Compatibility of OpenSearch 2.x with Logstash 9.x and Filebeat 9.x

private-email · June 25, 2025, 2:50pm

The current Versions i use:

OpenSearch 2.19.2
logstash-oss 8.17.2
Filebeat 8.18.3

Hi OpenSearch team,

I’m currently considering using Logstash 9.x and Filebeat 9.x with OpenSearch 2.19.2 and in the future the transition to OpenSearch 3.x is possible closer to 3.5. I know from the documentation that OpenSearch 2.x is compatible with Logstash 8.x, but I couldn’t find an official compatibility matrix for Logstash 9.x and Filebeat 9.x.

I have the following questions:

Is Logstash 9.x officially supported with OpenSearch 2.x?

If so, could I use the logstash from Docker Hub ?
Are there any limitations or known issues when using Logstash 9.x (e.g. ECS compatibility mode)?

Is Filebeat 9.x compatible with OpenSearch 2.x?

Do I need to enable Elastic Common Schema (ECS) explicitly to ensure compatibility with OpenSearch ingestion and dashboards?

Does OpenSearch provide any guidelines on how to properly configure ECS in this kind of setup?

I want to make sure I’m not introducing silent incompatibilities by moving to the 9.x versions of Logstash and Filebeat. Any documentation or clarification would be appreciated.

Thanks in advance!

Best regards,
Nick

abarocco · June 25, 2025, 3:23pm

Hi, in my environment i’m using Opensearch 3.0 with Logstash 8.18 and Filebeat 8.18. All compatibily, i don’t have the necessity of explicit the ECS.

But to make logstash compatible with opensearch, and all the logstash nodes you have to install the logstash-output-plugin.

And in the output section of your pipine you have to setup

output {
  opensearch {
    hosts => ["localhost:9200"]
    index => "xxxxx"
    user => "xxx"
    password => "xxxxxx"
    ssl => (true/false)
    cacert => ""
  }
}

But i don’t use Logstash-oss but just Logstash x64

private-email · June 25, 2025, 3:34pm

Hi @abarocco, thanks a lot for your response!

Glad to hear your setup works well — I appreciate you sharing your configuration.

Just to clarify, my use case is a bit different:
I’m currently using OpenSearch 2.19.2, and I’m considering moving to Logstash 9.x and Filebeat 9.x (currently running logstash-oss 8.17.2 and Filebeat 8.18.3).
I’m mainly trying to avoid any subtle incompatibilities or surprises by moving to the 9.x stack.

Dhruv · September 18, 2025, 8:40am

Hi @private-email

Have tried running Logstash 9.x? Did it work.?
If you can provide more details it would be great.

pc_9393 · May 19, 2026, 8:58am

@private-email

Does upgrading to 9.x worked for you?

private-email · May 19, 2026, 2:05pm

Hi. I’m still on version 8.x. It still receives some updates. Just haven’t had the time to get around to upgrading yet. Since posting this, I haven’t done any further research on what I was asking about here. If you’ve found some useful info and feel like sharing it with everyone — feel free, welcome to do so. I’d be happy to hear it!

Anthony · May 20, 2026, 9:39am

This information might be useful regarding Logstash and Filebeats version compatibility.

I would recommend to raise an issue to update the documentation here

Topic		Replies	Views
Filebeat & Logstash version upgrade compatibility with AWS OpenSearch 2.19 on EKS — what is the correct stable version? OpenSearch	1	38	May 19, 2026
Logstash Compatibility With Opensearch! OpenSearch discuss	1	282	April 23, 2025
Logstash output OpenSearch compatibility OpenSearch Client Libraries clients-general	5	960	May 14, 2023
Logstash-filebeat-Opensearch version compatibility OpenSearch	1	2274	March 2, 2023
Which beats for ingesting logs from Linux server into Opensearch 3.1 OpenSearch configure , install	1	176	July 17, 2025

Compatibility of OpenSearch 2.x with Logstash 9.x and Filebeat 9.x

Related topics