logstash-output-opensearch 1.1.0-java → 2.0.0-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: de9f143d61a40ce521ac3500f2af934aa8a8d0da3cea50ac74b48f410ec54107
-  data.tar.gz: 46195137ee6c66e9fcc2b9a24f1ff474bf1444c4e5507560373dcf695014be64
+  metadata.gz: 567e7fbd1e9d9e3ca660d5b40c2bfd12e6f7e9504e65f26beeef04834e5c636a
+  data.tar.gz: d1d6c1bf7eb003d32cea988c5ed7bea367213fd8e344e987a9989bc414e22192
 SHA512:
-  metadata.gz: e96a1a3e78e07b6b74134483eb5ad6353c356a1f322a8b82222489241ecf3bcd59550885759217231973ac450fc3b284e38719c0e23bf80cfb54b8ee2dafdfad
-  data.tar.gz: 1ed119eefce3e7666f58e3cc57850c3809ec9dbbc7d6603f67808bd8d07a598c498580f5195c2aa361b4ee09cd6d49fb05170aa98d3faaf249a9c633876193e0
+  metadata.gz: 1c1ba6f915936dde9d654b5883645bd818cb46fad5c821ec4cf7c87cd250a5bf489957f6f4308aa29ed4e5b0f214b2ae1a4f9195d5d022835610ff8f6e21e3c3
+  data.tar.gz: d585a0bafbe30f63411eaa9a733505a49990f86c092e2a6a0a36170d017ff3bc3cc088dc2cd11e77204d5d921867158c258146c6ce0cad10ee25622c703cd2a6

data/COMPATIBILITY.md

@@ -5,23 +5,25 @@
 |  logstash-output-opensearch | Logstash OSS|
 | ------------- | ------------- |
 | 1.0.0+  | 7.13.2  |
+| 2.0.0+  | 7.13.2  |
 
 ### Matrix for OpenSearch
 
 |  logstash-output-opensearch | OpenSearch  |
 | ------------- | ------------- |
-| 1.0.0+  | 1.0.0  |  
-
+| 1.0.0+  | 1.0.0  |
+| 2.0.0+  | 1.0.0  |
 
 ### Matrix for ODFE
 
 |  logstash-output-opensearch |  ODFE |
 | ------------- | ------------- |
 | 1.0.0+   |   1.x - 1.13.2 |
-
+| 2.0.0+   |   1.x - 1.13.2 |
 
 ### Matrix for Elasticsearch OSS
 
 |  logstash-output-opensearch |  Elasticsearch OSS|
 | ------------- | ------------- |
 | 1.0.0+   |  7.x - 7.10.2      |
+| 2.0.0+   |  7.x - 7.10.2      |

data/CONTRIBUTING.md

@@ -6,6 +6,7 @@
     - [Documentation Changes](#documentation-changes)
     - [Contributing Code](#contributing-code)
 - [Developer Certificate of Origin](#developer-certificate-of-origin)
+- [License Headers](#license-headers)
 - [Review Process](#review-process)
 
 ## Contributing to logstash-output-opensearch
@@ -84,6 +85,31 @@ Signed-off-by: Jane Smith <jane.smith@email.com>
 ```
 You may type this line on your own when writing your commit messages.  However, if your user.name and user.email are set in your git configs, you can use `-s` or `– – signoff` to add the `Signed-off-by` line to the end of the commit message.
 
+## License Headers
+
+New files in your code contributions should contain the following license header. If you are modifying existing files with license headers, or including new files that already have license headers, do not remove or modify them without guidance.
+
+### Java
+
+```
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+```
+
+### Python
+```
+# Copyright OpenSearch Contributors
+# SPDX-License-Identifier: Apache-2.0
+```
+
+### Shell
+```
+# Copyright OpenSearch Contributors
+# SPDX-License-Identifier: Apache-2.0
+```
+
 ## Review Process
 
 We deeply appreciate everyone who takes the time to make a contribution.  We will review all contributions as quickly as possible.  As a reminder, [opening an issue](https://github.com/opensearch-project/logstash-output-opensearch/issues/new/choose) discussing your change before you make it is the best way to smooth the PR process.  This will prevent a rejection because someone else is already working on the problem, or because the solution is incompatible with the architectural direction.

