Support URLs instead of IPs on external_opensearch option for audit logs

OpenSearch v2.9.0

Describe the issue:
I want to centralise the audit logging of all our clusters into one, using the external_opensearch option of audit logs, targeting an external OpenSearch cluster.

As explained in the official documentation, I need to specify a comma-separated list of hosts/IP addresses and the REST port, like the following: [,]

As expected, things like [localhost:9200,localhost:9201] also work.

What doesn’t work is setting an actual URL there, like or This will persist even if the hosts behind the cluster change.
At the moment, if a cluster changes hosts, I need to adapt and restart all clusters, to pick up the new IPs.

Am I missing something, or the possibility of using an actual URL that corresponds to an OpenSearch cluster on (or similar setting) is not yet there?

Note: In case this is indeed not possible, I’ve created a github issue

Hi @spapadop

Could you share the opensearch.yml file ? Have you tried to add TLS settings?

In my lab, It will work if I add: [] and also add the following TLS settings:

Thanks @Eugene7, my mistake was to use

instead of

I am not sure if having https prefix should be supported or not.

Also, another thing that does not work is things like

just for cases opensearch engine is running in a specified path.

In any case, I’ll raise these on github and let’s see what they’ll say.

Thanks again for the support!