Hi there,
We are having problems with using elastalert2 and Opensearch. We are using Opensearch, but need to use the compatibility mode 7.10.2, as some team members have found that Logstash and Beats (which we are using) will not work well with Opensearch 1.x or 2.x, and therefore, we have turned compatibility mode on, and are using 7.10.2.
However, now that we have done that, although Logstash and Beats work, we have found that elastalert2 does not work. The error we get, is when elastalert2 first tries to create it’s own index, and it does the following that gives a 400 error. It is to do with Opensearch not liking the ?include_type_name=true.
In other words, from the elastalert2 logs, we see that it is doing this:
PUT [https://opensearch.sandbox:443/elastalert_status/_doc/_mapping?include_type_name=true](https://opensearch.sandbox/elastalert_status/_doc/_mapping?include_type_name=true) [status:400 request:0.007s]
Reading Elastic 7 index mappings:
The error returned is:
**elasticsearch.exceptions.RequestError: RequestError(400, 'illegal_argument_exception', 'request [/elastalert_status/_doc/_mapping] contains unrecognized parameter: [include_type_name]')**
Can you help us please with the following questions:
(1) When we turn ON backwward compatibility mode, is Opensearch fully compliant as a 7.10.2 Elasticsearch cluster, OR does it just return the version 7.10.2 to clients, but actually nothing else changes?
(2) If we have to select Opensearch 1.x or 2.x, will Beats and Logstash work with this version ad are they compatible? WHich versions of Logstash, and beats will we have to use , in order to be compatible with Opensearch 1.x and 2.x (we have seen the matrix in this link, but it is not 100% clear. Tools - OpenSearch Documentation
Thanks