data/DEVELOPER_GUIDE.md

@@ -8,6 +8,7 @@
         - [Run plugin](#run-plugin-in-logstash)
         - [Configuration for Logstash Output OpenSearch Plugin](#configuration-for-logstash-output-opensearch-plugin)
     - [Submitting Changes](#submitting-changes)
+    - [Backports](#backports) 
 
 # Developer Guide
 
@@ -206,3 +207,11 @@ Authorization to a secure OpenSearch cluster requires read permission at [index
 ## Submitting Changes
 
 See [CONTRIBUTING](CONTRIBUTING.md).
+
+## Backports
+
+The Github workflow in [`backport.yml`](.github/workflows/backport.yml) creates backport PRs automatically when the
+original PR with an appropriate label `backport <backport-branch-name>` is merged to main with the backport workflow
+run successfully on the PR. For example, if a PR on main needs to be backported to `1.x` branch, add a label
+`backport 1.x` to the PR and make sure the backport workflow runs on the PR along with other checks. Once this PR is
+merged to main, the workflow will create a backport PR to the `1.x` branch.

data/Gemfile

@@ -17,4 +17,4 @@ use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "
 if Dir.exist?(logstash_path) && use_logstash_source
   gem 'logstash-core', :path => "#{logstash_path}/logstash-core"
   gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api"
-end
+end

data/MAINTAINERS.md

@@ -22,6 +22,9 @@ This document explains who the maintainers are (see below), what they do in this
 | Jack Mazanec             | [jmazanec15](https://github.com/jmazanec15) | Amazon |
 | Vamshi Vijay Nakkirtha   | [vamshin](https://github.com/vamshin)   |   Amazon    |
 | Vijayan Balasubramanian  | [VijayanB](https://github.com/VijayanB) |   Amazon    |
+| Deep Datta               | [deepdatta](https://github.com/deepdatta) | Amazon    |
+| David Venable            | [dlvenable](https://github.com/dlvenable) | Amazon    |
+| Shivani Shukla           | [sshivanii](https://github.com/sshivanii) | Amazon    |
 
 ## Maintainer Responsibilities
 

data/README.md

@@ -1,9 +1,10 @@
 [![Build and Test logstash-output-opensearch plugin](https://github.com/opensearch-project/logstash-output-opensearch/actions/workflows/CI.yml/badge.svg)](https://github.com/opensearch-project/logstash-output-opensearch/actions/workflows/CI.yml)
 ![PRs welcome!](https://img.shields.io/badge/PRs-welcome!-success)
-# Logstash Plugin
+# Logstash Output OpenSearch
 
 - [Welcome!](#welcome)
 - [Project Resources](#project-resources)
+- [Configuration for Logstash Output Opensearch Plugin](#configuration-for-logstash-output-opensearch-plugin)
 - [Code of Conduct](#code-of-conduct)
 - [License](#license)
 - [Copyright](#copyright)
@@ -12,10 +13,14 @@
 
 **logstash-output-opensearch** is a community-driven, open source fork logstash-output-elasticsearch licensed under the [Apache v2.0 License](LICENSE). For more information, see [opensearch.org](https://opensearch.org/).
 
+The logstash-output-opensearch plugin helps to ship events from Logstash to OpenSearch cluster.
+
 ## Project Resources
 
 * [Project Website](https://opensearch.org/)
-* [Documentation](https://opensearch.org/)
+* [Detailed Documentation](https://opensearch.org/docs/latest/clients/logstash/ship-to-opensearch/#opensearch-output-plugin)
+* [Logstash Overview](https://opensearch.org/docs/clients/logstash/index/)
+* [Developer Guide](DEVELOPER_GUIDE.md)
 * Need help? Try [Forums](https://discuss.opendistrocommunity.dev/)
 * [Project Principles](https://opensearch.org/#principles)
 * [Contributing to OpenSearch](CONTRIBUTING.md)
@@ -24,6 +29,88 @@
 * [Admin Responsibilities](ADMINS.md)
 * [Security](SECURITY.md)
 
+## Configuration for Logstash Output Opensearch Plugin
+
+To run the Logstash Output Opensearch plugin, add following configuration in your logstash.conf file.
