Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[feature request] - add dashboards for OpenSearch #46

Open
anubisg1 opened this issue Jan 27, 2023 · 3 comments
Open

[feature request] - add dashboards for OpenSearch #46

anubisg1 opened this issue Jan 27, 2023 · 3 comments

Comments

@anubisg1
Copy link

As per title, would be great if you could add dashboards for OpenSearch 2.x as well.
logstash itself works the same so that piece won't be needed

@enotspe
Copy link
Owner

enotspe commented Feb 3, 2023

That is a great idea!!! I have never used Opensearch myself tough.

May I ask, why would you use Opensearch instead of Elastic?? (besides price of course). Are there any features you may consider useful for the project that we should consider??

@anubisg1
Copy link
Author

anubisg1 commented Feb 3, 2023

our reasons were mostly around cost... we needed what we considered basic features, but that are behind a very steep paywall for Elastic with their X-Pack. things like AD authentication, branding, alerting via webhook.

So we looked at hopesearch and we found it to be good enough for our needs.
for fortinet2elasticsearch i would thing that the security analytics feature could be something to look into:

https://opensearch.org/docs/latest/security-analytics/index/

otherwise data ingestion is pretty straight forward. you can use the latest logstash (we use 8.5.3, but tested with 8.6.0) , just install the output plugin logstash-output-opensearch https://github.com/opensearch-project/logstash-output-opensearch and the output section of the pipeline would look like something around those lines:

output {
  opensearch {
    hosts => [ "${OS_HOSTS}" ]
    user => "${OS_USER}"
    password => "${OS_PASSWORD}"
    cacert => '/etc/logstash/certificates/ca.crt'
    ssl => true
    index => "syslog-%{+YYYY.MM.dd}"
  }

that means that all of your ingestion/parsing should remain untouched, and the only thing to look at are (possibly) index templates and definitely at the dashboards...

@enotspe
Copy link
Owner

enotspe commented Jun 27, 2024

We are considering developing Grafana dashboards for the project. Probably that would be the start for other Grafana elements, like alerts, scenes, etc. I think that would be more universal than porting to Opensearch

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants