Updating Search API from ElasticSearch to OpenSearch

Plugins Alerting
1

Describe the issue:
Currently I’ve been tasked with upgrading one of our Data Pipelines from ElasticSearch over to OpenSearch. I’ll preface this by explaining that I’m relatively new to how both systems operate, however, I’m needing to pull back (basically) the same data using the query below. I’m interfacing through the Rest API but I’m wanting to at least pull back some information through the Query / console builder within the dev tools of OpenSearch. As of right now, any query that I’m executing is returning 0 total results and I’m curious as to why.

Given that information, even providing a similar Query through the console yields zero results. Even if I attempt to pull back data from any other indexes, I run into the same issue. Is it possible that the ‘should : match’ section is incorrectly referencing the appropriate variables? Or is this an issue with something else?

Configuration:

GET /heartbeatalerts-*/_search
{
        "size": 10000,
        "query": {
          "bool" : {
            "filter" : {
              "range" : {
                "@timestamp": {       
                    "gte": "2023-01-01T19:37:10", 
                    "lte": "2023-04-04T16:19:52"                  
                }
              }
            },
            "should" : [ 
              { "match" : 
                { "event.action" : "kick" } }, { "match" : { "event.action" : "pull-request"  } }, { "match" : { "event.action" : "production-release"  } }, { "match" : { "event.action" : "rollback"  } } ], "minimum_should_match" : 1, "boost" : 1.0
          }
        },
          "track_total_hits": true 
      }

Original ElasticSearch url: https://REDACTED.us-east-1.aws.found.io:9243/heartbeatalerts-*/_search
header: {'Content-Type': 'application/json', 'Authorization': 'ApiKeyREDACTED'}

Elastic Search query: 
      {
        "size": 10000,
        "query": {
          "bool" : {
            "filter" : {
              "range" : {
                "@timestamp": {       
                    "gte": "2021-03-24T19:37:10", 
                    "lte": "2023-04-04T16:19:52"                  
                }
              }
            },
            "should" : [ 
              { "match" : 
                { "event.action" : "kick" } }, { "match" : { "event.action" : "pull-request"  } }, { "match" : { "event.action" : "production-release"  } }, { "match" : { "event.action" : "rollback"  } } ], "minimum_should_match" : 1, "boost" : 1.0
          }
        },
        "sort": [ 
          {"@timestamp": 
            {"order": "asc", "format": "strict_date_optional_time_nanos"}},
          {"_id": {"order": "asc"}}
        ] ,
          "track_total_hits": true 
      }
2

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.