Giter Club home page Giter Club logo

logstash-output-opensearch's Introduction

Build and Test logstash-output-opensearch plugin PRs welcome!

Logstash Output OpenSearch

Welcome!

logstash-output-opensearch is a community-driven, open source fork logstash-output-elasticsearch licensed under the Apache v2.0 License. For more information, see opensearch.org.

The logstash-output-opensearch plugin helps to ship events from Logstash to OpenSearch cluster.

Project Resources

Configuration for Logstash Output Opensearch Plugin

To run the Logstash Output Opensearch plugin, add following configuration in your logstash.conf file. Note: For logstash running with OpenSearch 2.12.0 and higher the admin password needs to be a custom strong password supplied during cluster setup.

output {
    opensearch {
        hosts       => ["hostname:port"]
        user        => "admin"
        password    => "<your-admin-password>"
        index       => "logstash-logs-%{+YYYY.MM.dd}"
    }
}

To run the Logstash Output Opensearch plugin using aws_iam authentication, refer to the sample configuration shown below:

output {
   opensearch {
          hosts => ["hostname:port"]
          auth_type => {
              type => 'aws_iam'
              aws_access_key_id => 'ACCESS_KEY'
              aws_secret_access_key => 'SECRET_KEY'
              region => 'us-west-2'
          }
          index  => "logstash-logs-%{+YYYY.MM.dd}"
   }
}

In addition to the existing authentication mechanisms, if we want to add new authentication then we will be adding them in the configuration by using auth_type.

Example Configuration for basic authentication: Note: For logstash running with OpenSearch 2.12.0 and higher the admin password needs to be a custom strong password supplied during cluster setup.

output {
    opensearch {
          hosts  => ["hostname:port"]
          auth_type => {
              type => 'basic'
              user => 'admin'
              password => '<your-admin-password>'
          }
          index => "logstash-logs-%{+YYYY.MM.dd}"
   }
}

To ingest data into a data stream through logstash, we need to create the data stream and specify the name of data stream and the op_type of create in the output configuration. The sample configuration is shown below: Note: For logstash running with OpenSearch 2.12.0 and higher the admin password needs to be a custom strong password supplied during cluster setup.

output {
    opensearch {
          hosts  => ["https://hostname:port"]
          auth_type => {
              type => 'basic'
              user => 'admin'
              password => '<your-admin-password>'
          }
          index => "my-data-stream"
          action => "create"
   }
}

Starting in 2.0.0, the aws sdk version is bumped to v3. In order for all other AWS plugins to work together, please remove pre-installed aws plugins and install logstash-integration-aws plugin as follows. See also logstash-plugins/logstash-mixin-aws#38

# Remove existing logstash aws plugins and install logstash-integration-aws to keep sdk dependency the same
# https://github.com/logstash-plugins/logstash-mixin-aws/issues/38
/usr/share/logstash/bin/logstash-plugin remove logstash-input-s3
/usr/share/logstash/bin/logstash-plugin remove logstash-input-sqs
/usr/share/logstash/bin/logstash-plugin remove logstash-output-s3
/usr/share/logstash/bin/logstash-plugin remove logstash-output-sns
/usr/share/logstash/bin/logstash-plugin remove logstash-output-sqs
/usr/share/logstash/bin/logstash-plugin remove logstash-output-cloudwatch

/usr/share/logstash/bin/logstash-plugin install --version 0.1.0.pre logstash-integration-aws
/usr/share/logstash/bin/logstash-plugin install --version 2.0.0 logstash-output-opensearch

ECS Compatibility

Elastic Common Schema(ECS) compatibility for V8 was added in 1.3.0. For more details on ECS support refer to this documentation.

Code of Conduct

This project has adopted the Amazon Open Source Code of Conduct. For more information see the Code of Conduct FAQ, or contact [email protected] with any additional questions or comments.

License

This project is licensed under the Apache v2.0 License.

Copyright

Copyright OpenSearch Contributors. See NOTICE for details.

logstash-output-opensearch's People

Contributors

andrewvc avatar andsel avatar colinsurprenant avatar dblock avatar dchauviere avatar dedemorton avatar deepdatta avatar dlvenable avatar electrical avatar gaiksaya avatar jakelandis avatar jimmyjones2 avatar jordansissel avatar jsvd avatar karenzone avatar kares avatar kurtado avatar lucabelluccini avatar naveentatikonda avatar peterzhuamazon avatar ph avatar ppf2 avatar robbavey avatar stockholmux avatar suyograo avatar talevy avatar untergeek avatar vijayanb avatar yaauie avatar yoitsro avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

vijayanb dblock stjordanis naveentatikonda jmountifield deniedboarding stockholmux eric-sherrill ryanbogan bsastoquetp stella-code yasernoorollahi everesio peternied zelinh danielschulz cognoai rkbennett linux-lt der-ofenmeister narendrakanukollu yvngo efesenmaiersf vachashah mariamawit-a piequi suresh-kumarp duncaan topikachu sjgwonb johannges bhoyar-p tuapuikia nosnilmot wh1sssss dariusjs shdubsh tisted deepdatta dlvenable fernferret hardproblems jasonzou alonsobsd jose-hernandez-iop roblperry elyhess oeyh nangirl edmundlord28 sid2014 gaiksaya sshivanii swapandeepsur ipraveen24 alexnelsone asifsmohammed mmattalw thamizhvanan-r hanjungun ohuevshiybot qpc-github phillipsniles jayhyeon emadamz tecvoc peterzhuamazon jordarlu divyaasm nanirajiv darshitchanpura wolfi-chainguard-demo invaluable douglashbr trueburn flomedja yoransys chainguard-wolfi-bites-back

logstash-output-opensearch's Issues

Opensearch Logstash fork/bundle and Log4j vulnerability (CVE-2021-44228)

Describe the bug
I couldn't find any dedicated repository for the opensearch/amazon fork of logstash offered on the downloads page at https://opensearch.org/downloads.html so I hope you don't mind asking the question here. While an update for Opensearch has been issued with 1.2.1 and #107 only mentions the plugin itself (this repository) logstash itself e.g. logstash-oss-with-opensearch-output-plugin-7.13.2-linux-x64.tar.gz offered still appears to be affected(?) At least it bundles vulnerable versions.

To Reproduce

$ wget https://artifacts.opensearch.org/logstash/logstash-oss-with-opensearch-output-plugin-7.13.2-linux-x64.tar.gz
$ tar xf logstash-oss-with-opensearch-output-plugin-7.13.2-linux-x64.tar.gz
$ cd logstash-7.13.2/
$ find . -name *log4j*jar*

./vendor/bundle/jruby/2.5.0/gems/logstash-input-azure_event_hubs-1.2.3/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.9.1/log4j-api-2.9.1.jar
./vendor/bundle/jruby/2.5.0/gems/logstash-input-azure_event_hubs-1.2.3/vendor/jar-dependencies/org/apache/logging/log4j/log4j-slf4j-impl/2.9.1/log4j-slf4j-impl-2.9.1.jar
./vendor/bundle/jruby/2.5.0/gems/logstash-input-http-3.3.7-java/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.11.1/log4j-api-2.11.1.jar
./vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.1.3-java/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.11.1/log4j-api-2.11.1.jar
./logstash-core/lib/jars/log4j-1.2-api-2.14.0.jar
./logstash-core/lib/jars/log4j-core-2.14.0.jar
./logstash-core/lib/jars/log4j-api-2.14.0.jar
./logstash-core/lib/jars/log4j-jcl-2.14.0.jar
./logstash-core/lib/jars/log4j-slf4j-impl-2.14.0.jar

Allow "opt-out" of appending default port 9200

Hi,

we are running multiple OpenSearch Clusters in Kubernetes and most of our services access them from outside the cluster do so by using the Host-Header.
This is way easier than handling the port-mapping on the ingress and i think this should at least be possible.
I had the same problem before with Elasticsearch/Logstash, but i think here is a better place to take a shot at this "issue".

Using a default port, that is not clearly deductable from the URL/Config is a bad thing i think... :)

Introduce an "auth_type" setting for the output plugin

Is your feature request related to a problem? Please describe.
There are multiple authentication mechanisms for OpenSearch (Basic, OpenID, and more). There are also multiple authentication mechanisms for vendors that offer OpenSearch products. Currently the Logstash output plugin supports basic authentication and TLS. This plugin can be extended to support additional authentication mechanisms with a auth_type flag.

Describe the solution you'd like
By adding a setting for auth_type users could express additional authentication mechanisms. For example someone using AWS IAM signing could express

output {
    opensearch {
        hosts       => "https://hostname:port"
        auth_type => {
            type => aws_iam
            aws_access_key_id => 'ACCESS_KEY'
            aws_secret_access_key => 'SECRET_KEY'
        }
        index       => "logstash-logs-%{+YYYY.MM.dd}"
    }
}

NOTE if no type is provided the default could remain basic auth (as it is today) in order to be backwards compatible.

Add basic_auth as new authentication type in the auth_type flag for user and password in output plugin

We are already supporting user and password as master credentials. But after adding auth_type flag, to make all the authentication mechanisms look uniform, we want to add basic_auth as an authentication mechanism for user and password by also supporting the regular user and password authentication. Both of these supported mechanisms are shown below:

With auth_type
output { opensearch { hosts => "hostname:port" auth_type => { type => "basic" user => "admin" password => "admin" } index => "logstash-logs-%{+YYYY.MM.dd}" } }

Without auth_type
output { opensearch { hosts => "hostname:port" user => "admin" password => "admin" index => "logstash-logs-%{+YYYY.MM.dd}" } }

Provide extensible way to support multiple distribution

In order to avoid connecting to incompatible cluster like ES version != 7.x, we introduced the check for major version 7 and distribution as opensearch. Since, logstash output plugin can be used to connect non-openserach/non-ES-OSS clusters, see #62 , we need a solution to check in an extensible way.

Add "humio" as a supported distribution

The OpenSearch LogStash plugin is currently unable to send data to Humio's bulk endpoint because "humio" is not recognised as a valid distribution, and (currently) Humio advertises its bulk API as version 6.2.0.

Having tested the current Humio versions with the plugin we believe it is compatible, we would like to add "humio" as a valid distribution here

We will look to increment the Humio advertised major version for this API to >= 7 but this is not something that can be done quickly as significant compatibility testing is required. We would like to see our uses be able to make use of the OpenSearch plugin asap.

[BUG] Unable to connect to OpenStack cluster

Command:
docker run -it --rm --name logstash opensearchproject/logstash-oss-with-opensearch-output-plugin:7.13.2 -e "$(cat logstash.conf)"

logstash.conf:

input {
    stdin { }
}
output {
    opensearch {
        hosts => [
            "https://<domain>.eu-central-1.es.amazonaws.com:443"
        ]
        index => "opensearch-logstash-docker-%{+YYYY.MM.dd}"
        user => "<username>"
        password => "<password>"
        ssl => true
        ssl_certificate_verification => false
   }
}

Console output:

Using bundled JDK: /usr/share/logstash/jdk
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
Sending Logstash logs to /usr/share/logstash/logs which is now configured via log4j2.properties
[2021-12-05T20:17:08,407][INFO ][logstash.runner          ] Log4j configuration path used is: /usr/share/logstash/config/log4j2.properties
[2021-12-05T20:17:08,429][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.13.2", "jruby.version"=>"jruby 9.2.16.0 (2.5.7) 2021-03-03 f82228dc32 OpenJDK 64-Bit Server VM 11.0.11+9 on 11.0.11+9 +indy +jit [linux-x86_64]"}
[2021-12-05T20:17:08,485][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"}
[2021-12-05T20:17:08,580][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue", :path=>"/usr/share/logstash/data/dead_letter_queue"}
[2021-12-05T20:17:09,576][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2021-12-05T20:17:09,628][INFO ][logstash.agent           ] No persistent UUID file found. Generating new UUID {:uuid=>"fb6b7526-a889-435f-9348-45aad8f6e6a2", :path=>"/usr/share/logstash/data/uuid"}
[2021-12-05T20:17:11,346][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}
[2021-12-05T20:17:12,471][INFO ][org.reflections.Reflections] Reflections took 118 ms to scan 1 urls, producing 24 keys and 48 values
[2021-12-05T20:17:13,525][WARN ][deprecation.logstash.inputs.stdin] Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
[2021-12-05T20:17:13,711][WARN ][deprecation.logstash.outputs.opensearch] Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
[2021-12-05T20:17:13,783][INFO ][logstash.outputs.opensearch][main] New OpenSearch output {:class=>"LogStash::Outputs::OpenSearch", :hosts=>["https://<domain>.eu-central-1.es.amazonaws.com:443"]}
[2021-12-05T20:17:13,816][WARN ][logstash.outputs.opensearch][main] ** WARNING ** Detected UNSAFE options in opensearch output configuration!
** WARNING ** You have enabled encryption but DISABLED certificate verification.
** WARNING ** To make sure your data is secure change :ssl_certificate_verification to true
[2021-12-05T20:17:14,474][INFO ][logstash.outputs.opensearch][main] OpenSearch pool URLs updated {:changes=>{:removed=>[], :added=>[https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/]}}
[2021-12-05T20:17:15,504][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/"}
[2021-12-05T20:17:15,645][INFO ][logstash.outputs.opensearch][main] Cluster version determined (7.10.2) {:version=>7}
[2021-12-05T20:17:15,678][ERROR][logstash.outputs.opensearch][main] Could not connect to cluster {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/", :distribution=>nil, :major_version=>7}
[2021-12-05T20:17:15,776][ERROR][logstash.outputs.opensearch][main] Unable to retrieve OpenSearch cluster uuid {:message=>"No Available connections", :exception=>LogStash::Outputs::OpenSearch::HttpClient::Pool::NoConnectionAvailableError, :backtrace=>["/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/http_client/pool.rb:349:in `with_connection'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/http_client/pool.rb:260:in `perform_request'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/http_client/pool.rb:268:in `block in get'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/http_client.rb:208:in `get'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/plugin_mixins/opensearch/common.rb:90:in `discover_cluster_uuid'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch.rb:247:in `finish_register'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch.rb:225:in `block in register'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/plugin_mixins/opensearch/common.rb:83:in `block in after_successful_connection'"]}
[2021-12-05T20:17:15,794][INFO ][logstash.outputs.opensearch][main] Using a default mapping template {:version=>7, :ecs_compatibility=>:disabled}
[2021-12-05T20:17:15,844][ERROR][logstash.outputs.opensearch][main] Failed to install template {:message=>"No Available connections", :exception=>LogStash::Outputs::OpenSearch::HttpClient::Pool::NoConnectionAvailableError, :backtrace=>["/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/http_client/pool.rb:349:in `with_connection'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/http_client/pool.rb:260:in `perform_request'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/http_client/pool.rb:268:in `block in Pool'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/http_client.rb:388:in `exists?'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/http_client.rb:393:in `template_exists?'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/http_client.rb:89:in `template_install'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/template_manager.rb:37:in `install'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/template_manager.rb:25:in `install_template'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch.rb:413:in `install_template'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch.rb:248:in `finish_register'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch.rb:225:in `block in register'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/plugin_mixins/opensearch/common.rb:83:in `block in after_successful_connection'"]}
[2021-12-05T20:17:15,850][INFO ][logstash.javapipeline    ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>250, "pipeline.sources"=>["config string"], :thread=>"#<Thread:0x1e7f4d48 run>"}
[2021-12-05T20:17:17,295][INFO ][logstash.javapipeline    ][main] Pipeline Java execution initialization time {"seconds"=>1.44}
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.jrubystdinchannel.StdinChannelLibrary$Reader (file:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jruby-stdin-channel-0.2.0-java/lib/jruby_stdin_channel/jruby_stdin_channel.jar) to field java.io.FilterInputStream.in
WARNING: Please consider reporting this to the maintainers of com.jrubystdinchannel.StdinChannelLibrary$Reader
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[2021-12-05T20:17:17,335][INFO ][logstash.javapipeline    ][main] Pipeline started {"pipeline.id"=>"main"}
The stdin plugin is now waiting for input:
[2021-12-05T20:17:17,522][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2021-12-05T20:17:20,747][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/"}
[2021-12-05T20:17:20,812][ERROR][logstash.outputs.opensearch][main] Could not connect to cluster {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/", :distribution=>nil, :major_version=>7}
[2021-12-05T20:17:25,835][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/"}
[2021-12-05T20:17:25,894][ERROR][logstash.outputs.opensearch][main] Could not connect to cluster {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/", :distribution=>nil, :major_version=>7}
[2021-12-05T20:17:30,916][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/"}
[2021-12-05T20:17:30,960][ERROR][logstash.outputs.opensearch][main] Could not connect to cluster {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/", :distribution=>nil, :major_version=>7}
[2021-12-05T20:17:35,988][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/"}
[2021-12-05T20:17:36,026][ERROR][logstash.outputs.opensearch][main] Could not connect to cluster {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/", :distribution=>nil, :major_version=>7}
[2021-12-05T20:17:41,061][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/"}
[2021-12-05T20:17:41,111][ERROR][logstash.outputs.opensearch][main] Could not connect to cluster {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/", :distribution=>nil, :major_version=>7}
[2021-12-05T20:17:46,137][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/"}
[2021-12-05T20:17:46,171][ERROR][logstash.outputs.opensearch][main] Could not connect to cluster {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/", :distribution=>nil, :major_version=>7}
[2021-12-05T20:17:51,197][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/"}
[2021-12-05T20:17:51,229][ERROR][logstash.outputs.opensearch][main] Could not connect to cluster {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/", :distribution=>nil, :major_version=>7}
[2021-12-05T20:17:56,249][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/"}
[2021-12-05T20:17:56,285][ERROR][logstash.outputs.opensearch][main] Could not connect to cluster {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/", :distribution=>nil, :major_version=>7}
[2021-12-05T20:18:01,307][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/"}
[2021-12-05T20:18:01,346][ERROR][logstash.outputs.opensearch][main] Could not connect to cluster {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/", :distribution=>nil, :major_version=>7}
[2021-12-05T20:18:06,367][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/"}
[2021-12-05T20:18:06,402][ERROR][logstash.outputs.opensearch][main] Could not connect to cluster {:url=>"https://<username>:xxxxxx@<domain>.eu-central-1.es.amazonaws.com:443/", :distribution=>nil, :major_version=>7}
^C[2021-12-05T20:18:08,060][WARN ][logstash.runner          ] SIGINT received. Shutting down.
[2021-12-05T20:18:08,428][INFO ][logstash.javapipeline    ][main] Pipeline terminated {"pipeline.id"=>"main"}
[2021-12-05T20:18:09,370][INFO ][logstash.runner          ] Logstash shut down.

