OpenSearch Logs Integration
To make use of the Sematext OpenSearch Logs integration, you'll need to install the Sematext Agent and configure it to ship OpenSearch logs via the Logs Discovery. You will want to create or select an existing OpenSearch Logs App because that is what will provide you with all the out of the box dashboards, some of which you can see below.
Once data is in, you can explore it via the built-in reports:
Be sure to check out the OpenSearch Monitoring integration as well, to get a complete view on OpenSearch. For example, if you see logs of a node restarting, metrics let you see the impact on the rest of the cluster in terms of CPU, GC, and other metrics. Including query time metrics, even if you don't collect slowlogs from [all] queries.
Exploring logs¶
Once data is in, you can explore it using the built-in reports or create your own.
Queries Report¶
You can use the Queries report to see a breakdown of your queries and "zoom in" to the ones you're interested in:
Errors Report¶
You can use the Errors report to see breakdown of what's wrong, for example, which nodes or components generate errors:
Clustering Report¶
You can use the Clustering report to see logs produced by components that have to do with cluster coordination. Cluster coordinator logs, logs related to a node joining/leaving a cluster and shard allocation:
Deprecation Report¶
You can use the Deprecation report to see a breakdown of deprecation logs by node and component:
Start & Stop Report¶
You can use the Start & Stop report to see startup-related and shutdown-related logs. Look here if a node went down unexpectedly or doesn't show up in the cluster when started:
Troubleshooting¶
If you have trouble sending logs, try out the latest version of Sematext Agent. Also, make sure Sematext Agent is configured to send logs to your OpenSearch Logs App. Last, check the Log Agents panel for any errors, and refer to our Sematext Logs FAQ for useful tips.