Compatibility of OpenSearch 2.x with Logstash 9.x and Filebeat 9.x

private-email · June 25, 2025, 2:50pm

The current Versions i use:

OpenSearch 2.19.2
logstash-oss 8.17.2
Filebeat 8.18.3

Hi OpenSearch team,

I’m currently considering using Logstash 9.x and Filebeat 9.x with OpenSearch 2.19.2 and in the future the transition to OpenSearch 3.x is possible closer to 3.5. I know from the documentation that OpenSearch 2.x is compatible with Logstash 8.x, but I couldn’t find an official compatibility matrix for Logstash 9.x and Filebeat 9.x.

I have the following questions:

Is Logstash 9.x officially supported with OpenSearch 2.x?

If so, could I use the logstash from Docker Hub ?
Are there any limitations or known issues when using Logstash 9.x (e.g. ECS compatibility mode)?

Is Filebeat 9.x compatible with OpenSearch 2.x?

Do I need to enable Elastic Common Schema (ECS) explicitly to ensure compatibility with OpenSearch ingestion and dashboards?

Does OpenSearch provide any guidelines on how to properly configure ECS in this kind of setup?

I want to make sure I’m not introducing silent incompatibilities by moving to the 9.x versions of Logstash and Filebeat. Any documentation or clarification would be appreciated.

Thanks in advance!

Best regards,
Nick

abarocco · June 25, 2025, 3:23pm

Hi, in my environment i’m using Opensearch 3.0 with Logstash 8.18 and Filebeat 8.18. All compatibily, i don’t have the necessity of explicit the ECS.

But to make logstash compatible with opensearch, and all the logstash nodes you have to install the logstash-output-plugin.

And in the output section of your pipine you have to setup

output {
  opensearch {
    hosts => ["localhost:9200"]
    index => "xxxxx"
    user => "xxx"
    password => "xxxxxx"
    ssl => (true/false)
    cacert => ""
  }
}

But i don’t use Logstash-oss but just Logstash x64

private-email · June 25, 2025, 3:34pm

Hi @abarocco, thanks a lot for your response!

Glad to hear your setup works well — I appreciate you sharing your configuration.

Just to clarify, my use case is a bit different:
I’m currently using OpenSearch 2.19.2, and I’m considering moving to Logstash 9.x and Filebeat 9.x (currently running logstash-oss 8.17.2 and Filebeat 8.18.3).
I’m mainly trying to avoid any subtle incompatibilities or surprises by moving to the 9.x stack.

Topic		Replies	Views
Logstash Compatibility With Opensearch! OpenSearch discuss	1	69	April 23, 2025
Logstash output OpenSearch compatibility OpenSearch Client Libraries clients-general	5	874	May 14, 2023
Logstash / beat compatibility OpenSearch	4	366	May 29, 2023
Logstash-filebeat-Opensearch version compatibility OpenSearch	1	2046	March 2, 2023
Logstash and latest beats OpenSearch	1	91	June 26, 2024

Compatibility of OpenSearch 2.x with Logstash 9.x and Filebeat 9.x

Related topics