Connecting from either my local browser as well as via links terminal browser produces results similar to this one:
{
"name": "",
"cluster_name": ":",
"cluster_uuid": "",
"version": {
"number": "7.10.2",
"build_type": "tar",
"build_hash": "unknown",
"build_date": "2021-09-21T11:27:10.894287Z",
"build_snapshot": false,
"lucene_version": "8.8.2",
"minimum_wire_compatibility_version": "6.8.0",
"minimum_index_compatibility_version": "6.0.0-beta1"
},
"tagline": "The OpenSearch Project: https://opensearch.org/"
}

Integration test for opendistro

During CI for opendistro, while trying to disable security plugin instead of removal, observed following exception.

integration_1  | [2021-07-01T21:55:02,641][INFO ][c.a.o.s.s.DefaultOpenDistroSecurityKeyStore] [067ef78be3a9] Config directory is /usr/share/elasticsearch/config/, from there the key- and truststore files are resolved relatively
integration_1  | uncaught exception in thread [main]
integration_1  | [2021-07-01T21:55:02,741][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [067ef78be3a9] uncaught exception in thread [main]
integration_1  | org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to load plugin class [com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin]
integration_1  |        at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:174) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127) ~[elasticsearch-cli-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  | Caused by: java.lang.IllegalStateException: failed to load plugin class [com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin]
integration_1  |        at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:722) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:658) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:479) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:168) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.node.Node.<init>(Node.java:346) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.node.Node.<init>(Node.java:289) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:227) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:227) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:393) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        ... 6 more
integration_1  | Caused by: java.lang.reflect.InvocationTargetException
integration_1  |        at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
integration_1  |        at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:64) ~[?:?]
integration_1  |        at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
integration_1  |        at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
integration_1  |        at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]
integration_1  |        at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:713) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:658) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:479) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:168) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.node.Node.<init>(Node.java:346) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.node.Node.<init>(Node.java:289) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:227) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:227) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:393) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        ... 6 more
integration_1  | Caused by: org.elasticsearch.ElasticsearchException: opendistro_security.ssl.transport.keystore_filepath or opendistro_security.ssl.transport.server.pemcert_filepath and opendistro_security.ssl.transport.client.pemcert_filepath must be set if transport ssl is requested.
integration_1  |        at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.initTransportSSLConfig(DefaultOpenDistroSecurityKeyStore.java:412) ~[?:?]
integration_1  |        at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.initSSLConfig(DefaultOpenDistroSecurityKeyStore.java:248) ~[?:?]
integration_1  |        at com.amazon.opendistroforelasticsearch.security.ssl.DefaultOpenDistroSecurityKeyStore.<init>(DefaultOpenDistroSecurityKeyStore.java:169) ~[?:?]
integration_1  |        at com.amazon.opendistroforelasticsearch.security.ssl.OpenDistroSecuritySSLPlugin.<init>(OpenDistroSecuritySSLPlugin.java:217) ~[?:?]
integration_1  |        at com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin.<init>(OpenDistroSecurityPlugin.java:246) ~[?:?]
integration_1  |        at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
integration_1  |        at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:64) ~[?:?]
integration_1  |        at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
integration_1  |        at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
integration_1  |        at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]
integration_1  |        at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:713) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:658) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:479) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:168) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.node.Node.<init>(Node.java:346) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.node.Node.<init>(Node.java:289) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:227) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:227) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:393) ~[elasticsearch-7.10.2.jar:7.10.2]
integration_1  |        at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170) ~[elasticsearch-7.10.2.jar:7.10.2]
integ

Use index template instead of template

Since ES 7.8, recommended option is to create template is using _index_template instead of _template. In order to keep compatibility with logstash-output-elasticsearch, we are using _template . We could address this problem in two following ways:

  1. Check for min version, if < 8, use template, else index_template
  2. Support _index_template starting from OpenSearch 1.0.0, since it is first release, we can start using _index_template.

