AWS OpenSearch Service and Cribl

Has anyone connected up an AWS Opensearch Service instance to Cribl? I created a local backend user in my domain and gave it what I thought were good permissions but I still get a 401 error when I test the connection. Can anyone share what they did to get this to work?

Hi, there I have set up Stream to send to Opensearch before. Can you please post a screenshot of the error?

What destination are you attempting to use?

Hi @Austinr, were you able to resolve your problem? I just tested and was able to send data to an AWS hosted OpenSearch deployment.

How I configured my instance:

  1. Created OpenSearch internal user cribl-workers.

  2. Created new OpenSearch role cribl-stream and mapped the cribl-workers user to the role.

  3. For role permissions, I granted:
    a. indices:data/write/bulk for Cluster permissions
    b. create_index and write under Index permissions mapped to my index pattern my-index-*

  4. Added a new Elasticsearch destination in Cribl Stream. I entered my Domain endpoint followed by /_bulk as the API URL.

  5. After Commit & Deploy, I ran the test and saw data in my ES instance after adding an Index mapping.

Additional note for others reading this thread: Please note that only local users are supported today in Cribl Stream. IAM role authentication has been requested as an enhancement request under ticket CRIBL-5748.