Has anyone connected up an AWS Opensearch Service instance to Cribl? I created a local backend user in my domain and gave it what I thought were good permissions but I still get a 401 error when I test the connection. Can anyone share what they did to get this to work?
Hi, there I have set up Stream to send to Opensearch before. Can you please post a screenshot of the error?
What destination are you attempting to use?
Hi @Austinr, were you able to resolve your problem? I just tested and was able to send data to an AWS hosted OpenSearch deployment.
How I configured my instance:
Created OpenSearch internal user
Created new OpenSearch role
cribl-streamand mapped the
cribl-workersuser to the role.
For role permissions, I granted:
indices:data/write/bulkfor Cluster permissions
writeunder Index permissions mapped to my index pattern
Added a new Elasticsearch destination in Cribl Stream. I entered my Domain endpoint followed by
/_bulkas the API URL.
After Commit & Deploy, I ran the test and saw data in my ES instance after adding an Index mapping.
Additional note for others reading this thread: Please note that only local users are supported today in Cribl Stream. IAM role authentication has been requested as an enhancement request under ticket CRIBL-5748.