How to customize ML model output in OpenSearch or use a custom model for classification?

The_Lap_1109 · July 23, 2025, 4:50pm

My use case:

Logs are indexed into OpenSearch via Wazuh.
I want to analyze these logs and classify them as normal, SQLi, or XSS using a machine learning model.
And I want the classification result visible in Wazuh Dashboard (which reads from OpenSearch).

I have a few questions:

Currently, the supported frameworks are sentence_transformers and huggingface_transformers. As I know, these models return only embeddings as output. Is there any way to customize the output of these models or add post-processing in OpenSearch (e.g., converting embeddings into a classification label such as SQLi, XSS, etc.)?
I have my own machine learning model (for example, an LSTM or fine-tuned BERT for SQL injection / XSS detection), is it possible to “import and use it inside OpenSearch” via ML Commons? If not, what is the recommended approach to integrate custom models for log classification?
Alternatively, is there a way to build an ingest pipeline that calls an “external API for inference” before indexing data into OpenSearch, so that the prediction (classification label) is stored along with the log document?

Please help me, thank you!

Topic		Replies	Views
Document classification in opensearch using Machine Learning OpenSearch	1	234	February 12, 2024
How to deploy ML saved model in joblib to OpenSearch dashboard Machine Learning	4	166	May 11, 2024
Extending OpenSearch Machine Learning with custom algorithms Machine Learning	5	440	September 30, 2023
Custom ml-common Machine Learning	5	612	November 28, 2022
How does opensearch fit into other models Machine Learning	2	245	July 30, 2024