I am evaluating OpenSearch vs Elasticsearch on AWS for a customer. They have AWS environments with several hundred EC2 hosts (Linux, Windows), use AWS services, multiple in-house tech stacks and SaaS apps, and they are starting their Logging and SIEM journey from scratch.
I would greatly appreciate your insights into the abundance or lack thereof of available and pre-built capabilities (free or fee-based) in the following categories.
-
log shipping pipeline that takes input, normalize, enrich, agggregate, etc. the logs before shipping for popular software packages such as Windows Log Events, NGIX, Apache, SSH, SQL Server, MySQL, PostgreSQL, AWS services such VPC Flow Logs, RDS, Aurora, etc. etc…
-
Dashboards (OpenSearch Dashboards or Kibana, incl. Canvas) for the logs shipped in step 1
-
Alerting built on logs shipped in step 1
-
Reporting built on logs shipped in step 1
-
Predictive analysis (AI, ML, Anomaly) built on logs shipped in step 1