Skip to content
Lyft Data Docs (Beta)

OpenSearch

OpenSearch (open-search)

Bulk-index events into OpenSearch clusters, including AWS-managed variants.

Search json

Minimal example

output:
  open-search:
    common: {}
JSON 
{
  "output": {
    "open-search": {
      "common": {}
    }
  }
}

Contents

Fields

FieldTypeRequiredDescription
commonCommonShared OpenSearch connection and indexing options Shared configuration applied to all OpenSearch outputs.

Schema

Common - Retry Fields

FieldTypeRequiredDescription
timeouttime-interval (string)timeout (e.g. 500ms, 2s etc. - default is 30).
Examples: 500ms, 2h
retriesnumber (integer)number of retries.
Examples: 42, 1.2e-10

Common - Batch Fields

FieldTypeRequiredDescription
uuid-fieldfield (string)Field where generated uuid, the unique marker for the group, will be stored.
Examples: data_field
invocation-time-fieldfield (string)Field where invocation time will be stored.
Examples: data_field
completion-time-fieldfield (string)Field where completion (end of execution) time will be stored.
Examples: data_field
begin-marker-fieldfield (string)Field used to mark first event in the group.
Examples: data_field
end-marker-fieldfield (string)Field used to mark last event in the group.
Examples: data_field
line-count-fieldfield (string)Field used to store the line count of the batch.
Examples: data_field
line-num-fieldfield (string)Field used to store the line number of the batch.
Examples: data_field

Common - Auth - Basic Fields

FieldTypeRequiredDescription
usernamestring
passwordstring

Common - Auth - Api Key Fields

FieldTypeRequiredDescription
idstring
keystring
base64string

Common - Auth - Tls Fields

FieldTypeRequiredDescription
ca-certificatestringPEM encoded CA certificate bundle.
client-certificatestringPEM encoded client certificate for mutual TLS.
client-keystringPEM encoded private key for mutual TLS.
insecure-skip-verifyboolean (bool)Skip TLS certificate verification (development only).

Common - Auth Fields

FieldTypeRequiredDescription
basicBasic
api-keyApi Key
bearer-tokenstring
tlsTls

Common - Aws Fields

FieldTypeRequiredDescription
regionstringAWS region used for request signing.
servicestringOverride AWS service name (default es).
profilestringOptional shared credentials profile.
role-arnstringAssumeRole ARN for federated access.
session-namestringSession name when assuming roles.
access-key-idstringAccess key used for signing requests.
secret-access-keystringSecret key used for signing requests.
session-tokenstringOptional session token for temporary credentials.

Common - Data Stream Fields

FieldTypeRequiredDescription
r-typestringData stream type (logs, metrics, traces).
datasetstringData stream dataset (e.g. service.application).
namespacestringData stream namespace (e.g. prod, staging).

Common Fields

FieldTypeRequiredDescription
retryRetryRetry policy for bulk failures.
batchBatchLogical batching hints shared with other outputs.
endpointurl (string)HTTPS endpoint for the cluster (required when cloud-id is unset).
Examples: https://example.com/path
cloud-idstringElastic Cloud / Serverless Cloud ID (mutually exclusive with endpoint).
regionstringOptional default region used for auth helpers and logging.
authAuthAuthentication strategies (basic, API keys, bearer).
awsAwsAWS SigV4 credentials for managed OpenSearch/Elasticsearch.
modeModeIndexing lifecycle mode (classic index vs data stream).
Allowed values: classic-index, data-stream
indexstringStatic index/alias target when mode=classic-index.
index-fieldfield (string)Event field that provides the target index/alias.
Examples: data_field
index-pointerjson-pointer (string)JSON pointer resolving to the index/alias.
data-streamData StreamData stream configuration when mode=data-stream.
document-id-fieldfield (string)Event field containing the document _id.
Examples: data_field
document-id-pointerjson-pointer (string)JSON pointer resolving to the document _id.
document-id-expressionstringExpression used to compute the document _id.
routing-fieldfield (string)Event field providing custom routing key.
Examples: data_field
routing-pointerjson-pointer (string)JSON pointer providing custom routing key.
routing-expressionstringExpression computing the routing key.
pipelinestringOptional ingest pipeline to apply server-side.
op-typeOp TypeBulk operation type for each event.
Allowed values: index, create, update, delete
retry-on-conflictnumber (integer)Retry on conflict (for update/upsert operations).
Examples: 42, 1.2e-10
refreshboolean (bool)Force refresh after each batch.
gzipboolean (bool)Compress bulk payloads with gzip.
input-fieldfield (string)Event field containing the JSON document payload.
Examples: data_field
input-pointerjson-pointer (string)JSON pointer for extracting the payload.
payload-templatestringTemplate expression to render the payload when not using event body.
headersmap (string)Additional HTTP headers forwarded with each request.
querymap (string)Static query parameters appended to bulk requests.
request-timeout-secsnumber (integer)Request timeout in seconds.
Examples: 42, 1.2e-10
connect-timeout-secsnumber (integer)Connect timeout in seconds.
Examples: 42, 1.2e-10

Common - Headers Table

HeaderValue
Header-Namevalue

Value format: templated-text.

Common - Query Table

ParameterValue
paramvalue

Value format: templated-text.

Common - Mode Options

ValueDescription
classic-indexStandard index or alias writes
data-streamData stream aware writes (auto-selects stream based on dataset/namespace)

Common - Op Type Options

ValueDescription
indexIndex (create or replace) each document
createOnly create new documents; fail if _id exists
updateUpdate existing documents (requires partial document or script)
deleteDelete documents (requires _id)