+```
+output {
+    opensearch {
+        hosts       => ["hostname:port"]
+        user        => "admin"
+        password    => "admin"
+        index       => "logstash-logs-%{+YYYY.MM.dd}"
+    }
+}
+```
+
+To run the Logstash Output Opensearch plugin using aws_iam authentication, refer to the sample configuration shown below:
+```
+output {
+   opensearch {
+          hosts => ["hostname:port"]
+          auth_type => {
+              type => 'aws_iam'
+              aws_access_key_id => 'ACCESS_KEY'
+              aws_secret_access_key => 'SECRET_KEY'
+              region => 'us-west-2'
+          }
+          index  => "logstash-logs-%{+YYYY.MM.dd}"
+   }
+}
+```
+
+In addition to the existing authentication mechanisms, if we want to add new authentication then we will be adding them in the configuration by using auth_type.
+
+Example Configuration for basic authentication:
+```
+output {
+    opensearch {
+          hosts  => ["hostname:port"]
+          auth_type => {
+              type => 'basic'
+              user => 'admin'
+              password => 'admin'
+          }
+          index => "logstash-logs-%{+YYYY.MM.dd}"
+   }
+}
+```
+
+To ingest data into a `data stream` through logstash, we need to create the data stream and specify the name of data stream and the `op_type` of `create` in the output configuration. The sample configuration is shown below:
+
+```yml
+output {
+    opensearch {
+          hosts  => ["https://hostname:port"]
+          auth_type => {
+              type => 'basic'
+              user => 'admin'
+              password => 'admin'
+          }
+          index => "my-data-stream"
+          action => "create"
+   }
+}
+```
+
+Starting in 2.0.0, the aws sdk version is bumped to v3. In order for all other AWS plugins to work together, please remove pre-installed aws plugins and install logstash-integration-aws plugin as follows. See also https://github.com/logstash-plugins/logstash-mixin-aws/issues/38
+```
+# Remove existing logstash aws plugins and install logstash-integration-aws to keep sdk dependency the same
+# https://github.com/logstash-plugins/logstash-mixin-aws/issues/38
+/usr/share/logstash/bin/logstash-plugin remove logstash-input-s3
+/usr/share/logstash/bin/logstash-plugin remove logstash-input-sqs
+/usr/share/logstash/bin/logstash-plugin remove logstash-output-s3
+/usr/share/logstash/bin/logstash-plugin remove logstash-output-sns
+/usr/share/logstash/bin/logstash-plugin remove logstash-output-sqs
+/usr/share/logstash/bin/logstash-plugin remove logstash-output-cloudwatch
+
+/usr/share/logstash/bin/logstash-plugin install --version 0.1.0.pre logstash-integration-aws
+bin/logstash-plugin install --version 2.0.0 logstash-output-opensearch
+```
+## ECS Compatibility
+[Elastic Common Schema(ECS)](https://www.elastic.co/guide/en/ecs/current/index.html]) compatibility for V8 was added in 1.3.0. For more details on ECS support refer to this [documentation](docs/ecs_compatibility.md).
+
+
 ## Code of Conduct
 
 This project has adopted the [Amazon Open Source Code of Conduct](CODE_OF_CONDUCT.md). For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq), or contact [opensource-codeofconduct@amazon.com](mailto:opensource-codeofconduct@amazon.com) with any additional questions or comments.
@@ -34,4 +121,4 @@ This project is licensed under the [Apache v2.0 License](LICENSE).
 
 ## Copyright
 
-Copyright OpenSearch Contributors. See [NOTICE](NOTICE) for details.
