How Zeek integration to opensearch

taha · November 18, 2025, 7:02am

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

Hello, I am using OpenSearch version 3.1.

Describe the issue:

I want to send Zeek logs to Opensearch but I haven’t been able to find a suitable tool yet. I used Fluent-bit before but it wasn’t very useful for me. What other tools do you recommend? I also used Filebeat oss but I gave up on using it because the zeek model wasn’t available in this version and it wasn’t very compatible with opensearch.

Configuration:

Relevant Logs or Screenshots:

Anthony · November 18, 2025, 10:26am

@taha Great question, The most straight forward approach can be to configure Zeek to produce json logs (using option LogAscii::use_json=T), you can then simply use Data Prepper file source, using something like the following:

zeek-json:
  source:
    file:
      path: /zeek/logs/conn.log
  sink:
    - opensearch:
        hosts: ["https://opensearch:9200"]
        username: admin
        password: "..."
        insecure: true
        index: zeek-logs-{{yyyy.MM.dd}}

You can fo course apply additional processing to the logs using Data Prepper processors

Hope this helps

Topic		Replies	Views
Is dataprepper necessary to send logs from fluentbit to opensearch? General Feedback	5	3537	May 6, 2024
OpenSearch Api to feed log files to OpenSearch OpenSearch	10	3225	January 28, 2025
working example OpenSearch	2	494	May 10, 2023
Take data from filebeat to opensearch to see all in opensearch-dashboards OpenSearch	5	7450	May 9, 2023
How to send logs kafka to opensearch OpenSearch	32	4381	November 25, 2021

How Zeek integration to opensearch

Related topics