Opster - OpenSearch guides

OpenSearch

Elasticsearch

OpenSearch Basics

OpenSearch Best Practices

OpenSearch Capacity Planning

OpenSearch Data Architecture

OpenSearch High Availability

OpenSearch How To's

OpenSearch Machine Learning

OpenSearch Operations

OpenSearch Search APIs

OpenSearch Security

< Back to all guides

Cross-Cluster Search in Elasticsearch & OpenSearch

Cross-cluster search enables users to execute a query across multiple Elasticsearch or OpenSearch clusters. To perform cross cluster search...

How to Install OpenSearch on EC2 Using Terraform

To install OpenSearch on EC2, you will need a route-53 resource that connects to your VPC. The Terraform module will deploy 3 EBS, 5 EC2...

How to Install OpenSearch on Kubernetes (Using HELM charts)

Helm is the best way to find, share, and use software built for Kubernetes. To install OpenSearch using Helm charts, you need to first...

How to Migrate from Elasticsearch to OpenSearch

OpenSearch supports migration to Elasticsearch using rolling upgrades. There're 4 methods to migrate data from Elasticsearch to OpenSearch...

How to migrate from Elasticsearch to OpenSearch for versions after 7.10

If you’re using Elasticsearch version 7.11 or later, you cannot use rolling upgrades to migrate to OpenSearch. Instead, you can use these...

How to Set Up & Operate OpenSearch on Kubernetes Using the Open-Source Operator

Installation instructions, advantages of using the Operator for OpenSearch management, tips and benefits of...

How to Set Up Alerting in OpenSearch

There are 3 types of OpenSearch alerts: system, logs, & business specific. Before creating an alert you need to set a channel. An example...

OpenSearch _source

OpenSearch keeps the original JSON document in a field called _source. The source field serves special purposes such as...

OpenSearch Aggregations

The aggregations framework is a tool built in every OpenSearch deployment. The different aggregation types: Bucket, Metric & Pipeline...

OpenSearch Alias

An OpenSearch alias is a secondary name to refer to one or more indices. Aliases can be created and deleted dynamically using...

OpenSearch Bulk

OpenSearch bulk makes it possible to perform many write operations in a single API call, which increases indexing speed. Using bulk API...

OpenSearch Cache: Node Request, Shard Data & Field Data Cache

OpenSearch uses 3 types of caches to improve the efficiency of operation: node requests, shards and field data cache. To clear...

OpenSearch Circuit Breaker Exceptions: How to Handle Circuit Breakers

Circuit breaker exceptions are thrown to alert us that something needs to be fixed in OpenSearch in order to reduce memory usage. To fix...

OpenSearch Circuit Breakers

OpenSearch has circuit breakers to deal with OutOfMemory errors that cause nodes to crash. To size a circuit breaker...

OpenSearch Client

Official OpenSearch clients are available for java, Perl, PHP, python, ruby and .NET. The official clients follow a similar structure and...

OpenSearch Cluster

An OpenSearch cluster is a group of servers (nodes) working together to store data & respond to requests. The key elements of clustering...

OpenSearch Dashboards vs Kibana: A Comprehensive Comparison

This article will compare OpenSearch Dashboards and Kibana, highlighting their similarities, differences, and...

OpenSearch DELETE

DELETE is an OpenSearch API that removes a document from a specific index. It requires an index name & _id document to delete the document.

OpenSearch Delete By Query

OpenSearch delete by query is an API, which provides functionality to delete all documents based on the matching query. If you don't...

OpenSearch Deprecation

To find out which functions have been deprecated in OpenSearch, you can use deprecation logs, deprecation API, read breaking pages...

OpenSearch Discovery

OpenSearch discovery occurs when a node starts, restarts or loses contact with the master node. The discovery.seed_hosts...

OpenSearch Disk Threshold

OpenSearch uses several parameters to enable it to manage hard disk storage across the cluster, such as...

OpenSearch Docker - How to Spin Up a Cluster Using Docker

The easiest way to start testing OpenSearch is running the available docker image. To spin up an OpenSearch cluster using docker, you need...

OpenSearch Document

Each OpenSearch document is a JSON structure, which is ultimately considered to be a series of key:value pairs. An example for creating...

