Logstash opensearch filter plugin

pushan · February 6, 2024, 1:52pm

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser): 2.11.1

Describe the issue:

opensearch filter plugin for logstash is not working.

Configuration:

Below logstash config gives the error-
[ERROR][logstash.javapipeline ][main] Pipeline error {:pipeline_id=>"main", :exception=>#<Faraday::SSLError wrapped=#<OpenSSL::SSL::SSLError: certificate verify failed>>

input { ... }

filter {
	opensearch {
		hosts => ["https://localhost:9200"]
		# ssl => true
		# ssl_certificate_verification => false
		index => "students"
		user => "admin"
		password => "admin"
		query_template => "es-query/student_id_query.json"
		docinfo_fields => {
			"_id" => "student_id"
		}
	}
}

output { ... }

Then if I change the filter plugin like this (using ssl_certificate_verification => false), the below error occurs-

[ERROR][logstash.filters.opensearch] Unknown setting 'ssl_certificate_verification' for opensearch

input { ... }

filter {
	opensearch {
		hosts => ["https://localhost:9200"]
		#ssl => true
		ssl_certificate_verification => false
		index => "students"
		user => "admin"
		password => "admin"
		query_template => "es-query/student_id_query.json"
		docinfo_fields => {
			"_id" => "student_id"
		}
	}
}

output { ... }

If I remove https:// from the host and enable ssl => true, then also same error occurs.

Please look into the filter plugin for logstash-

Relevant Logs or Screenshots:

[ERROR][logstash.javapipeline ][main] Pipeline error {:pipeline_id=>“main”, :exception=>#<Faraday::SSLError wrapped=#<OpenSSL::SSL::SSLError: certificate verify failed>>

[ERROR][logstash.filters.opensearch] Unknown setting ‘ssl_certificate_verification’ for opensearch

pjanzen · February 6, 2024, 2:49pm

I think the correct way to disable certificate verification is

ssl_verification_mode: none

Then the correct config would be

filter {
	opensearch {
		hosts => ["https://localhost:9200"]
		ssl => true
		ssl_verification_mode => none
		index => "students"
		user => "admin"
		password => "admin"
		query_template => "es-query/student_id_query.json"
		docinfo_fields => {
			"_id" => "student_id"
		}
	}
}

pushan · February 6, 2024, 4:03pm

Hi @pjanzen,

Thank you for replying.

As I mentioned before, the setting ssl_verification_mode is unknown to opensearch filter plugin here. Although it works in the output plugin.

With the suggested configuration, I received the below error-

[2024-02-06T21:31:00,890][ERROR][logstash.filters.opensearch] Unknown setting 'ssl_certificate_verification' for opensearch
[2024-02-06T21:31:00,894][ERROR][logstash.agent           ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"Java::JavaLang::IllegalStateException", :message=>"Unable to configure plugins: (ConfigurationError) Something is wrong with your configuration."

pushan · February 6, 2024, 4:07pm

I have also provided the details in the issue-

github.com/opensearch-project/opensearch-clients

Logstash Elasticsearch Filter for OpenSearch

opened 10:21AM - 21 Dec 21 UTC

vnil1994

enhancement i want a new client

**Is your feature request related to a problem? Please describe.** We are runni…ng OpenSearch 1.2.2 and are looking to use the logstash filter plugin "elasticsearch" for lookup and enrichment in other indices, before we send the logs to Opensearch and it's corresponding index. However, it seems that the logstash filter plugin "Elasticsearch" does not support OpenSearch. It complains with the following error message: > [2021-12-17T15:17:16,883][ERROR][logstash.javapipeline ][main] Pipeline error {:pipeline_id=>“main”, :exception=>#<LogStash::ConfigurationError: Could not connect to a compatible version of Elasticsearch> I originally created a forum post [here](https://discuss.opendistrocommunity.dev/t/logstash-oss-with-elasticsearch-filter-plugin-connecting-to-opensearch/8073) for this problem and was asked to create a feature request for it. **Describe the solution you'd like** Attempt to let Logstash connect to an OpenSearch instance without failing the license check, or perhaps build a logstash plugin with features similar to the existing Elasticsearch filter plugin that is able to connect to Elasticsearch OSS and OpenSearch instances. **Describe alternatives you've considered** We have tried running this command in the cluster: PUT _cluster/settings ``` { "persistent": { "compatibility": { "override_main_response_version": true } } } ``` but the license check still fails. **Additional context** The documentation for elasticsearch-filter-plugin: https://www.elastic.co/guide/en/logstash/current/plugins-filters-elasticsearch.html

Topic		Replies	Views
Logstash Opensearch Input OpenSearch	6	305	October 6, 2023
Logstash input with logstash-input-opensearch plugins fail without ssl OpenSearch discuss , troubleshoot , configure	1	355	January 19, 2024
Security issue while dumping logs to opensearch dashboards OpenSearch	8	272	November 9, 2023
Opensearch 2.3 and logstash 8.4: elastic common schema? OpenSearch configure	4	980	October 26, 2022
logstash setting Security	13	16216	May 24, 2019

Logstash opensearch filter plugin

Related topics