In opensearch output plugin - date patterns work in plugin but other variables don't

Describe the bug
In OpenSearch output plugin, wanted to update the "index" with one variable (placeholder) along with date pattern (as shown below) but the variable is taken as literal.

given:
index => "log_abc_%{[log][source][hostname]}daily%{+xxxx.MM.dd}"

expected index:
log_abc_hostname_daily_2021.12.16

instead output index is:
log_abc_%{[log][source][hostname]}_daily_2021.12.16

Standardize branching to match OpenSearch

Coming from .github#13, standardize release branching to match what OpenSearch is doing.

  1. Create a 1.0 branch for the OpenSearch 1.0 release, 1.x branch for next 1.1 release, and use main for 2.0 development. Make sure CI is enabled on those.
  2. Update your release/branching documentation. If you don't have one, add a RELEASING.md that links to, or has content from .github/RELEASING.md.
  3. If you are using a develop branch, stop. You should be using the default main brach for furthermost, future development.
  4. Delete any merged/stale/develop/feature branches that are no longer in use.
  5. Communicate any changes in process to your team.

Refer to release branching for more information.

Support opensearch during compatibility mode

While running in compatibility, opensearch will not have distribution and build_flavor. To support this distribution, update checker to check only major version if distribution is not opensearch.

Support for IAM Roles (Instance Profile/IRSA) for Authentication

Is your feature request related to a problem? Please describe.
The current best practices for security in AWS recommends using short-lived credentials through IAM Role (STS) instead of static IAM Credentials (Access Key/Secret). That capacity is critically important when using Amazon EKS, since we can leverage IAM Roles for Service Accounts (IRSA) and improve security posture with Logstash on Kubernetes.

Describe the solution you'd like
Logstash should be able to consume an IAM Role, from an Instance Profile (EC2) or from IRSA (EKS), and use it to authenticate against the OpenSearch environment.

Describe alternatives you've considered
Use the legacy output plugin from awslabs/logstash-output-amazon_es.

Additional context
The current aws-sdk gem used in this plugin (>= 2.11.632) already supports IRSA capability.

Should support IAM based Authentication

Is your feature request related to a problem? Please describe.
I should able to connect to opensearch cluster that has IAM based authentication similar to https://github.com/awslabs/logstash-output-amazon_es

Describe the solution you'd like
OpenSearch users will use only one plugin to interact with any type of distribution

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

[Enhancement] Adding Multi-Arch Support for Docker Images in Logstash-output-opensearch

Is your feature request related to a problem? Please describe.
[Enhancement] Adding Multi-Arch Support for Docker Images in Logstash-output-opensearch
We want to add the multi-arch support for Docker images in Logstash-output-opensearch,
so that customers does not need to specify the Arch and we dont need to add new tags for separate images.

Describe the solution you'd like
Docker Buildx on the Docker Desktop.
#41

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Update Docker image

logstash-output-opensearch 1.1.0 was released on 22.09.2021, but the official Docker image opensearchproject/logstash-oss-with-opensearch-output-plugin was not updated yet.

Could we get a Docker image with logstash-output-opensearch:1.1.0 please?

[BUG] readme doesn't point to documentation

Describe the bug
readme.md: the links for project and documentation point to https://opensearch.org/. I would expect 2 dedicated pages

To Reproduce
Steps to reproduce the behavior:

  1. Go to https://github.com/opensearch-project/logstash-output-opensearch
  2. Click on 'project website' and 'documentation' links under the "Project resources" topic
  3. I see the opensearch.org page

Expected behavior
Have 2 distinct pages and a detailed documentation for the plugin setup

Plugins
NA

Screenshots
NA

Host/Environment (please complete the following information):

  • OS: Linux Mint
  • Version 21
  • latest Firefox

Additional context
NA

Requesting 'logstash-input-opensearch' plugin

Sorry I realise this isn't exactly what this repo is about, but I figure it's the closet there is...

Is your feature request related to a problem? Please describe.
Please create a logstash-input-opensearch plugin

Describe the solution you'd like
If for any reason, I'd need to export / re-process / reindex large amounts of logs data I no longer can.
Running Logstash version 7.16.2 against OpenSearch 1.2.3 with compatibility turned off you get the error message: Could not connect to a compatible version of Elasticsearch

The solution I'd like is a logstash-input-plugin that worked against opensearch.

Additional context
While I realise its not this repo's responsibility, perhaps you can notify the right persons to request it? Other perhaps point me in the right direction for who to ask?

Many Thanks

[BUG] Could not connect to cluster

Describe the bug

We are getting Could not connect to cluster errors and Restored connection to OpenSearch instance warnings every 5 seconds.

