What is the compatible version of latest Logstash version with Opensearch 2.10.0?

adesh28 · October 18, 2023, 11:47am

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
I tried different versions of logstash (8.4,0, 8.6.1,8.9.0) , but none of them is working.

but same working fine for logstash version 7.16.0

log shows

[ERROR][logstash.outputs.opensearch][my-pipeline_1][7f3703f59724b8ff34625f6f6af5e8515045256d0d72eab56c34ecb036f34d29] Could not index event to OpenSearch. {:status=>400, :action=>[“index”, {:_id=>nil, :_index=>“auditlogs-%{[yearEvent]}”, :routing=>nil}, {“log”=>{“file”=>{“path”=>“/abc/xyz.log”}}, “@timestamp”=>2023-10-18T11:39:45.955052093Z, “browser”=>“Firefox”, “username”=>“0==administrator”, “tenantID”=>“0”, “client”=>“...”, “weblink”=>“/api/account/login”, “@version”=>“1”, “user”=>“administrator”, “method”=>“POST”, “logtime”=>“14:39:45”, “jsondata”=>“{"LoginName":"administrator","Password":"","status":"success"}|", “event”=>{“original”=>"14:39:45|...|Firefox|administrator|POST|/api/account/login|{"LoginName":"administrator","Password":"****","status":"success"}|”}}], :response=>{“index”=>{“_index”=>“auditlogs-%{[yearEvent]}”, “_id”=>nil, “status”=>400, “error”=>{“type”=>“invalid_index_name_exception”, “reason”=>“Invalid index name [auditlogs-%{[yearEvent]}], must be lowercase”, “index”=>“auditlogs-%{[yearEvent]}”, “index_uuid”=>“na”}}}}

apart from this in documentation of openSearch it show

“docker pull opensearchproject/logstash-oss-with-opensearch-output-plugin:7.16.2” even for opensearch version 2.11.0

is it just the example?

pablo · October 18, 2023, 12:32pm

@adesh28 You need to use Logstash OSS version.

Take a look at this docker repository.
https://hub.docker.com/r/opensearchproject/logstash-oss-with-opensearch-output-plugin/tags?page=1&ordering=name

adesh28 · October 19, 2023, 4:12am

Yes, I’m using the logstash oss version 7.16.2.

but i want to know whether is there any latest version of logstash oss compatible with openSearch 2.10.0 ?

pablo · November 11, 2023, 1:30pm

@adesh28 As per the docker repository. The latest version is 8.9.0

This docker repository is maintained by opensearchproject.

This version should work with OS 2.11.0

The initially shared error doesn’t complain about compatibility.
According to that error you’re using a user called administrator. Could you confirm that?

Also please share the logstash opensearch output config, roles.yml and roles_mapping.yml.

Topic		Replies	Views
Logstash v8.1.1 compatibility with Opensearch OpenSearch discuss	9	2185	April 28, 2022
Opensearch output plugin with Logstash 8 OpenSearch discuss	1	993	February 23, 2022
Which Logstash version for OpenSearch 2.0.0? OpenSearch troubleshoot	2	687	June 14, 2022
Could not connect to a compatible version of Elasticsearch - Opensearch 2.9.0-1 - Logstash OutputPlugin 8.9.0 OpenSearch troubleshoot , configure , install	1	2610	October 11, 2023
Logstash for opensearch OpenSearch releases , discuss , configure , install , upgrade	0	31	August 9, 2024

What is the compatible version of latest Logstash version with Opensearch 2.10.0?

Related topics