Could you please someone provide our requirement for high level that would be understandable for us
We have an OpenSearch requirement… In that case, what are the procedure to use Opensearch.
[1] How can we push the logs into OpenSearch
[2] what are the environment we need to install like File beat, Logstash ?
[3] Please provide the installation guide for all, if any
[4] How can we integrate for all those environment for getting the logs in an OpenSearch ?
[5] For that OpenSearch, Do we need to install the ElasticSearch ?
Like that, could you please provide all the high level definition we need to push the logs into an open search, that would be very helpful to start our work further !!
[1] How can we push the logs into OpenSearch
There are many ways to push the logs into OpenSearch. You can use tools like Logstash, Filebeat, Metricbeat etc. or send data from Database, or from a file or syslog. It depends on what kind of data you’d like to send to OpenSearch and what is the data source.
[2] what are the environment we need to install like File beat, Logstash ?
Filebeat and Logstash support multiple environments. I suggest referring to Elastic documentation.
[3] Please provide the installation guide for all, if any
As per the previous answer, please refer to Elastic documentation.
[4] How can we integrate for all those environment for getting the logs in an OpenSearch ?
Please refer to OpenSearch documentation.
[5] For that OpenSearch, Do we need to install the ElasticSearch ?
No, you don’t. All you need is OpenSearch and OpenSearch Dashboards if you’d like to control OpenSearch cluster with WebUI.
Thanks for the response… I am need to this OpenSearch… Can you please tell me the below queries.
[1] So, we need to create a two instance for Filebeat, Logstash ?
[2] For OpenSearch, we need to configure the Filebeat and Logstash… Correct me if am wrong ?
[3] Actually we are doing POC for an OpenSearch, in that case which logs we need to push manually and where we need to push it and how do we push manually ?
[1] So, we need to create a two instance for Filebeat, Logstash ?
First, you need to define your data source and use the proper pipeline to send data to OpenSearch.
The pipeline is the path between the data source and OpenSearch. If you have some software that dumps logs in a file, you should use Filebeat to monitor those files. Then Filebeat can either send data to Logstash for further processing or directly to OpenSearch.
Take a look at the documentation for both Fielbeat and Logstash.
If you have a service with syslog (i.e. pfSense) then you can send data directly to Logstash and then to OpenSearch.
[2] For OpenSearch, we need to configure the Filebeat and Logstash… Correct me if am wrong ?
Take a look at the answer to question 1.
[3] Actually we are doing POC for an OpenSearch, in that case which logs we need to push manually and where we need to push it and how do we push manually ?
I gave you some examples in the answer to question 1.
You can find some examples in the network.