OpenSearch Fielddata

In OpenSearch the term Fielddata is relevant when performing sorting and aggregations on text field. To set fielddata=true, you...

OpenSearch Filter

An OpenSearch filter applies conditions inside the query to narrow down the matching results. A filter clause can be used used in...

OpenSearch Flush, Translog and Refresh

In OpenSearch, flush is the process of permanently storing data onto the disk for all of the operations that have been stored in memory.

OpenSearch Heap Size Usage and JVM Garbage Collection

The OpenSearch heap size is the amount of RAM allocated to the JVM of a node. When JVM performance is not optimal...

OpenSearch High CPU

High CPU in OpenSearch is often a symptom of other underlying issues. It should be fixed since a distressed node will slow query response...

OpenSearch Index

An OpenSearch index contains a schema and can have one or more shards and replicas. Here's how to create, delete, list, and query an index.

OpenSearch Index - How to create, list, query and delete indices

An OpenSearch index contains a schema and can have one or more shards and replicas. Here's how to create, delete, list & query Indices.

OpenSearch Indexing

Indexing is the process of adding or updating new documents to an OpenSearch index. To index a document...

OpenSearch Lucene

OpenSearch Lucene or Apache Lucene is an open-source Java library used as a search engine. OpenSearch is built on top of Lucene...

OpenSearch Mapping

An OpenSearch mapping contains the properties of each field in the index. A common issue is an incorrectly defined mapping. To update...

OpenSearch Max Shards Per Node Exceeded

If the max of shards per node is exceeded in OpenSearch, shards can't be allocated. To fix this, check to see whether the limit is at...

OpenSearch Metadata

OpenSearch metadata refers to additional information stored for each document using metadata fields. Metadata fields can be customized...

OpenSearch Nodes & Node Roles

There are different types of OpenSearch nodes. Each has its own role and purpose. Cluster-Manager, coordinating and data node roles differ...

OpenSearch Observability Visualizations: How to Use Notebooks and Operational Panels

Dashboards are the most useful tool to visualize data without having to code an entire framework that consumes data from the engine...

OpenSearch Persistent Settings

In OpenSearch, Persistent refers to cluster settings that persist across cluster restarts. Examples of persistent settings include...

OpenSearch Plugins

Plugins in OpenSearch are used to extend the functionality of OpenSearch. To install and uninstall an OpenSearch plugin...

OpenSearch Queue

Queues in OpenSearch exist in the context of Thread Pools. Queues are used to hold the pending requests for thread pools. For example...

OpenSearch Rebalance

Cluster rebalancing is the process by which an OpenSearch cluster distributes data across the nodes. To force rebalance manually...

OpenSearch Recovery

In OpenSearch, recovery refers to the process of recovering an index or shard when something goes wrong. The recovery API can be used by...

OpenSearch Red Status

OpenSearch red status indicates not only that the primary shard has been lost, but also that a replica has not been promoted...

OpenSearch Refresh Interval

OpenSearch requires a refresh operation to make indexed information available for search. You can set an OpenSearch refresh_interval by...

OpenSearch Reindex

OpenSearch reindex is the concept of copying existing data from a source index to a destination index. The reindex API is...

OpenSearch Replication

OpenSearch replication refers to storing a redundant copy of the data. Replicas are used to provide high availability and failover of...

OpenSearch Repository

An OpenSearch repository needs to be registered using the _snapshot endpoint. The supported repository types are: S3, HDFS, Azure...

OpenSearch Restore

In OpenSearch, restore refers to a snapshot restore mechanism. To restore a snapshot, an index, or selected indices...

OpenSearch Routing

In OpenSearch, routing refers to document routing. OpenSearch will determine which shard the document will be routed to for indexing when...

OpenSearch Scroll

The OpenSearch scroll API is useful when a search returns a large set of results. Large search results are exhaustive for the system...

OpenSearch Search

To search in OpenSearch, send a GET request to the _search endpoint in the search API. In the query phase and the fetch phase there are...

OpenSearch Search Rejected Queue

An OpenSearch cluster can start to reject search requests for several reasons. To resolve this, check the state of the thread pool and..

