Inquiry About Using OpenSearch with Wazuh Dashboard and Manager

[Batu Kapicioglu]

I hope this message finds you well.

I would like to inquire whether it is possible to use Wazuh Dashboard and Wazuh Manager in my system while utilizing OpenSearch itself instead of Wazuh Indexer. Specifically, my goal is to directly use OpenSearch as the search and indexing solution.

Could you please confirm if this setup is feasible and provide any guidance or considerations for implementing it?

Thank you in advance for your assistance.

Best regards,

[Olamilekan Abdullateef Ajani]

Hello Batu,

There is an integration between wazuh and opensearch, but from my understanding, your request means you plan not to use the indexer and just use the opensearch instead. I will make some findings internally on the workings regarding this and revert.

Best regards

[Batu Kapicioglu]

Dear Olamilekan,

Thank you for your prompt response and for looking into this matter internally.

Yes, your understanding is correct. My intention is to bypass the Wazuh Indexer and directly use OpenSearch for search and indexing functionalities. I appreciate your efforts in investigating whether this configuration is feasible and any potential steps or limitations involved.

Looking forward to hearing from you once you have further insights.

Best regards,
Batu Kapıcıoğlu

3 Ocak 2025 Cuma tarihinde saat 19:13:57 UTC+3 itibarıyla Olamilekan Abdullateef Ajani şunları yazdı:

[Olamilekan Abdullateef Ajani]

Hello Batu,

To make use of opensearch for indexing your data and bypass wazuh indexer, you would have to integrate wazuh server with opensearch via logstash. 

You would need to perform some steps to install the necessary plugins and also configure the new indices.

Please see the documentation below for reference, and do let me know if you require additional support or have any questions.

Ref:

https://documentation.wazuh.com/current/integrations-guide/opensearch/index.html#wazuh-server-integration-using-logstash