Read incremental logs from opensearch index as input

steppox · January 16, 2026, 2:46pm

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

Describe the issue:

Hello, I’m trying to use Data Prepper to read logs from opensearch index (as input) and send to an external server. Just for test, I’m reading from opensearch index and writing to local file instead of external server. The problem (?) is that for each interval, the full content of the index is written into the file, leading to lot of duplicates into the file. I would like to have an “incremental read” from the index to put in the file only new logs which have not been written in the file already. Is there any configuration to make it work?

Configuration:

  source:
    opensearch:
      hosts: ["https://<my-host>:9200"]
      indices:
        include:
          - index_name_regex: "<my-index>_2026-01-16"
      username: "admin"
      password: "<password>"
      connection:
        insecure: true
      scheduling:
        interval: "30s"
      acknowledgments: true

Relevant Logs or Screenshots:

Topic		Replies	Views
I want to automate log ingestion similar similar to what is in the playground DevOps	4	373	November 21, 2023
Trying to read logs through opentelemetry and data prepper but facing an error Open Source Elasticsearch and Kibana discuss	4	694	May 20, 2024
Trying to read logs through opentelemetry and data prepper but facing this error Data Prepper	1	252	July 23, 2024
Opensearch in get log and metrics using opentelemetry and data prepper there are not show in log and metrics OpenSearch	0	490	August 21, 2024
Opensearch dashboard is not getting log lines after 10-15 minutes OpenSearch troubleshoot	2	862	August 2, 2023

Read incremental logs from opensearch index as input

Related topics