search

Push data or event logs from Logstash into an OpenSearch Cluster

hashtag
Prerequisites

Suppose you have successfully initialized an OpenSearch Cluster with the following parameters:

Next, proceed to push sample data into OpenSearch Dashboards or push event logs from Logstash into OpenSearch.

hashtag
Push sample data into OpenSearch Dashboards

Sample data will help you get familiar with OpenSearch Dashboards and test data visualization capabilities.

hashtag
Step 1: Download sample data

Run the following command to download sample data:

curl -O https://raw.githubusercontent.com/opensearch-project/documentation-website/2.19/assets/examples/ecommerce-field_mappings.json
curl -O https://raw.githubusercontent.com/opensearch-project/documentation-website/2.19/assets/examples/ecommerce.ndjson

hashtag
Step 2: Create index and push data into OpenSearch

Run the following command to create an index and push data to OpenSearch:

# 2. Create index and data.
curl -H "Content-Type: application/json" -X PUT "https://<<OpenSearch_ReceiveLogs_Endpoint>>/ecommerce" -k -H "Authorization: Basic $(echo -n 'master-user:<<Master_User_Password>>' | base64)" --data-binary "@ecommerce-field_mappings.json"
curl -H "Content-Type: application/json" -X PUT "https://<<OpenSearch_ReceiveLogs_Endpoint>>/ecommerce/_bulk" -k -H "Authorization: Basic $(echo -n 'master-user:<<Master_User_Password>>' | base64)" --data-binary "@ecommerce.ndjson"

You can get the OpenSearch_ReceiveLogs_Endpoint information from the vDB Portal and replace <<Master_User_Password>> with the master account password you previously created.

Example:

arrow-up-rightThe result will display as follows:

Step 3: Check data on OpenSearch Dashboards

  1. Access and log in to OpenSearch Dashboards

  2. Go to Management, select Dashboard Management

  1. Select Index patterns, then select Create index pattern

  1. Enter Index pattern name, for example ecommerce* then select Next step

  1. Access Discover to view the sample data.

hashtag
Push event logs from Logstash into OpenSearch

If you want to collect and push event logs from Logstash into OpenSearch, follow these steps:

hashtag
Step 1: Install Logstash (if not already installed)

On Ubuntu/Debian:

On CentOS/RHEL:

hashtag
Step 2: Configure Logstash to send logs to OpenSearch

Create a configuration file for Logstash, for example:

Add the following content:

Replace:

  • OpenSearch_ReceiveLogs_Endpoint with your OpenSearch Receive Logs Endpoint from the vDB Portal.

  • Your_MasterUser_Password with the master account password you previously created.

hashtag
Step 3: Start Logstash

After configuration is complete, start Logstash to begin sending logs:

hashtag
Step 4: Check data in OpenSearch

You can check logs using the OpenSearch API:

Example:

If logs appear, it means Logstash has successfully sent data to OpenSearch.

hashtag
Step 5: View logs on OpenSearch Dashboards

  1. Access and log in to OpenSearch Dashboards

  2. Go to Management, select Dashboard Management

  1. Select Index patterns, then select Create index pattern

  1. Enter Index pattern name, for example logstash-logs* then select Next step

  1. Finally, access Discover to view the logs.

PreviousAccess and Work on OpenSearch DashboardNextOpenSearch Cluster Features

Last updated