Hi all. We’re trying to switch from Elastic Stack to OpenSearch. OpenSearch and Dashboards are now running. However, our old Filebeat 7.17 won’t connect. I know they’re intentionally blocking OpenSearch after 7.13. I tried “override_main_response_version”: true, but no luck.
So, my questions:
Is it hopeless to continue with Filebeat?
When OpenSearch forked, did they also fork a version of FileBeat?
If we have to give up on Filebeat, could anyone point me to other options? Any recommendations? Our Filebeat needs are fairly simple. We want something light-weight that we can get up and running quickly.
Thank you, Pablo. We are leaning towards using Logstash directly, without FileBeat. Would you know if the OpenSearch Logstash instructions here will work?:
I still don’t know if OpenSearch has its own version of Logstash. Worried this will hit the same blockage.
@McJava1967 I’ve used the docker configuration from the OpenSearch documentation and it worked.
It always depends on what you’d like to send to OpenSearch.
This is a Logstash with an OpenSearch output plugin. According to the Docker hub, the latest available version is 8.9.0. I think you should be fine for now.