2021/09/17 15:29:14 Setting 'path.config' from environment.
2021/09/17 15:29:14 Setting 'path.dead_letter_queue' from environment.
2021/09/17 15:29:14 Setting 'http.port' from environment.
2021/09/17 15:29:14 Setting 'http.host' from environment.
2021/09/17 15:29:14 Setting 'dead_letter_queue.enable' from environment.
2021/09/17 15:29:14 Setting 'pipeline.ecs_compatibility' from environment.
Using bundled JDK: /usr/share/logstash/jdk
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
Sending Logstash logs to /usr/share/logstash/logs which is now configured via log4j2.properties
[2021-09-17T15:29:27,268][INFO ][logstash.runner          ] Log4j configuration path used is: /usr/share/logstash/config/log4j2.properties
[2021-09-17T15:29:27,275][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.13.2", "jruby.version"=>"jruby 9.2.16.0 (2.5.7) 2021-03-03 f82228dc32 OpenJDK 64-Bit Server VM 11.0.11+9 on 11.0.11+9 +indy +jit [linux-x86_64]"}
[2021-09-17T15:29:27,293][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"}
[2021-09-17T15:29:27,301][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue", :path=>"/usr/share/logstash/data/dead_letter_queue"}
[2021-09-17T15:29:27,534][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2021-09-17T15:29:27,554][INFO ][logstash.agent           ] No persistent UUID file found. Generating new UUID {:uuid=>"119a44c1-133b-4742-bdc9-b28ebc20f311", :path=>"/usr/share/logstash/data/uuid"}
[2021-09-17T15:29:28,051][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9301}
[2021-09-17T15:29:29,384][INFO ][org.reflections.Reflections] Reflections took 34 ms to scan 1 urls, producing 24 keys and 48 values
[2021-09-17T15:29:30,686][INFO ][logstash.outputs.opensearch][main] New OpenSearch output {:class=>"LogStash::Outputs::OpenSearch", :hosts=>["//opensearch:9450"]}
[2021-09-17T15:29:30,990][INFO ][logstash.outputs.opensearch][main] OpenSearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://opensearch:9450/]}}
[2021-09-17T15:29:31,125][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"http://opensearch:9450/"}
[2021-09-17T15:29:31,165][INFO ][logstash.outputs.opensearch][main] Cluster version determined (7.10.2) {:version=>7}
[2021-09-17T15:29:31,175][ERROR][logstash.outputs.opensearch][main] Could not connect to cluster {:url=>"http://opensearch:9450/", :distribution=>nil, :major_version=>7}
[2021-09-17T15:29:31,210][ERROR][logstash.outputs.opensearch][main] Unable to retrieve OpenSearch cluster uuid {:message=>"No Available connections", :exception=>LogStash::Outputs::OpenSearch::HttpClient::Pool::NoConnectionAvailableError, :backtrace=>["/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/http_client/pool.rb:349:in `with_connection'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/http_client/pool.rb:260:in `perform_request'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/http_client/pool.rb:268:in `block in get'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/http_client.rb:208:in `get'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/plugin_mixins/opensearch/common.rb:90:in `discover_cluster_uuid'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch.rb:247:in `finish_register'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch.rb:225:in `block in register'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/plugin_mixins/opensearch/common.rb:83:in `block in after_successful_connection'"]}
[2021-09-17T15:29:31,215][INFO ][logstash.outputs.opensearch][main] Using a default mapping template {:version=>7, :ecs_compatibility=>:disabled}
[2021-09-17T15:29:31,238][ERROR][logstash.outputs.opensearch][main] Failed to install template {:message=>"No Available connections", :exception=>LogStash::Outputs::OpenSearch::HttpClient::Pool::NoConnectionAvailableError, :backtrace=>["/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/http_client/pool.rb:349:in `with_connection'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/http_client/pool.rb:260:in `perform_request'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/http_client/pool.rb:268:in `block in Pool'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/http_client.rb:388:in `exists?'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/http_client.rb:393:in `template_exists?'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/http_client.rb:89:in `template_install'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/template_manager.rb:37:in `install'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch/template_manager.rb:25:in `install_template'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch.rb:413:in `install_template'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch.rb:248:in `finish_register'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/outputs/opensearch.rb:225:in `block in register'", "/usr/share/logstash/vendor/local_gems/217134f0/logstash-output-opensearch/lib/logstash/plugin_mixins/opensearch/common.rb:83:in `block in after_successful_connection'"]}
[2021-09-17T15:29:31,279][INFO ][logstash.javapipeline    ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>32, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>4000, "pipeline.sources"=>["/etc/logstash/config.json"], :thread=>"#<Thread:0x6bbabd1d run>"}
[2021-09-17T15:29:33,695][INFO ][logstash.javapipeline    ][main] Pipeline Java execution initialization time {"seconds"=>2.41}
[2021-09-17T15:29:33,741][INFO ][logstash.inputs.redis    ][main] Registering Redis {:identity=>"redis://@redis:6379/0 list:logstash"}
[2021-09-17T15:29:33,777][INFO ][logstash.inputs.redis    ][main] Registering Redis {:identity=>"redis://@redis:6379/0 list:logstash"}
[2021-09-17T15:29:33,777][INFO ][logstash.inputs.redis    ][main] Registering Redis {:identity=>"redis://@redis:6379/0 list:logstash"}
[2021-09-17T15:29:33,778][INFO ][logstash.inputs.redis    ][main] Registering Redis {:identity=>"redis://@redis:6379/0 list:logstash"}
[2021-09-17T15:29:33,786][INFO ][logstash.javapipeline    ][main] Pipeline started {"pipeline.id"=>"main"}
[2021-09-17T15:29:33,885][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2021-09-17T15:29:36,190][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"http://opensearch:9450/"}
[2021-09-17T15:29:36,197][ERROR][logstash.outputs.opensearch][main] Could not connect to cluster {:url=>"http://opensearch:9450/", :distribution=>nil, :major_version=>7}
[2021-09-17T15:29:41,201][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"http://opensearch:9450/"}
[2021-09-17T15:29:41,207][ERROR][logstash.outputs.opensearch][main] Could not connect to cluster {:url=>"http://opensearch:9450/", :distribution=>nil, :major_version=>7}
[2021-09-17T15:29:46,212][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"http://opensearch:9450/"}
[2021-09-17T15:29:46,220][ERROR][logstash.outputs.opensearch][main] Could not connect to cluster {:url=>"http://opensearch:9450/", :distribution=>nil, :major_version=>7}
[2021-09-17T15:29:51,225][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"http://opensearch:9450/"}
[2021-09-17T15:29:51,230][ERROR][logstash.outputs.opensearch][main] Could not connect to cluster {:url=>"http://opensearch:9450/", :distribution=>nil, :major_version=>7}
[2021-09-17T15:29:56,236][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"http://opensearch:9450/"}
[2021-09-17T15:29:56,240][ERROR][logstash.outputs.opensearch][main] Could not connect to cluster {:url=>"http://opensearch:9450/", :distribution=>nil, :major_version=>7}
[2021-09-17T15:30:01,244][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"http://opensearch:9450/"}
[2021-09-17T15:30:01,248][ERROR][logstash.outputs.opensearch][main] Could not connect to cluster {:url=>"http://opensearch:9450/", :distribution=>nil, :major_version=>7}
[2021-09-17T15:30:06,252][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"http://opensearch:9450/"}
[2021-09-17T15:30:06,256][ERROR][logstash.outputs.opensearch][main] Could not connect to cluster {:url=>"http://opensearch:9450/", :distribution=>nil, :major_version=>7}
[2021-09-17T15:30:11,260][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"http://opensearch:9450/"}
[2021-09-17T15:30:11,264][ERROR][logstash.outputs.opensearch][main] Could not connect to cluster {:url=>"http://opensearch:9450/", :distribution=>nil, :major_version=>7}