OpenSearch Settings

OpenSearch settings can be configured on the cluster-level, node-level and index-level. Here's how to set up and optimize your settings.

OpenSearch Shards

Each OpenSearch shard is an Apache Lucene index. The number of shards is set when an index is created, and cannot be changed without...

OpenSearch Shards Too Large

It is a best practice that OpenSearch shard size should not go above 50GB for a single shard. If you go above this limit...

OpenSearch Snapshot

An OpenSearch snapshot is a backup of an index taken from a running cluster. It's better to use snapshots instead of disk backups due...

OpenSearch Task

An OpenSearch task is equivalent to an operation. OpenSearch provides a dedicated task API for the task management, which includes actions...

OpenSearch Template

An OpenSearch template falls into one of these categories: index templates or search templates. To create a dynamic index template...

OpenSearch Threadpool

OpenSearch threadpools are used to manage how requests are processed and to optimize the use of resources. An example of...

OpenSearch Upgrade

An OpenSearch upgrade of an existing cluster can be done in 2 ways: through a rolling upgrade or a full cluster restart. To update...

OpenSearch Version

A version corresponds to the OpenSearch built-in tracking system that tracks the changes in each document. By using _version...

OpenSearch Yellow Status

An OpenSearch yellow status indicates that one or more of the replica shards on the cluster are not allocated to a node. This could occur...

All Script Types are Allowed to Run in OpenSearch

An OpenSearch script can place heavy loads on clusters if it is not written carefully. It is a best practice to limit the type of..

Enable Adaptive Replica Selection in OpenSearch

Adaptive replica selection in OpenSearch is a process that prevents a distressed node from delaying the response to queries. To enable it...

Enable Shard Rebalancing and Allocation in OpenSearch

OpenSearch cluster shard rebalancing and allocation are often confused with each other. If cluster shard rebalancing isn't enabled, then...

Expensive Queries are Allowed to Run in OpenSearch

By default, OpenSearch expensive queries are allowed to run. By setting search.allow_expensive_queries to false, you can prevent users...

Misuse of Wildcards in OpenSearch

It's possible to reduce the risk of accidental deletion of indices by preventing OpenSearch wildcard use for destructive operations. To...

OpenSearch Bootstrap Checks

OpenSearch carries out "bootstrap checks" to ensure that important settings have been set correctly. Common issues with bootstrap checks...

OpenSearch Bootstrap.Memory_Lock is Set to False

OpenSearch can be configured to prevent memory swapping on its host machine by adding bootstrap memory_lock true. If bootstrap checks...

OpenSearch Cluster Blocks Read-Only

An OpenSearch read-only delete block can be applied automatically by the cluster because of a disk space issue. To resolve issues...

OpenSearch Dashboard

In this article, we will discuss some advanced tips and best practices for optimizing your OpenSearch Dashboards experience.

OpenSearch File Descriptors

File descriptors are required to keep track of all the files OpenSearch has open at any given time, as well as all network...

OpenSearch Script Regex is Enabled in Painless Scripts

Script regex is disabled in OpenSearch by default, but you can decide to enable it. Regex must be used with care in painless scripts...

Choosing the right amount of memory based on number of shards in OpenSearch

If the ratio of memory to number of shards in the OpenSearch cluster is low, it suggests that you have insufficient memory compared to...

How to Choose the Correct Number of Shards per Index in OpenSearch

Finding the right number of shards for your OpenSearch indices, and the right size for each shard depends on many factors, including...

How to Optimize OpenSearch Disk Space and Usage

If you don’t have enough disk space available, OpenSearch will stop allocating shards to the node. To optimize your disk space...

How to Reduce the Number of Shards in an OpenSearch Cluster

When you have too many shards in your OpenSearch cluster, there are a few steps you can take in order to reduce the number of shards...

OpenSearch Cluster State

An OpenSearch cluster state includes metadata information about nodes, indices, etc. The main causes of having a large cluster state are...

OpenSearch Cost Optimization: 12 Expert Tips

Here are 12 tips to reduce and optimize your AWS OpenSearch costs. First, plan data retention: carefully adjust your...