+Copyright OpenSearch Contributors. See [NOTICE](NOTICE) for details.

data/docs/ecs_compatibility.md

@@ -0,0 +1,42 @@
+# ECS Compatibility Support in logstash-output-opensearch
+Compatibility for ECS v8 was added in release 1.3.0 of the plugin. This would enable the plugin to work with Logstash 8.x without the need to disable ecs_compatibility.  
+The output plugin doesn't create any events itself, but merely forwards events to OpenSearch that were shaped by plugins preceding it in the pipeline. So, it doesn't play a direct role in making the events ECS compatible.  
+However, the default index templates that the plugin installs into OpenSearch in the ecs_compatibility modes (v1 & v8) ensures that the document fields stored in the indices are ECS compatible. OpenSearch would throw errors for documents that have fields which are ECS incompatible and can't be coerced. 
+
+## ECS index templates used by logstash-output-opensearch 1.3.0
+* v8 [ECS 8.0.0](https://github.com/elastic/ecs/releases/tag/v8.0.0) [ecs-8.0.0/generated/elasticsearch/legacy/template.json](https://raw.githubusercontent.com/elastic/ecs/v8.0.0/generated/elasticsearch/legacy/template.json)
+* v1 [ECS 1.9.0](https://github.com/elastic/ecs/releases/tag/v1.9.0) [ecs-1.9.0/generated/elasticsearch/7/template.json](https://raw.githubusercontent.com/elastic/ecs/v1.9.0/generated/elasticsearch/7/template.json)
+  
+## ECS incompatibility
+Incompatibility can arise for an event when it has fields with the same name as an ECS defined field but a type which can't be coerced into the ECS field.  
+It is Ok to have fields that are not defined in ECS [ref](https://www.elastic.co/guide/en/ecs/current/ecs-faq.html#addl-fields).
+The dynamic template included in the ECS templates would dynamically map any non-ECS fields. 
+
+### Example 
+[ECS defines the "server"](https://www.elastic.co/guide/en/ecs/current/ecs-server.html) field as an object. But let's say the plugin gets the event below, with a string in the `server` field. It will receive an error from OpenSearch as strings can't be coerced into an object and the ECS incompatible event won't be indexed.
+```
+{
+	"@timestamp": "2022-08-22T15:39:18.142175244Z",
+	"@version": "1",
+	"message": "Doc1",
+	"server": "remoteserver.com"
+}
+```
+
+Error received from OpenSearch in the Logstash logs
+```
+[2022-08-23T00:01:53,366][WARN ][logstash.outputs.opensearch][main][a36555c6fad3f301db8efff2dfbed768fd85e0b6f4ee35626abe62432f83b95d] Could not index event to OpenSearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"ecs-logstash-2022.08.23", :routing=>nil}, {"@timestamp"=>2022-08-22T15:39:18.142175244Z, "@version"=>"1", "server"=>"remoteserver.com", "message"=>"Doc1"}], :response=>{"index"=>{"_index"=>"ecs-logstash-2022.08.23", "_id"=>"CAEUyYIBQM7JQrwxF5NR", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"object mapping for [server] tried to parse field [server] as object, but found a concrete value"}}}}
+```
+## How to ensure ECS compatibility
+* The plugins in the pipeline that create the events like the `input` and `codec` plugins should all use ECS defined fields. 
+* Filter plugins like [mutate](https://github.com/logstash-plugins/logstash-filter-mutate/blob/main/docs/index.asciidoc) can be used to map incompatible fields into ECS compatible ones.  
+In the above example the `server` field can be mapped to the `server.domain` field to make it compatible.  
+* You can use your own custom template in the plugin using the `template` and `template_name` configs.  
+ [According to this](https://www.elastic.co/guide/en/ecs/current/ecs-faq.html#type-interop) some field types can be changed while staying compatible.
+
+As a last resort the `ecs_compatibility` config for the logstash-output-opensearch can be set to `disabled`.
