:
{ "amount": 10, "quantity": 2} -
Start OpenSearch Dashboards and choose Dev Tools:
GET _cat/indices?v health | status | index | uuid | pri | rep | docs.count | docs.deleted | store.size | pri.store.size green | open | logstash-logs-2021.07.01 | iuh648LYSnmQrkGf70pplA | 1 | 1 | 1 | 0 | 10.3kb | 5.1kb