OpenSearch Disk Watermark

There are various watermark thresholds on an OpenSearch cluster. As the disk fills up on a node, the 1st threshold to be crossed is...

OpenSearch Flood Stage Disk Watermark

When the “disk flood stage” threshold is exceeded on an OpenSearch cluster, it will start to block core actions. To resolve this issue...

OpenSearch High Disk Watermark

High disk watermark is one of the various thresholds on your OpenSearch cluster. Passing this threshold is a warning and you should ...

OpenSearch Large Cluster State - How to Discover, Resolve and Prevent (Customer Post Mortem)

When an OpenSearch cluster state becomes too large it poses many challenges. To determine the size of your cluster state and reduce it...

OpenSearch Loaded Data Nodes

Sometimes you can observe that the CPU and load on some of your OpenSearch data nodes is higher than on others. To fix this, check the...

OpenSearch Low Disk Watermark

Low disk watermark is one of the various thresholds on your OpenSearch cluster. Here are possible actions you can take to resolve...

OpenSearch Memory Usage Guide

The OpenSearch process is very memory intensive. Here are the memory requirements and some tips to reduce your OpenSearch memory usage.

OpenSearch Oversharding

Oversharding in OpenSearch indicates that you have too many shards, and thus they are too small. To prevent and resolve this issue...

OpenSearch Shard Allocation is Unbalanced

Shard allocation is an algorithm by which OpenSearch decides which unallocated shards should go on which nodes. To resolve unbalanced...

OpenSearch UltraWarm

UltraWarm is an AWS OpenSearch service feature that provides a cost-effective way to store large amounts of time-based. To use UltraWarm...

Cold Storage in OpenSearch

With cold storage, OpenSearch provides an advanced & efficient storage solution that complements the existing UltraWarm feature. To use...

Elasticsearch ILM VS. OpenSearch ISM Policy - Comparison, Explanation and Instructions (OpenSearch ILM)

Elasticsearch ILM (Index Lifecycle Management) & OpenSearch ISM (Index State Management) have the same goal, but their execution differs...

How to configure all OpenSearch node roles (master, data, coordinating..)

Follow these steps to configure all OpenSearch node role types (master, data, coordinating, ingest, machine learning, remote eligible...

How to Define Efficient Mapping in OpenSearch

Mappings are the core element of index creation in OpenSearch. Defining them correctly can improve performance. Mapping types include...

How to leverage ingest pipelines to transform data transparently in OpenSearch

Ingest pipelines sit within the OpenSearch node and will perform a set of alterations on your data that you...

How to Model Relationships Between Documents in OpenSearch Using Join

The join data type field allows users to establish parent-child relationships between documents in OpenSearch. To use join, you need to...

How to Model Relationships Between Documents in OpenSearch Using Nesting

OpenSearch has many methods for defining relationships between documents, such as nested documents. An OpenSearch nested query...

How to Model Relationships Between Documents in OpenSearch Using Object

OpenSearch object types can be used to define relationships between documents. Here's how to use the object field type for that purpose.

How to Reduce the Number of Shards in an OpenSearch Cluster

When you have too many shards in your OpenSearch cluster, there are a few steps you can take in order to reduce the number of shards...

Index Templates in OpenSearch - How to Use Composable Templates

OpenSearch index templates allow us to create indices with user defined configuration. An index can pull the configuration from these...

Object Fields VS. Nested Field Types in OpenSearch

Nested is a special object type that is indexed as a separate document. To demonstrate the use of OpenSearch nested fields VS. object...

OpenSearch AWS UltraWarm/Cold vs Elasticsearch Searchable Snapshots

Elasticsearch & OpenSearch offer ways to save costs by putting older data into cheaper machines. OpenSearch uses UltraWarm and...

OpenSearch Cross Cluster Search and Cross Cluster Replication

This guide will go over the OpenSearch Cross Cluster Search (CCS) & Cross Cluster Replication (CCR) features, how to configure CCR and more.

OpenSearch Data Types: A Comprehensive Guide

In this article, we will delve into the different data types supported by OpenSearch and how to use them effectively.

