installing wazuh with opensearch or elasticsearch

1,299 views
Skip to first unread message

henry valz

unread,
Jun 15, 2023, 11:11:17 AM6/15/23
to Wazuh mailing list
Hello,

this wazuh installation includes elasticsearch


this other way of deploying wazuh (all in one) also includes elasticsearch

this other way, which is the quick installation version and which is an all-in-one, includes opensearch

My question is why this difference with respect to the quick installation, why use opensearch and not elasticsearch in this case?

I was quite confused with the documentation, because when consulting the documented information they mention elasticsearch quite a lot and not opensearch and that generated several confusions for me.

atte.:
Henry

Octavio Valle López

unread,
Jun 15, 2023, 12:46:37 PM6/15/23
to Wazuh mailing list
Hi Henry, I hope you are well.

To explain this, we first need to understand the relationship between Elasticsearch and OpenSearch.

Elasticsearch is a popular open-source search and analytics engine, used for a wide range of applications. It's part of the Elastic Stack, which includes other tools like Kibana, Beats, and Logstash.

OpenSearch is a community-driven, open-source search and analytics suite derived from Apache 2.0-licensed Elasticsearch 7.10.2 & Kibana 7.10.2. It was created by Amazon as a result of Elastic changing its licensing model for Elasticsearch and Kibana from Apache 2.0 to the Server Side Public License (SSPL). Amazon and other users felt the change was against the spirit of open-source software, and as a response, they forked the last Apache-licensed version of Elasticsearch and Kibana to create OpenSearch and OpenSearch Dashboards respectively.

Wazuh stack has as part Wazuh indexer and Wazuh dashboard, which you are using OpenSearch.

So, why does the quick installation use WazuhStack instead of Elasticsearch? There could be a couple of reasons for this:

  1. Licensing: As mentioned above, Elastic's move to SSPL has been controversial, and some projects and organizations have elected to move to Wazuh stack to stay with a fully open-source product.

  2. Testing: Our team conducts integration tests with the Wazuh stack in between releases. This ensures that the functionalities work seamlessly together as they are intended. Using Wazuh stack in the quick installation guide might help you maintain consistency and accuracy in your testing process



Regarding your confusion with the documentation, that is a valid concern. It might be because the documentation hasn't been fully updated yet, We are working on it.
Reply all
Reply to author
Forward
0 new messages