+     
+
+_______________
+## References
+* [Elastic Common Schema (ECS) Reference](https://www.elastic.co/guide/en/ecs/current/index.html)

data/lib/logstash/outputs/opensearch/http_client/manticore_adapter.rb

@@ -7,12 +7,31 @@
 #  Modifications Copyright OpenSearch Contributors. See
 #  GitHub history for details.
 
-require 'manticore'
+require 'aws-sdk-core'
 require 'cgi'
+require 'manticore'
+require 'uri'
 
 module LogStash; module Outputs; class OpenSearch; class HttpClient;
+  AWS_DEFAULT_PORT = 443
+  AWS_DEFAULT_PROFILE = 'default'
+  AWS_DEFAULT_PROFILE_CREDENTIAL_RETRY = 0
+  AWS_DEFAULT_PROFILE_CREDENTIAL_TIMEOUT = 1
+  AWS_DEFAULT_REGION = 'us-east-1'
+  AWS_IAM_AUTH_TYPE = "aws_iam"
+  AWS_SERVICE = 'es'
+  BASIC_AUTH_TYPE = 'basic'
   DEFAULT_HEADERS = { "content-type" => "application/json" }
-  
+
+  AWSIAMCredential = Struct.new(
+    :access_key_id,
+    :secret_access_key,
+    :session_token,
+    :profile,
+    :instance_profile_credentials_retries,
+    :instance_profile_credentials_timeout,
+    :region)
+
   class ManticoreAdapter
     attr_reader :manticore, :logger
 
@@ -27,14 +46,75 @@ module LogStash; module Outputs; class OpenSearch; class HttpClient;
       options[:cookies] = false
 
       @client_params = {:headers => DEFAULT_HEADERS.merge(options[:headers] || {})}
-      
+      @type = get_auth_type(options) || nil
+
+      if @type == AWS_IAM_AUTH_TYPE
+        aws_iam_auth_initialization(options)
+      elsif @type == BASIC_AUTH_TYPE
+        basic_auth_initialization(options)
+      end
+
       if options[:proxy]
         options[:proxy] = manticore_proxy_hash(options[:proxy])
       end
-      
+
       @manticore = ::Manticore::Client.new(options)
     end
-    
+
+    def get_auth_type(options)
+      if options[:auth_type] != nil
+        options[:auth_type]["type"]
+      end
+    end
+
+    def aws_iam_auth_initialization(options)
+      aws_access_key_id =  options[:auth_type]["aws_access_key_id"] || nil
+      aws_secret_access_key = options[:auth_type]["aws_secret_access_key"] || nil
+      session_token = options[:auth_type]["session_token"] || nil
+      profile = options[:auth_type]["profile"] || AWS_DEFAULT_PROFILE
+      instance_cred_retries = options[:auth_type]["instance_profile_credentials_retries"] || AWS_DEFAULT_PROFILE_CREDENTIAL_RETRY
+      instance_cred_timeout = options[:auth_type]["instance_profile_credentials_timeout"] || AWS_DEFAULT_PROFILE_CREDENTIAL_TIMEOUT
+      region = options[:auth_type]["region"] || AWS_DEFAULT_REGION
+      set_aws_region(region)
+      set_service_name(options[:auth_type]["service_name"] || AWS_SERVICE)
+
+      credential_config = AWSIAMCredential.new(aws_access_key_id, aws_secret_access_key, session_token, profile, instance_cred_retries, instance_cred_timeout, region)
+      @credentials = Aws::CredentialProviderChain.new(credential_config).resolve
+    end
+
+    def basic_auth_initialization(options)
+      set_user_password(options)
+    end
+
+    def set_aws_region(region)
+      @region = region
+    end
+
+    def get_aws_region()
+      @region
+    end
+
+    def set_service_name(service_name)
+      @service_name = service_name
+    end
+
+    def get_service_name()
+      @service_name
+    end
+
+    def set_user_password(options)
+      @user = options[:auth_type]["user"]
+      @password = options[:auth_type]["password"]
+    end
+
+    def get_user()
+      @user
+    end
+
+    def get_password()
+      @password
+    end
+
     # Transform the proxy option to a hash. Manticore's support for non-hash
     # proxy options is broken. This was fixed in https://github.com/cheald/manticore/commit/34a00cee57a56148629ed0a47c329181e7319af5
     # but this is not yet released
@@ -61,19 +141,28 @@ module LogStash; module Outputs; class OpenSearch; class HttpClient;
       params = (params || {}).merge(@client_params) { |key, oldval, newval|
