Hi team,
I am trying to setup OpenSearch as a logging solution on Kubernetes. Fluent-bit will be used to collect container logs and push them to OpenSearch. And there will be a program that will make REST API calls to OpenSearch to fetch logs. There are few requirements for this setup.
- The oldest logs that need to be fetched by the program would be those from 30 days ago. Since logs older than that won’t be queried, I want to archive them for 1 year. If there is a need to look at archived logs (E.g. Due to a compliance request), there should be a way to get them.
- It should be possible to deploy this OpenSearch setup on any Kubernetes cluster. So the solution can’t be limited to services of a specific cloud provider.
- OpenSearch stores data on Kubernetes Persistent Volumes. There should be a way to take backups of them to ensure that there won’t be data loss.
I would appreciate your feedback on the following
- I am hoping to use snapshots for backup and archival. Is there a way to differentiate backups and archived logs in OpenSearch or are they all considered snapshots?
- I am hoping to use Index State Management to take snapshots. Is this the correct approach to automate taking snapshots?
- Can I restore snapshots taken from one OpenSearch cluster to a new OpenSearch cluster that I create from scratch? Or is restoring allowed only to the same cluster?