Title here
Summary here
Opensearch and Logstash
Add a logstash configuration to the existing stack
Docker compose for OpenSearch development stack
Create the logstash configuration
mkdir -p logstash/{config,pipeline}# logstash/pipeline/logstash.conflogstashAppend to the docker compose file
logstash:
container_name: logstash
image: opensearchproject/logstash-oss-with-opensearch-output-plugin:latest
volumes:
- ./logstash/pipeline:/usr/share/logstash/pipeline
- ./logs:/logs
environment:
LS_JAVA_OPTS: "-Xms256m -Xmx256m"
OPENSEARCH_HOSTS: http://opensearch-node1:9200
ports:
- "514:514/udp"
- "5514:5514/udp" # if binding to a privileged port becomes a problem
- 5044:5044 # if eventually you use beats
networks:
- opensearch-net
depends_on:
- opensearch-node1Troubleshooting
Test logstash can communicate with opensearch
docker exec -it logstash curl http://opensearch-node1:9200
{
"name" : "opensearch-node1",
"cluster_name" : "opensearch-cluster",
"cluster_uuid" : "vDeM9o0WRNydYQiez0I1_Q",
"version" : {
"distribution" : "opensearch",
"number" : "3.2.0",
"build_type" : "tar",
"build_hash" : "6adc0bf476e1624190564d7fbe4aba00ccf49ad8",
"build_date" : "2025-08-12T03:55:01.226522683Z",
"build_snapshot" : false,
"lucene_version" : "10.2.2",
"minimum_wire_compatibility_version" : "2.19.0",
"minimum_index_compatibility_version" : "2.0.0"
},
"tagline" : "The OpenSearch Project: https://opensearch.org/"
}Can you get to the ports from the remote host
Configure debugoutput and send a test message
# logstash.conf
output {
stdout { codec => rubydebug }
}From the remote host (opnsense):
logger -h [ logstash_host ] -4 "2025-09-10 12:34:56 INFO Test‑message‑from‑logger"Sample output