Amazon OpenSearch Service is a managed service that makes it easy to deploy, operate, and scale OpenSearch clusters in the AWS Cloud. Amazon OpenSearch Service supports OpenSearch and legacy Elasticsearch OSS (up to 7.10, the final open source version of the software). When you create a cluster, you have the option of which search engine to use. For more details, refer to the AWS documentation.
Log and Metric types
You can collect the logs and metrics for Sumo Logic's Amazon OpenSearch Service integration by following the below steps.
Configure metrics collection
- Collect CloudWatch Metrics with namespace
AWS/ESusing the AWS Kinesis Firehose for Metrics source. For
AWS/ESmetrics and dimensions, refer to Amazon OpenSearch Service CloudWatch metrics.
Configure logs collection
Collect Amazon CloudWatch Logs using AWS Kinesis Firehose for Logs source. Amazon OpenSearch Service exposes Error logs, Slow logs and Audit logs through Amazon CloudWatch Logs. Search slow logs, indexing slow logs, and error logs are useful for troubleshooting performance and stability issues. Audit logs track user activity for compliance purposes.
Collect AWS CloudTrail Logs using AWS CloudTrail source. Amazon OpenSearch Service integrates with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in OpenSearch Service. CloudTrail captures all configuration API calls for OpenSearch Service as events. The captured calls include calls from the OpenSearch Service console, AWS CLI, or an AWS SDK. If you create a trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for OpenSearch Service. Using the information collected by CloudTrail, you can determine the request that was made to OpenSearch Service, the IP address from which the request was made, who made the request, when it was made, and additional details.