OpenSearch Field Size - How to Calculate the Storage Size of Specific Fields in an Index

The 2 methods in OpenSsearch to calculate the storage size of specific fields in an index are: creating dedicated indices & using the Luke....

OpenSearch Global Ordinals, Eager Global Ordinals & High Cardinality Fields

Terms aggregations rely on an internal data structure known as global ordinals. The eager_global_ordinals parameter is used to...

OpenSearch match_only_text Field Type (For Storage Optimization)

The new match_only_text feature in OpenSearch can save up to 10% of disk space on logging datasets. This field type will set a flat...

OpenSearch Remote Backed Storage

Remote-backed storage is an experimental OpenSearch feature. Here's how to enable it, recover data from remote repositories & its limitations.

OpenSearch Searchable Snapshots

OpenSearch searchable snapshots allows to search snapshots in remote repositories without pre-downloading all index data to disks. To use...

OpenSearch Segment Replication

The OpenSearch segment replication feature copies segments directly to the replica nodes disk after refresh. The architecture design...

OpenSearch Source Filtering, Stored Fields, Fields and Docvalues Fields

There are various methods for retrieving fields in OpenSearch, including: _source, stored_fields, fields & docvalue_fields. To retrieve...

OpenSearch Split Index API

By using the Split Index API in OpenSearch, an existing index can be split to create a new index with extra primary shards. To do this...

OpenSearch Text Analyzers - Tokenizers, Standard Analyzers, Stopwords and More

The text analysis process in OpenSearch is tasked with two functions: tokenization & normalization and is carried out by employing analyzers.

OpenSearch Token Filters

A tokenizer decides how OpenSearch will take a set of words and divide it into separated terms called “tokens”. To work with synonyms...

OpenSearch Transforms: How to Leverage OpenSearch Index Transforms

OpenSearch transforms allow users to generate new indices based on existing data aggregations. Here's to create index transforms.

Setting up Hot-Warm architecture for ISM in OpenSearch

OpenSearch offers an easy way to configure a hot-warm architecture under specific conditions. To set up a hot-warm architecture for ISM...

SLM in Elasticsearch vs Snapshot Management in OpenSearch

Here are the similarities and differences between Elasticsearch Snapshot Lifecycle Management (SLM) and OpenSearch Snapshot Management (SM).

When You Should Transform Your OpenSearch Data Instead of Using Aggregations

There are at least three use cases where you should consider using transforms instead of aggregations in OpenSearch. First, when the...

Node Concurrent Recoveries Setting is Too High / Low in OpenSearch

The node concurrent recoveries setting in OpenSearch determines the max number of shards that can be recovered at once from each node. To...

OpenSearch Coordinating & Ingest Node

Coordinating nodes differ to ingest nodes. An ingest node is used for pre-processing documents in ingest pipelines. On the contrary...

OpenSearch Coordinating Node

An OpenSearch coordinating node handles HTTP(S) requests for the cluster, especially indexing & search requests. A coordinating only...

OpenSearch Indexing Downtime (Customer Post Mortem)

When there is indexing downtime in OpenSearch, troubleshooting is needed. To resolve this incident you need to...

OpenSearch Zone Awareness - Setting Up Zone Awareness for Shard Allocation in OpenSearch

Setting up zone awareness for shard allocation in OpenSearch ensures high availability in the case many servers go down. Here's how to...

How to Ensure OpenSearch Slow Logs Don’t Get Cut Off

Analyzing search slow logs in OpenSearch can provide users insights like the number of costly queries, reasons why queries were costly, so...

How to Improve your OpenSearch Aggregation Performance

There are multiple ways to improve your OpenSearch aggregations performance. First, you should limit the scope by filtering documents...

How to Increase OpenSearch Search Speed

In this guide, we will detail how to increase OpenSearch speed by optimizing query and OpenSearch settings.

How to Optimize Search Performance in OpenSearch

One of the most difficult issues to manage and resolve in OpenSearch is poor search performance. Here's how to optimize search performance.

How to Paginate with Point in Time (Performant and Consistent) in OpenSearch

Here's an overview of the different methods to paginate documents in OpenSearch and how to paginate with Point in Time (PIT).

How to Recover OpenSearch Dangling Indices

Follow these steps to list and restore dangling indices in OpenSearch: (1) Run the dangling indices API & copy the...

