I have deployed Logstash 8.6.1 with the logstash-output-opensearch plugin. This is the config related to pushing the logs to OpenSearch:
output {
if [type]=="logback" {
opensearch {
hosts => [ "https://search-x.ap-southeast-1.es.amazonaws.com" ]
auth_type => {
type => 'basic'
user => 'x'
password => 'y'
}
index => "logback-%{+YYYY}"
ecs_compatibility => disabled
}
}
}
When running logstash, I noticed that the log prints:
[2023-03-01T07:02:47,126][WARN ][logstash.outputs.opensearch][main] Attempted to resurrect connection to dead OpenSearch instance, but got an error {:url=>"https://search-x.ap-southeast-1.es.amazonaws.com:9200/", :exception=>LogStash::Outputs::OpenSearch::HttpClient::Pool::HostUnreachableError, :message=>"OpenSearch Unreachable: [https://search-x.ap-southeast-1.es.amazonaws.com:9200/][Manticore::ConnectTimeout] Connect to search-x.ap-southeast-1.es.amazonaws.com:9200 [search-x.ap-southeast-1.es.amazonaws.com/x.x.x.x, search-x.ap-southeast-1.es.amazonaws.com/x.x.x.x] failed: Connect timed out"}
The Opensearch network access is on Public, its version is 1.1, is this warning related to firewall settings?
When I tried curl https://search-x.ap-southeast-1.es.amazonaws.com with the required Basic auth header, it does return information:
{
"name": "e",
"cluster_name": "x",
"cluster_uuid": "y",
"version": {
"number": "7.10.2",
"build_type": "tar",
"build_hash": "unknown",
"build_date": "2022-10-20T07:32:13.999133Z",
"build_snapshot": false,
"lucene_version": "8.9.0",
"minimum_wire_compatibility_version": "6.8.0",
"minimum_index_compatibility_version": "6.0.0-beta1"
},
"tagline": "The OpenSearch Project: https://opensearch.org/"
}
I can also access the OpenSearch dashboard.