Running tcpdump we see that the health checks succeed.

HEAD / HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Host: opensearch:9450
User-Agent: Manticore 0.7.0
Accept-Encoding: gzip,deflate

HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
content-length: 534

GET / HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Content-Length: 0
Host: opensearch:9450
User-Agent: Manticore 0.7.0
Accept-Encoding: gzip,deflate

HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
content-encoding: gzip
content-length: 330

{
  "name" : "opensearch-2",
  "cluster_name" : "opensearch-dev",
  "cluster_uuid" : "CIbySD6EScKrd29iEjNpfg",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "tar",
    "build_hash" : "34550c5b17124ddc59458ef774f6b43a086522e3",
    "build_date" : "2021-07-02T23:22:21.383695Z",
    "build_snapshot" : false,
    "lucene_version" : "8.8.2",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}

OpenSearch output plugin config

output {
  opensearch {
    hosts => ["opensearch:9450"]
    index => "logstash-%{[system]}-%{+YYYY.MM.dd}"
  }
}

To Reproduce
Steps to reproduce the behavior:

  1. Start 3 node OpenSearch cluster in Kubernetes
  2. Start Logstash 7.13.x with OpenSearch output plugin

Expected behavior
No Could not connect to cluster errors.

Host/Environment (please complete the following information):

  • Fedora CoreOS 34.20210821.3.0
  • Kubernetes 1.22.2
  • Logstash 7.13.x with OpenSearch output plugin Docker image logstash-oss-with-opensearch-output-plugin:7.13.2
  • OpenSearch 1.0.0 Docker image opensearchproject/opensearch:1.0.1

Additional context
opensearch:9450 is a service in Kubernetes in front of 3 OpenSearch nodes. We also tried the plugin with a list of our 3 nodes (both internal Kubernetes StatefulSet names and external host names) and were still getting the errors.

Logstash OSS 7.10.2 with Elasticsearch output plugin works without problems.

Clean up README and other files

We copied the basic template files from .github project. Will update relevant files to reflect changes according to this project.

Integration tests deletes all index including system index

All integration test deletes all index as part of clean up. This causes following error message:
Error: tegration_1 | [2021-06-21T22:02:55,004][ERROR][c.a.o.i.i.ManagedIndexCoordinator] [ab331d39266a] get managed-index failed: [.opendistro-ism-config] IndexNotFoundException[no such index [.opendistro-ism-config]

Hence, don't delete any system index to get rid of this error message.

Support repositories like yum, homebrew, apt-get

Is your feature request related to a problem? Please describe.
I should be able to download from repositories instead of manually downloading from webpage.

Describe the solution you'd like
Support popular repositories

Describe alternatives you've considered
N/A

Additional context
Add any other context or screenshots about the feature request here.

Release Version 1.2.0

Preparation

  • Assign this issue to a release owner.
  • Create, update, triage and label all features and issues targeted for this release with v1.2.0.

CI/CD

  • Increment version on main to 1.2.0
  • Ensure working and passing CI.

Pre-Release

  • Branch and build from a 1.2 branch.
  • Feature complete, pencils down.
  • Fix bugs that target this release.

Release

  • Complete documentation.
  • Gather, review and publish release notes.
  • Verify all issued labeled for this release are closed or labelled for the next release.

Post Release

  • Create a release tag.
  • Conduct a postmortem, and publish its results.

[BUG] Elasticsearch output fail - Could not connect to a compatible version of Elasticsearch

We use OpenSearch v1.0.0 with the latest logstash oss version from opensearch itself (https://opensearch.org/docs/clients/logstash/index/) . Both is running via docker(-compose).

To Reproduce
Steps to reproduce the behavior:

  1. Run OpenSearch Elastic + Kibana
  2. Setup logstash-oss container and configure elasticsearch as an output
  3. Start logstash container
  4. See error

Expected behavior
Logstash should insert the entries into elasticsearch.