OpenSearch Async Search

The OpenSearch async search API retrieves many data in a stream fashion instead of a single request. To limit the maximum response size...

OpenSearch Autocomplete Guide

There are many approaches for autocomplete in OpenSearch: index time, query time, completion suggester & search as you type. To choose...

OpenSearch Pagination - Which Technique to Use Depending on Your Use Case

OpenSearch provides 3 different techniques for fetching many results: Pagination, Search After & Scroll. THE PIT API can extend pagination...

OpenSearch Rollup: How to Rollup Data in OpenSearch

Rollup jobs in OpenSearch reduce old data storage costs by storing summaries of data for a given time period. Rollup examples include...

OpenSearch Search Latency

This guide explores how to reduce OpenSearch search latency based on a key study. OpenSearch latency can be...

OpenSearch Search Suggestion - Term Suggester, Phrase Suggester, Completion Suggester (Autocomplete)

OpenSearch offers three types of suggesters: term suggesters, phrase suggesters & completion suggesters (autocomplete). Suggesters work...

OpenSearch Source Filtering, Stored Fields, Fields and Docvalues Fields

There are various methods for retrieving fields in OpenSearch, including: _source, stored_fields, fields & docvalue_fields. To retrieve...

Optimizing Index Renaming in OpenSearch

In this article, we will discuss the process of renaming an index in OpenSearch, the considerations to keep...

Reporting in OpenSearch

Here's how to generate reports in OpenSearch by using OpenSearch Dashboards and the CLI Reporting Feature. First, log into...

A Quick Introduction to Vector Search

This guide explains the basics of embedding vectors and how vector search works under the hood in Elasticsearch & OpenSearch.

How To Set Up OpenSearch Anomaly Detection

Anomaly detection is a feature in OpenSearch that captures unusual patterns in time series data. Here's how to set it up, with examples.

How to Set Up Vector Search in OpenSearch

This guide will walk you through setting up vector search in OpenSearch using the k-NN plugin and the Neural Search plugin.

OpenSearch Data Streams

OpenSearch data streams enforce a setup that works well with time-based data, making the ISM policies easier to configure. To create...

OpenSearch Hybrid Search

Here's how to craft powerful OpenSearch hybrid search queries, including examples. The new hybrid search query and normalization-processor...

Opensearch k-NN

In OpenSearch, kNN stands for k-nearest neighbors & is used to find nearby documents based on vector dimensions. The kNN OpenSearch plugin...

Checking OpenSearch Version: A Comprehensive Guide

In this guide, we'll discuss how to check the OpenSearch version, which is essential for ensuring compatibility. The version command line...

Cluster Manager Task Throttling in OpenSearch

Cluster manager task throttling in an OpenSearch feature that allows users to mitigate the risk of task overflow. Here's how to use it.

Heavy Merges Were Detected in OpenSearch

Heavy merges in OpenSearch use CPU, memory and disk resources, which can slow down the cluster’s response speed. In order to fix...

High Cluster Pending Tasks in OpenSearch

OpenSearch cluster pending tasks are updates to the cluster state that were initiated by a user or the cluster. To resolve, list the...

How to configure all OpenSearch node roles (master, data, coordinating..)

Follow these steps to configure all OpenSearch node role types (master, data, coordinating, ingest, machine learning, remote eligible...

How to Handle Recurring RED Status Events in OpenSearch- Customer Post Mortem

When facing recurring red status events in OpenSearch, AutoOps can be used to debug the issue. Many pending tasks in the cluster were...

How to Increase Primary Shard Count in OpenSearch

There are 2 methods to increase the primary shard count in OpenSearch: _reindex API & the _split API. Before using either method, you…

How to set up snapshot repositories in OpenSearch (S3, GCS, Azure)

Here's how to configure an OpenSearch snapshot repository for Amazon S3, Azure Blob Storage & Google Cloud Storage (GCS). To register...

Implementing AWS OpenSearch Backup: A Comprehensive Guide

This guide delves into the details of implementing AWS OpenSearch backup. There are 2 types of backups: automated & manual snapshots. To...

