I have deployed Logstash 8.6.1 with the logstash-output-opensearch plugin. This is the config related to pushing the logs to OpenSearch:
output {
if [type]=="logback" {
opensearch {
hosts => [ "https://search-x.ap-southeast-1.es.amazonaws.com" ]
auth_type => {
type => 'basic'
user => 'x'
password => 'y'
}
index => "logback-%{+YYYY}"
ecs_compatibility => disabled
}
}
}
When running logstash, I noticed that the log prints:
[2023-03-01T07:02:47,126][WARN ][logstash.outputs.opensearch][main] Attempted to resurrect connection to dead OpenSearch instance, but got an error {:url=>"https://search-x.ap-southeast-1.es.amazonaws.com:9200/", :exception=>LogStash::Outputs::OpenSearch::HttpClient::Pool::HostUnreachableError, :message=>"OpenSearch Unreachable: [https://search-x.ap-southeast-1.es.amazonaws.com:9200/][Manticore::ConnectTimeout] Connect to search-x.ap-southeast-1.es.amazonaws.com:9200 [search-x.ap-southeast-1.es.amazonaws.com/x.x.x.x, search-x.ap-southeast-1.es.amazonaws.com/x.x.x.x] failed: Connect timed out"}
The Opensearch network access is on Public, its version is 1.1, is this warning related to firewall settings?
When I tried curl https://search-x.ap-southeast-1.es.amazonaws.com with the required Basic auth header, it does return information:
{
"name": "e",
"cluster_name": "x",
"cluster_uuid": "y",
"version": {
"number": "7.10.2",
"build_type": "tar",
"build_hash": "unknown",
"build_date": "2022-10-20T07:32:13.999133Z",
"build_snapshot": false,
"lucene_version": "8.9.0",
"minimum_wire_compatibility_version": "6.8.0",
"minimum_index_compatibility_version": "6.0.0-beta1"
},
"tagline": "The OpenSearch Project: https://opensearch.org/"
}
I can also access the OpenSearch dashboard.
if it's Amazon OpenSearch service (managed service), the default port is not 9200, but 443 or 80 (I'm not sure you can change this configuration). Please also make sure that you don't have a IAM policy blocking your requests