We are planning to leverage OpenSearch for the XDR kind of project. We want to leverage most of the major features like Alerting, Detection, Machine Learning for Anomaly Detection, etc. So, I want to know that, are there any downsides of using OpenSearch instead of ElasticSearch for this particular use case.
I also didn’t find any proper comparison between OpenSearch vs ElasticSearch over the internet. So, can someone please provide the link or resource where I can have a detailed comparison?
I think that relaying on comparing features on paper is not necessary a great idea since how the features are implemented or supported might be the difference between being able to run it in production or not especially when it comes to multi-tenant installations.
When choosing Elasticserach or OpenSearch I think the go or no-go differences is the availability of paid support vs. the Apache 2.0 License. I can’t talk for everybody else but I would think that most people that choose OpenSearch does it because of the they consider the License the killer feature and if you consider paid support an imporant feature i think Elasticsearch (or some other vendor/system) is the way to go.
+1 for that
Another thing to consider is that you can be part of the community, and contribute changes/issues to opensearch that affect your own projects. Naturally, that would not happen with Elasticsearch.
@oscark @amitai Yes, agreed with you guys regarding licensing and all. In fact, that’s one of the major reasons that why we are leaning more towards OpenSearch instead of ES. But the thing is Alerting that OpenSearch provides seems basic and we can’t investigate that particular alert further. Each Alerts shows very few details. So, Does OpenSearch have Alerting feature improvements/development on the roadmap?
Regarding Alerts -
You can have a discussion on missing features in the Alerts here:
Or open an issue in the relevant repo (dashboards side or backend):