Index Queue Size Is High in OpenSearch

Once an indexing queue exceeds the maximum size, the OpenSearch node will start rejecting index requests. To resolve this, check the...

Loaded Cluster Managers in OpenSearch

An overloaded cluster manager in OpenSearch may cause instability in the cluster. There are 3 ways to fix this: (1) Checking for...

Node Disconnected in OpenSearch

An OpenSearch node can disconnect from a cluster for several reasons, including: excessive garbage collection from JVM, configuration...

OpenSearch - Many Index Get Requests with Missing Documents

When you try to retrieve a document by ID, OpenSearch will count the number of times that it searches for an ID which doesn't exist...

OpenSearch Cluster Concurrent Rebalance High / Low

The cluster concurrent rebalance setting in OpenSearch determines the max number of shards which the cluster can move to rebalance...

OpenSearch Cluster Manager Not Discovered Yet

An OpenSearch cluster requires a cluster manager to be identified in the cluster. Reasons why a cluster-manager is not discovered yet...

OpenSearch Document-Level Alerting

OpenSearch document-level alerting detects activities at the moment a document is indexed. To use this feature, you first need to...

OpenSearch High Indexing Throttle Time

When OpenSearch detects that the merge process cannot keep up with the rate of indexing, then it will start to throttle indexing...

OpenSearch Hotspots - Load Balancing, Data Allocation and How to Avoid Hotspots

"Hotspots" in OpenSearch refer to a situation when some nodes are handling greater load than others. To resolve hotspots...

OpenSearch Loaded Client Nodes

OpenSearch loaded client nodes could cause an increase in search or indexing response latency. To resolve...

OpenSearch Loaded Data Nodes

Sometimes you can observe that the CPU and load on some of your OpenSearch data nodes is higher than on others. To fix this, check the...

OpenSearch Memory and Disk Usage Management

One way to evaluate whether your OpenSearch resources are cost-efficient its check the ratio of disk usage to the memory allocated...

OpenSearch Performance Analyzer: Deep Dive and Best Practices

In this article, we'll dive deep into the OpenSearch Performance Analyzer, discuss its architecture and share best practices for using it.

OpenSearch Point-in-Time (PIT) API: Advanced Usage and Best Practices

This guide discusses the advanced usage of OpenSearch Point in Time (PIT) & shares best practices for optimizing its performance.

OpenSearch Rolling Restart: How to Perform Rolling Restarts

By executing OpenSearch rolling restarts with the help of the API, you can maintain high cluster availability & avoid downtime. To do..

OpenSearch Split Index API

By using the Split Index API in OpenSearch, an existing index can be split to create a new index with extra primary shards. To do this...

Optimizing Bulk Operations with OpenSearch-Py

In this guide, we will discuss how to use the OpenSearch-Py library to perform bulk operations and provide tips for optimizing performance.

Rejected Search Requests in OpenSearch - Causes and Solutions

There are a number of reasons why a search request can be rejected by the OpenSearch cluster. 400 - rejected by OpenSearch can be..

Search is Slow in OpenSearch Nodes

There are a number of possible causes for slow searches on particular OpenSearch nodes. To fix the issue, you should...

Shard-Level Backpressure & Search Backpressure in OpenSearch

Shard-level & search backpressure are OpenSearch features that seek to improve cluster performance by selectively rejecting requests when...

Slow Indexing in OpenSearch Nodes

If the indexing queue is high/causes timeouts, it hints that OpenSearch nodes can't keep up with the indexing rate. To fix slow indexing...

Combined_Fields Query Type in OpenSearch

In OpenSearch, the combined_fields query allows you to search several text fields as though their indexed values have been indexed into...

How to Optimize Fuzzy Search in OpenSearch

In this article, we will discuss how to optimize fuzzy search in OpenSearch to improve search performance and accuracy.

OpenSearch Async Search

The OpenSearch async search API retrieves many data in a stream fashion instead of a single request. To limit the maximum response size...

OpenSearch Boolean Queries

There are 4 types of OpenSearch boolean clauses: filter, must, should & must_not. A single bool query can contain a mix of them. To use...

OpenSearch Boosting Query

OpenSearch boosting query is used to return only documents that match a positive query while minimizing the score of documents that...

