What is the compatible version of latest Logstash version with Opensearch 2.10.0?

adesh28 · October 18, 2023, 11:47am

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
I tried different versions of logstash (8.4,0, 8.6.1,8.9.0) , but none of them is working.

but same working fine for logstash version 7.16.0

log shows

[ERROR][logstash.outputs.opensearch][my-pipeline_1][7f3703f59724b8ff34625f6f6af5e8515045256d0d72eab56c34ecb036f34d29] Could not index event to OpenSearch. {:status=>400, :action=>[“index”, {:_id=>nil, :_index=>“auditlogs-%{[yearEvent]}”, :routing=>nil}, {“log”=>{“file”=>{“path”=>“/abc/xyz.log”}}, “@timestamp”=>2023-10-18T11:39:45.955052093Z, “browser”=>“Firefox”, “username”=>“0==administrator”, “tenantID”=>“0”, “client”=>“...”, “weblink”=>“/api/account/login”, “@version”=>“1”, “user”=>“administrator”, “method”=>“POST”, “logtime”=>“14:39:45”, “jsondata”=>“{"LoginName":"administrator","Password":"","status":"success"}|", “event”=>{“original”=>"14:39:45|...|Firefox|administrator|POST|/api/account/login|{"LoginName":"administrator","Password":"****","status":"success"}|”}}], :response=>{“index”=>{“_index”=>“auditlogs-%{[yearEvent]}”, “_id”=>nil, “status”=>400, “error”=>{“type”=>“invalid_index_name_exception”, “reason”=>“Invalid index name [auditlogs-%{[yearEvent]}], must be lowercase”, “index”=>“auditlogs-%{[yearEvent]}”, “index_uuid”=>“na”}}}}

apart from this in documentation of openSearch it show

“docker pull opensearchproject/logstash-oss-with-opensearch-output-plugin:7.16.2” even for opensearch version 2.11.0

is it just the example?

pablo · October 18, 2023, 12:32pm

@adesh28 You need to use Logstash OSS version.

Take a look at this docker repository.
https://hub.docker.com/r/opensearchproject/logstash-oss-with-opensearch-output-plugin/tags?page=1&ordering=name

adesh28 · October 19, 2023, 4:12am

Yes, I’m using the logstash oss version 7.16.2.

but i want to know whether is there any latest version of logstash oss compatible with openSearch 2.10.0 ?

pablo · November 11, 2023, 1:30pm

@adesh28 As per the docker repository. The latest version is 8.9.0

This docker repository is maintained by opensearchproject.

This version should work with OS 2.11.0

The initially shared error doesn’t complain about compatibility.
According to that error you’re using a user called administrator. Could you confirm that?

Also please share the logstash opensearch output config, roles.yml and roles_mapping.yml.

Topic		Replies	Views
Is the Kibana v7.10.2 compatible with Opensearch v1.2.4? OpenSearch troubleshoot , install	0	297	May 31, 2022
Logstash-oss with elasticsearch filter plugin connecting to opensearch General Feedback	5	1595	December 21, 2021
Logstash output to opensearch OpenSearch troubleshoot	2	406	October 25, 2022
Unable to send data from packetbeat OSS through logstash OpenSearch troubleshoot	8	318	March 14, 2023
OpenSearch logstash 7.16.2 issue with AWS elasticsearch input OpenDistro security-issue	5	1268	January 6, 2022

What is the compatible version of latest Logstash version with Opensearch 2.10.0?

Related Topics