         (oldval.is_a?(Hash) && newval.is_a?(Hash)) ? oldval.merge(newval) : newval
       }
+
+      params[:headers] = params[:headers].clone
       params[:body] = body if body
 
       if url.user
-        params[:auth] = { 
+        params[:auth] = {
           :user => CGI.unescape(url.user),
           # We have to unescape the password here since manticore won't do it
           # for us unless its part of the URL
-          :password => CGI.unescape(url.password), 
-          :eager => true 
+          :password => CGI.unescape(url.password),
+          :eager => true
         }
+      elsif @type == BASIC_AUTH_TYPE
+        add_basic_auth_to_params(params)
       end
 
       request_uri = format_url(url, path)
+
+      if @type == AWS_IAM_AUTH_TYPE
+        sign_aws_request(request_uri, path, method, params)
+      end
+
       request_uri_as_string = remove_double_escaping(request_uri.to_s)
       resp = @manticore.send(method.downcase, request_uri_as_string, params)
 
@@ -92,10 +181,33 @@ module LogStash; module Outputs; class OpenSearch; class HttpClient;
       resp
     end
 
+    def sign_aws_request(request_uri, path, method, params)
+      url = URI::HTTPS.build({:host=>URI(request_uri.to_s).host, :port=>AWS_DEFAULT_PORT.to_s, :path=>path})
+      request = Seahorse::Client::Http::Request.new(options={:endpoint=>url, :http_method => method.to_s.upcase,
+        :headers => params[:headers],:body => params[:body]})
+
+      aws_signer = Aws::Sigv4::Signer.new(service: @service_name, region: @region, credentials_provider: @credentials)
+      signed_key = aws_signer.sign_request(
+        http_method: request.http_method,
+        url: url,
+        headers: params[:headers],
+        body: params[:body]
+      )
+      params[:headers] = params[:headers].merge(signed_key.headers)
+    end
+
+    def add_basic_auth_to_params(params)
+      params[:auth] = {
+        :user => get_user(),
+        :password => get_password(),
+        :eager => true
+      }
+    end
+
     # Returned urls from this method should be checked for double escaping.
     def format_url(url, path_and_query=nil)
       request_uri = url.clone
-      
+
       # We excise auth info from the URL in case manticore itself tries to stick
       # sensitive data in a thrown exception or log data
       request_uri.user = nil
@@ -111,7 +223,7 @@ module LogStash; module Outputs; class OpenSearch; class HttpClient;
       new_query_parts = [request_uri.query, parsed_path_and_query.query].select do |part|
         part && !part.empty? # Skip empty nil and ""
       end
-      
+
       request_uri.query = new_query_parts.join("&") unless new_query_parts.empty?
 
       # use `raw_path`` as `path` will unescape any escaped '/' in the path

data/lib/logstash/outputs/opensearch/http_client/pool.rb

@@ -40,6 +40,7 @@ module LogStash; module Outputs; class OpenSearch; class HttpClient;
     end
 
     attr_reader :logger, :adapter, :sniffing, :sniffer_delay, :resurrect_delay, :healthcheck_path, :sniffing_path, :bulk_path
+    attr_reader :default_server_major_version
 
     ROOT_URI_PATH = '/'.freeze
 
@@ -68,6 +69,7 @@ module LogStash; module Outputs; class OpenSearch; class HttpClient;
         @resurrect_delay = merged[:resurrect_delay]
         @sniffing = merged[:sniffing]
         @sniffer_delay = merged[:sniffer_delay]
+        @default_server_major_version = merged[:default_server_major_version]
       end
 
       # Used for all concurrent operations in this class
@@ -412,8 +414,15 @@ module LogStash; module Outputs; class OpenSearch; class HttpClient;
     end
 
     def get_version(url)
-      request = perform_request_to_url(url, :get, ROOT_URI_PATH)
-      LogStash::Json.load(request.body)["version"]["number"] # e.g. "7.10.0"
+      response = perform_request_to_url(url, :get, ROOT_URI_PATH)
+      if response.code != 404 && !response.body.empty?
