Explicitly support OpenSearch #6
Comments
|
We can definitely consider it. |
|
I'm currently testing, so far it going well, but that is to be expected. OpenSearch was forked from the 7.10.2 versions of the ELK stack so the differences are minimal. OpenSearch is gaining traction because of the licensing change of Elastic and the whole vibe that caused. ElasticSearch is creating a walled garden and preventing interoperability with OpenSearch. For now they are extremely similar but during a community meeting the maintainers have indicated that each project will go their separate ways eventually. So over time there will be some differences. Suricata itself and the log aggregator (logstash) will be fine, OpenSearch released output plugins already because of the licensing checks built in by Elastic. Another option is FluentD/Bit. If things will break, they will break in the Kibana dashboards. |
|
Understood,thank you ! |
|
Been testing today, as far as I can see the dashboards are fine for now. It is more something to take into account with future developments of Suricata to explicitly check whether everything is working for OpenSearch as well :) So my question is to formally support OpenSearch (which involves no work - at this time) :) |
|
Sure. I think it will not be that difficult. |
|
Cool :) |
OpenSearch is a open source clone of ElasticSearch which has gone source available only with restrictive licensing (SSPL/Elasticv2). We are preferring OpenSearch for this reason. For now the dashboards will probably work out of the box (since they didn't really deviate), but this might change in the future.
Could you support OpenSearch as well?
The text was updated successfully, but these errors were encountered: