Amazon OpenSearch Service optimized for log analytics
A purpose-built analytics engine within Amazon OpenSearch service designed specifically for log analytics, delivering up to 4x better price-performance — lesser storage costs, faster queries at scale, and unified search and analytics in one managed service.
Purpose-built for modern log analytics
With exponential data growth, customers need to analyze patterns at scale before investigating into root causes with search. Amazon OpenSearch Service optimized for log analytics brings a highly optimized engine to Amazon OpenSearch Service — delivering better price-performance through lesser storage costs, faster query execution, and a unified architecture that keeps search and analytics together in one managed service. No compromises.
Benefits
Up to 4×
Better price-performance
Delivers up to 4x price-performance improvement for log analytics workloads. Storage drops by up to 70%. Same managed service, same billing model, no new contract.
2× faster
Faster analytics at scale
Analytical queries run faster through an columnar storage architecture designed for the workload. 2x ingestion throughput and 2x analytical query speed on the same hardware. SQL and PPL are fully accelerated.
1 service
Unified analytics and search
Find logs by content and aggregate the results in one SQL statement. Experience analytical SQL with full-text search in one service. No need to move data between separate search and analytics engines—query everything in place with a single, unified architecture.
Use cases
Reduce log analytics infrastructure cost
With OpenSearch for log analytics, the same workload runs on fewer nodes with 70% less storage, 4X price performance compared to OpenSearch standard engine. Annual savings can be reallocated to product development.
Consolidate search and analytics onto one service
Whether an SRE team chose a search-first or analytics-first tool, their incident response needs to be fast — they can't sift through massive log volumes fast enough or search deep enough to find root cause. With OpenSearch optimized for log analytics, teams get both the aggregation speed and the drill-down depth to resolve incidents faster.
Run fast analytical queries directly on log data
A data engineer exports log data nightly for analytical queries, but slow query performance constrains analysis and the export pipeline adds latency and maintenance overhead. With OpenSearch optomized for log analytics, queries return results within seconds across terabytes of log data, and full-text search is available on the same data when engineers need to find specific errors across billions of events.
Migrate from a legacy vendor at a fraction of the cost
A security team running a legacy vendor at scale uses a pipe-based query language. With OpenSearch for log analytics, SQL and PPL provide a familiar pipe-based syntax at a fraction of the cost, delivering significant annual savings.
Key capabilities
Replaces search-era structures with a columnar format optimized for aggregations, filters, and trend queries. The architecture delivers significant storage and compute savings compared to current Amazon OpenSearch Service configurations, whether running with or without search enabled.
Customers pay for instances and storage under the same billing model — just fewer of each. No new product, no new contract, no new procurement. Reserved instances with OpenSearch optimized for log analytics further reduce costs compared to the current configuration.
Processes data in bulk rather than row by row, so the queries that dominate log analytics — count errors by service, filter by time range, aggregate by host — return faster. Both SQL and PPL run natively through the new architecture, with no translation bottleneck.
Find specific log messages, aggregate results by any dimension, and rank by frequency—all in one SQL statement.
Existing REST APIs, client libraries, and ingestion endpoints stay compatible. Domains upgrade in place — no migration required, no data re-ingestion. Alert monitors, anomaly detectors, and dashboards move to PPL and OpenSearch UI at launch.
How it works
OpenSearch optimized for log analytics integrates seamlessly into your existing Amazon OpenSearch Service environment.
1. Ingest
Use existing REST APIs, client libraries, and ingestion endpoints. No new pipelines or agents required.
2. Store
Data is written to a columnar format optimized for analytics, reducing storage footprint by up to 70%.
3. Analyze
Run SQL and PPL natively. Aggregations, filters, and trend queries execute at 2x speed compared to OpenSearch 3.5.
4. Search
Full-text search predicates work within SQL. Find and aggregate in one statement during incident investigations.
Resources
Get started with OpenSearch optimized for log analytics.
Did you find what you were looking for today?
Let us know so we can improve the quality of the content on our pages