+        return LogStash::Json.load(response.body)["version"]["number"] # e.g. "7.10.0"
+      end
+      if @default_server_major_version.nil?
+        @logger.error("Failed to get version from health_check endpoint and default_server_major_version is not configured.")
+        raise "get_version failed! no default_server_major_version configured."
+      end
+      "#{default_server_major_version}.0.0"
     end
 
     def last_version

data/lib/logstash/outputs/opensearch/http_client.rb

@@ -15,23 +15,9 @@ require 'zlib'
 require 'stringio'
 
 module LogStash; module Outputs; class OpenSearch;
-  # This is a constant instead of a config option because
-  # there really isn't a good reason to configure it.
-  #
-  # The criteria used are:
-  # 1. We need a number that's less than 100MiB because OpenSearch
-  #    won't accept bulks larger than that.
-  # 2. It must be large enough to amortize the connection constant
-  #    across multiple requests.
-  # 3. It must be small enough that even if multiple threads hit this size
-  #    we won't use a lot of heap.
-  #
-  # We wound up agreeing that a number greater than 10 MiB and less than 100MiB
-  # made sense. We picked one on the lowish side to not use too much heap.
-  TARGET_BULK_BYTES = 20 * 1024 * 1024 # 20MiB
-
   class HttpClient
-    attr_reader :client, :options, :logger, :pool, :action_count, :recv_count
+    attr_reader :client, :options, :logger, :pool, :action_count, :recv_count, :target_bulk_bytes
+
     # This is here in case we use DEFAULT_OPTIONS in the future
     # DEFAULT_OPTIONS = {
     #   :setting => value
@@ -41,13 +27,14 @@ module LogStash; module Outputs; class OpenSearch;
     # The `options` is a hash where the following symbol keys have meaning:
     #
     # * `:hosts` - array of String. Set a list of hosts to use for communication.
-    # * `:port` - number. set the port to use to communicate with OpenSearch
     # * `:user` - String. The user to use for authentication.
     # * `:password` - String. The password to use for authentication.
     # * `:timeout` - Float. A duration value, in seconds, after which a socket
     #    operation or request will be aborted if not yet successfull
+    # * `:auth_type` - hash of String. It contains the type of authentication
+    #     and it's respective credentials
     # * `:client_settings` - a hash; see below for keys.
-    #
+
     # The `client_settings` key is a has that can contain other settings:
     #
     # * `:ssl` - Boolean. Enable or disable SSL/TLS.
@@ -72,6 +59,8 @@ module LogStash; module Outputs; class OpenSearch;
       # mutex to prevent requests and sniffing to access the
       # connection pool at the same time
       @bulk_path = @options[:bulk_path]
+
+      @target_bulk_bytes = @options[:target_bulk_bytes]
     end
 
     def build_url_template
@@ -104,7 +93,6 @@ module LogStash; module Outputs; class OpenSearch;
     def bulk(actions)
       @action_count ||= 0
       @action_count += actions.size
-
       return if actions.empty?
