flb output // elastic / osearch

requirements

    nmap -p 9200 10.1.0.30 # opensearch
    nmap -p 9200 10.1.0.36 # elastic v7

elastic

[OUTPUT]
    name es
    match TAG-HERE
    host ELASTIC-SERVER-HERE
    tls on
    tls.verify off
    index DATA-STREAM-HERE
    http_user USER-HERE
    http_passwd PASSWORD-HERE
    suppress_type_name on
    trace_error on

note those are the defaults already

logstash_format off

osearch

[OUTPUT]
    name opensearch
    match TAG-HERE
    host OSEARCH-SERVER-HERE
    port 9200
    tls on
    tls.verify off
    index DATA-STREAM-HERE
    http_user USER-HERE
    http_passwd PASSWORD-HERE
    suppress_type_name on
    #replace_dots on
    trace_error on

and if you split stdout and stderr e.g.

[OUTPUT]
    name opensearch
    match nginx.error
    host 10.1.0.30
    port 9200
    tls on
    tls.verify off
    index logs-error
    http_user admin
    http_passwd PASSWORD
    Suppress_Type_Name on
    Replace_Dots On
    trace_error on

[OUTPUT]
    name opensearch
    match nginx.access
    host 10.1.0.30
    port 9200
    tls on
    tls.verify off
    index logs-access
    http_user admin
    http_passwd PASSWORD
    Suppress_Type_Name on
    Replace_Dots On
    trace_error on

additional notes

more options overall

        tls.debug 3

resources

https://docs.fluentbit.io/manual/pipeline/outputs/elasticsearch

https://docs.fluentbit.io/manual/pipeline/outputs/opensearch

https://docs.fluentbit.io/manual/pipeline/outputs/tcp-and-tls