OpenSearch Composite Aggregations

An OpenSearch composite aggregation allows to paginate every bucket from a multi-level aggregation effectively. An example of....

OpenSearch Constant Score Query

In OpenSearch, the constant score query wraps other queries by executing them in a filter context. To implement constant_score query...

OpenSearch Delete By Query

OpenSearch delete by query is an API, which provides functionality to delete all documents based on the matching query. If you don't...

OpenSearch DSL Exists Query

The OpenSearch exists query is used for returning the documents that have an indexed value for a specific field, which means it returns the...

OpenSearch Hybrid Search

Here's how to craft powerful OpenSearch hybrid search queries, including examples. The new hybrid search query and normalization-processor...

OpenSearch Interval Queries

OpenSearch Intervals query provides control over the words & their positions in a text that is required for a document to match a...

OpenSearch Match, Multi-Match, and Match Phrase Queries

Match, Multi-Match & Match Phrase are all types of OpenSearch queries, used to search for matching documents in an index. To use them...

OpenSearch Named Queries

OpenSearch named queries allow you to label your queries with a name. Named queries can be utilized in a variety of use cases such as...

OpenSearch Runtime Fields: How to Use Lookup Runtime Fields

OpenSearch runtime fields with a type of lookup can retrieve field values from the associated indices. To implement runtime fields...

OpenSearch Search by Relevance Using SQL and PPL

OpenSearch allows you to query data using 3 query languages: DSL, SQL & PPL. This guide covers how to prepare the data, use query tools...

OpenSearch Slow Query Troubleshooting Guide

There are several reasons for an OpenSearch slow query. Slow logs can be used to detect & troubleshoot slow queries issues...

Optimizing Vector Search in OpenSearch

In this article, we will discuss how to optimize vector search in OpenSearch, a community-driven, open-source...

Terms Enum API in OpenSearch (For Low Latency Lookups)

In OpenSearch, the Terms enum API looks for similarities in the index based on partial matches. To use the terms_enum API...

Changing the Admin Password in OpenSearch

In this guide, we'll discuss the process of changing the admin password in OpenSearch. Before changing the admin password, ensure that...

How to Set Up Single Sign-On Using Active Directory in OpenSearch

By using Single Sign-On (SSO) in OpenSearch, users can log into many apps with the same credentials. To set SOO using Azure AD as idP..

How to Set Up Single Sign-On using SAML in OpenSearch

Single Sign-On (SSO) in OpenSearch allows users to have the same users & permissions across applications. To set up SAML SSO using Okta...

Managing Secrets with OpenSearch Keystore

OpenSearch Keystore is a secure method for storing sensitive data. This guide explains how to use and manage the OpenSearch Keystore.

OpenSearch Audit logs (How to Create a Dashboard to Visualize Audit Logs)

For security reasons, it's key to enable audit logs in OpenSearch. Here's how to configure audit logs & create a dashboard for visualization.

OpenSearch Default Username and Password: Securing Your Cluster

This article will discuss the default username and password for OpenSearch, how to change them, and how to secure your cluster by...

OpenSearch LDAP Authentication & Active Directory

In OpenSearch, Active Directory (AD) via Lightweight Directory Access Protocol (LDAP) can be used for authentication. To configure it, use...

OpenSearch Security - Access Control (Users, Roles, Permissions, etc)

By setting up access control in OpenSearch, you can ensure that each user will be able to access what they need while securing other data...

OpenSearch Security - Configuration (Certificates)

To prepare an OpenSearch cluster for production, you need to first configure the certificates for security. Opensearch.yml is used...

PKI Authentication in OpenSearch

PKI (Private Key Infrastructure) is a set of actors & procedures to manage digital certificates. To setup PKI authentication in OpenSearch...

Setting Up Single Sign-On Using OpenID Connect in OpenSearch

With Sign-On (SSO), users to log into many applications with the same credentials. To set SOO using OpenID Connect (OIDC) in OpenSearch...

Troubleshooting OpenSearch Security Not Initialized Issues

Users may encounter an issue where OpenSearch security is not initialized. Here are the causes of this issue and resolution methods.