Ingesting data into Elasticsearch or OpenSearch can be challenging since it involves a number of steps including collecting, converting, mapping, and loading data from different data sources to your Elasticsearch or OpenSearch index. You have to convert the raw data into a structured data format such as JSON or CSV, clean it, and map it to target data fields. You also have to batch and buffer the data for efficient loading so that the data is available immediately for querying without overloading your cluster’s compute and networking resources.
With Amazon OpenSearch Service, you can easily accomplish all of this, by leveraging the integrations with Amazon Kinesis Data Firehose, Logstash, Amazon CloudWatch, or AWS IoT, providing you the flexibility to select the ingestion tool that meets your use case requirements.
Data ingestion using Amazon Kinesis Data Firehose
With Amazon Kinesis Firehose, you can easily convert raw streaming data from your data sources into the formats required by your Elasticsearch or OpenSearch index and load it to Amazon OpenSearch Service, without having to build your own data processing pipelines.
To use this feature, simply select an AWS Lambda function from the Amazon Kinesis Firehose delivery stream configuration tab in the AWS Management Console. Amazon Kinesis Firehose will automatically apply the AWS Lambda function to every input data record and load the transformed data to your Amazon OpenSearch Service index.
Amazon Kinesis Firehose provides pre-built Lambda blueprints that can be used without any change or customized for converting common data sources such as Apache logs and system logs to JSON and CSV formats. You can also configure Amazon Kinesis Firehose to automatically retry failed jobs and back up the raw streaming data. Learn more »
Data ingestion using Logstash
Amazon OpenSearch Service supports integration with Logstash, an open-source data processing tool that collects data from sources, transforms it, and then loads it to Elasticsearch or OpenSearch. You can easily deploy Logstash on Amazon EC2 and set up your Amazon OpenSearch Service domain as the backend store for all logs coming through your Logstash implementation. Logstash supports a library of pre-built filters to easily perform common transformations such as parsing unstructured log data into structured data through pattern-matching; renaming, removing, replacing, and modifying fields in your data records; and aggregating metrics. Learn more »
Data ingestion using Amazon CloudWatch Logs
Amazon CloudWatch Logs lets you monitor and troubleshoot your systems and applications using your existing system, application, and custom log files. You can configure a CloudWatch Logs log group to stream data to your Amazon OpenSearch Service domain in near real-time through a CloudWatch Logs subscription. This integration is convenient if you are already using CloudWatch Logs to collect log data, and would like to share that data with your Amazon OpenSearch Service users. Learn more »
Data ingestion using AWS IoT
AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. With AWS IoT, you can capture data from connected devices such as consumer appliances, embedded sensors, and TV set-top boxes. Using the AWS Management console you can configure AWS IoT to load the data directly to Amazon OpenSearch Service, enabling you to provide your customers near real-time access to IoT data and metrics. Learn more »
How to choose the right ingestion mechanism
Choosing the right ingestion mechanism depends on your use case requirements such as data latency and data type. For large data volumes, we recommend using Amazon Kinesis Data Firehose, which is fully managed, automatically scales to match the throughput of your data, and requires no ongoing administration. It can also transform, compress, and batch the data before loading it to Amazon OpenSearch Service domain. Often, the choice also comes down to the services you are already using. For example, if you are already collecting application logs using Amazon CloudWatch Logs, you can simply load that data into your Amazon OpenSearch Service domain without much additional effort.
OpenSearch includes certain Apache-licensed Elasticsearch code from Elasticsearch B.V. and other source code. Elasticsearch B.V. is not the source of that other source code. ELASTICSEARCH is a registered trademark of Elasticsearch B.V.