 
       bulk_actions = actions.collect do |action, args, source|
@@ -131,7 +119,7 @@ module LogStash; module Outputs; class OpenSearch;
                     action.map {|line| LogStash::Json.dump(line)}.join("\n") :
                     LogStash::Json.dump(action)
         as_json << "\n"
-        if (stream_writer.pos + as_json.bytesize) > TARGET_BULK_BYTES && stream_writer.pos > 0
+        if (stream_writer.pos + as_json.bytesize) > @target_bulk_bytes && stream_writer.pos > 0
           stream_writer.flush # ensure writer has sync'd buffers before reporting sizes
           logger.debug("Sending partial bulk request for batch with one or more actions remaining.",
                        :action_count => batch_actions.size,
@@ -324,6 +312,8 @@ module LogStash; module Outputs; class OpenSearch;
 
       adapter_options[:headers] = client_settings[:headers] if client_settings[:headers]
 
+      adapter_options[:auth_type] = options[:auth_type]
+
       adapter_class = ::LogStash::Outputs::OpenSearch::HttpClient::ManticoreAdapter
       adapter = adapter_class.new(@logger, adapter_options)
     end
@@ -338,7 +328,8 @@ module LogStash; module Outputs; class OpenSearch;
         :healthcheck_path => options[:healthcheck_path],
         :resurrect_delay => options[:resurrect_delay],
         :url_normalizer => self.method(:host_to_url),
-        :metric => options[:metric]
+        :metric => options[:metric],
+        :default_server_major_version => options[:default_server_major_version]
       }
       pool_options[:scheme] = self.scheme if self.scheme
 
@@ -393,15 +384,21 @@ module LogStash; module Outputs; class OpenSearch;
     end
 
     def template_put(name, template)
-      path = "#{template_endpoint}/#{name}"
+      path = "/#{template_endpoint}/#{name}"
       logger.info("Installing OpenSearch template", name: name)
       @pool.put(path, nil, LogStash::Json.dump(template))
     end
 
+    def legacy_template?()
+      # TODO: Also check Version and return true for < 7.8 even if :legacy_template=false
+      # Need to figure a way to distinguish between OpenSearch, OpenDistro and other 
+      # variants, since they have version numbers in different ranges.
+      client_settings.fetch(:legacy_template, true)
+    end
+
     def template_endpoint
-      # TODO: Check Version < 7.8 and use index template for >= 7.8 & OpenSearch
-      # https://docs-beta.opensearch.org/opensearch/index-templates/
-      '_template'
+      # https://opensearch.org/docs/opensearch/index-templates/
+      legacy_template?() ? '_template' : '_index_template'
     end
 
     # check whether rollover alias already exists

data/lib/logstash/outputs/opensearch/http_client_builder.rb

@@ -18,7 +18,8 @@ module LogStash; module Outputs; class OpenSearch;
         :pool_max_per_route => params["pool_max_per_route"],
         :check_connection_timeout => params["validate_after_inactivity"],
         :http_compression => params["http_compression"],
-        :headers => params["custom_headers"] || {}
+        :headers => params["custom_headers"] || {},
+        :legacy_template => params["legacy_template"]
       }
       
       client_settings[:proxy] = params["proxy"] if params["proxy"]
@@ -26,7 +27,8 @@ module LogStash; module Outputs; class OpenSearch;
       common_options = {
         :client_settings => client_settings,
         :metric => params["metric"],
-        :resurrect_delay => params["resurrect_delay"]
+        :resurrect_delay => params["resurrect_delay"],
+        :default_server_major_version => params["default_server_major_version"]
       }
 
       if params["sniffing"]
@@ -35,6 +37,7 @@ module LogStash; module Outputs; class OpenSearch;
       end
 
       common_options[:timeout] = params["timeout"] if params["timeout"]
+      common_options[:target_bulk_bytes] = params["target_bulk_bytes"]
 
       if params["path"]
         client_settings[:path] = dedup_slashes("/#{params["path"]}/")
@@ -106,7 +109,10 @@ module LogStash; module Outputs; class OpenSearch;
       }
       common_options.merge! update_options if params["action"] == 'update'
 
-      create_http_client(common_options.merge(:hosts => hosts, :logger => logger))
+      create_http_client(common_options.merge(:hosts => hosts,
+                                              :logger => logger,
+                                              :auth_type => params["auth_type"]
+                                              ))
     end
 
     def self.create_http_client(options)