Added value of OpenSearch (previously — Open Distro for Elasticsearch)
What is OpenSearch?
OpenSearch is an open-source Elasticsearch and Kibana fork created by Amazon. The Elasticsearch analogue is OpenSearch, while Kibana analogue is OpenSearch Dashboards.
First introduced in 2019 as Open Distro for Elasticsearch, in July 2021 it was released as OpenSearch 1.0. While Amazon is offering OpenSearch as a managed service on its AWS platform, being open-source software, it can also be manually deployed on other cloud platforms or on-premises.
Added-value of OpenSearch
Part of OpenSearch’s value derived from the following features which are included for free:
- Enhanced Security
(to meet security and compliance demands)
- TLS support — Provides encryption in transit
- Authentication — using LDAP/Active Directory, SAML, Kerberos, JSON web tokens, TLS certificates, and Proxy authentication/SSO as well as basic HTTP auth.
- Role-based access control — to limit user access to cluster operations, indices, and even the fields and documents.
- Multi-tenancy — to allow multiple teams to access and share the same cluster, while keeping their data separate and private
- Audit logging — to keep track of suspicious behaviour
OpenSearch allows users to set up alert triggers and send alert notifications to recipients via various channels including email, Slack, webhooks for various integrations, etc. Alert triggers can be set up via Elasticsearch queries so they are quite flexible. Triggers can, for example, be set to alert on specific log text or a combination of multiple conditions. Triggered alerts are indexed by Elasticsearch for further analysis and statistics.
3. Performance Analyzer
While Elastic is well known for logging, Open Distro steps somewhat outside of that main field of expertise and provides metrics alongside logs. This is valuable for predicting and staying on top of potential problems, but also for quickly getting to the underlying cause once a problem has occurred.
Performance analyzer can run independently of the Elastic cluster so it can be used for diagnostics even in situations where the cluster itself is experiencing issues.
4. SQL Queries Support
OpenSearch allows analyzing data using standard SQL queries. Joins are supported, even between indices, albeit with some limitations.
JDBC access to the internal OpenSearch data is provided so that third party tools like BI suites, etc. can access and analyze it from outside.
5. Index Management
Improved index lifecycle management is provided to ease maintenance tasks.
6. k-Nearest Neighbor Search
Enables advanced use cases such as product recommendations, anomaly and fraud detection, image and video search, related document search, etc.
Elastic offers paid plans which unlock advanced features in Elasticsearch and Kibana. This means that end-users opting to deploy on their own the free versions of Elasticsearch and Kibana will not receive those features. Some of them might be considered essential like alerting, reporting, encryption, etc.
OpenSearch fills the gap for those users by offering many features for free with additional features planned for future versions. Amazon’s dedication to keeping OpenSearch open and under active development, as well as considering shared governance, gives hope that OpenSearch will be a product that can be relied upon in the years to come.
In the end, both Elastic and OpenSearch offer excellent value, and it is up to the end-users to decide what is best for them.
Author: Dragan Bocevski, DevOps Engineer at Keitaro
This article was originally published at keitaro.com