Plugins
Default installation, just using tcp/udp syslog inputs with a single elasticsearch output

Host/Environment (please complete the following information):

  • Debian 10

Logs
Logstash config:
`input {
udp {
port => "514"
type => "syslog"
}

tcp {
port => "514"
type => "syslog"
}

}

output
{
elasticsearch {
hosts => ["xx.xx.xx.xx:9200"]
user => admin
password => "admin"
ssl => true
ssl_certificate_verification => false
index => "syslog-%{+YYYY.MM.dd}"
ilm_enabled => false
manage_template => false
}
}`

logstash | Using bundled JDK: /usr/share/logstash/jdk logstash | OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release. logstash | Sending Logstash logs to /usr/share/logstash/logs which is now configured via log4j2.properties logstash | [2021-08-16T11:37:18,326][INFO ][logstash.runner ] Log4j configuration path used is: /usr/share/logstash/config/log4j2.properties logstash | [2021-08-16T11:37:18,335][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.13.2", "jruby.version"=>"jruby 9.2.16.0 (2.5.7) 2021-03-03 f82228dc32 OpenJDK 64-Bit Server VM 11.0.11+9 on 11.0.11+9 +indy +jit [linux-x86_64]"} logstash | [2021-08-16T11:37:19,302][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600} logstash | [2021-08-16T11:37:19,722][INFO ][org.reflections.Reflections] Reflections took 39 ms to scan 1 urls, producing 24 keys and 48 values logstash | [2021-08-16T11:37:20,443][WARN ][deprecation.logstash.inputs.udp] Relying on default value of pipeline.ecs_compatibility, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode. logstash | [2021-08-16T11:37:20,640][WARN ][deprecation.logstash.outputs.elasticsearch] Relying on default value of pipeline.ecs_compatibility, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode. logstash | [2021-08-16T11:37:20,698][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//xx.xx.xx.xx9200"]} logstash | [2021-08-16T11:37:20,727][WARN ][logstash.outputs.elasticsearch][main] ** WARNING ** Detected UNSAFE options in elasticsearch output configuration! logstash | ** WARNING ** You have enabled encryption but DISABLED certificate verification. logstash | ** WARNING ** To make sure your data is secure change :ssl_certificate_verification to true logstash | [2021-08-16T11:37:21,012][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[https://admin:[email protected]:9200/]}} logstash | [2021-08-16T11:37:21,872][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"https://admin:[email protected]:9200/"} logstash | [2021-08-16T11:37:21,914][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch version determined (1.0.0) {:es_version=>1} logstash | [2021-08-16T11:37:21,931][ERROR][logstash.outputs.elasticsearch][main] Unable to get license information {:url=>"https://admin:[email protected]:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '400' contacting Elasticsearch at URL 'https://xx.xx.xx.xx:9200/_license'"} logstash | [2021-08-16T11:37:21,936][ERROR][logstash.outputs.elasticsearch][main] Could not connect to a compatible version of Elasticsearch {:url=>"https://admin:[email protected]:9200/"} logstash | [2021-08-16T11:37:22,009][ERROR][logstash.outputs.elasticsearch][main] Unable to retrieve Elasticsearch cluster uuid {:message=>"No Available connections", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::NoConnectionAvailableError, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.0.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:381:in with_connection'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.0.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:292:in perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.0.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:300:in block in get'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.0.2-java/lib/logstash/outputs/elasticsearch/http_client.rb:199:in get'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.0.2-java/lib/logstash/plugin_mixins/elasticsearch/common.rb:152:in discover_cluster_uuid'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.0.2-java/lib/logstash/outputs/elasticsearch.rb:308:in finish_register'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.0.2-java/lib/logstash/outputs/elasticsearch.rb:279:in block in register'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.0.2-java/lib/logstash/plugin_mixins/elasticsearch/common.rb:145:in block in after_successful_connection'"]} logstash | [2021-08-16T11:37:22,056][INFO ][logstash.javapipeline ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>500, "pipeline.sources"=>["/usr/share/logstash/pipeline/logstash.conf"], :thread=>"#<Thread:0x24c95f66 run>"} logstash | [2021-08-16T11:37:22,776][INFO ][logstash.javapipeline ][main] Pipeline Java execution initialization time {"seconds"=>0.72}

Update documentation

Add documentation to show usage on AWS IAM and auth_type as updated configuration.

Should support OpenSearch that uses tls certificate and key for authentication

Is your feature request related to a problem? Please describe.
Should support opensearch where tls certificates are configured.

Describe the solution you'd like
Allow config parameter to support passing client certificate and key

Describe alternatives you've considered
N/A

Additional context
Add any other context or screenshots about the feature request here.

Log the actual version received that's incompatible

Is your feature request related to a problem? Please describe.

Looking at

logstash-output-opensearch/lib/logstash/outputs/opensearch/distribution_checker.rb

Line 31 in 1d825d8

log_incompatible_version(url)
we don't actually log enough information or raise an error with enough information to know what version was received that is not compatible. This makes it hard to action for users and we'll see bug reports that require work from the reporter to go and figure out what kind of node the output plugin was trying to talk to.

Describe the solution you'd like

Log all the necessary details about the version of the node being talked to, including distribution and version.

Provide Windows builds of Logstash OSS with OpenSearch Output Plugin

Is your feature request related to a problem? Please describe.
We ingest logs from Windows machines. We need to download the Windows build of Logstash from Elastic and then manually install the OpenSearch plugin.

Describe the solution you'd like
I would like OpenSearch to provide Windows builds of Logstash OSS with OpenSearch Output Plugin.

Support for ElasticSearch 6.x clusters

Is your feature request related to a problem? Please describe.

The logstash-output-amazon_es plugin provides SigV4 signing for AWS OpenSearch Service clusters. It works with Elasticsearch version 6.5 and above. Now that the logstash-output-opensearch plugin supports SigV4 signing, it is very similar to the amazon_es plugin. I believe the logstash-output-opensearch plugin can replace the amazon_es plugin.

One key difference is that the logstash-output-opensearch plugin does not currently support Elasticsearch 6.x clusters.

Describe the solution you'd like

Support Elasticsearch 6.x clusters.

Describe alternatives you've considered

An alternative is to require teams with 6.x clusters to use the amazon_es plugin. But, this is likely to confuse developers since there are two plugins with very similar functionality. Additionally, some teams may have clusters with multiple versions.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.