Has anyone connected up an AWS Opensearch Service instance to Cribl? I created a local backend user in my domain and gave it what I thought were good permissions but I still get a 401 error when I test the connection. Can anyone share what they did to get this to work?
Page 1 / 1
Hi, there I have set up Stream to send to Opensearch before. Can you please post a screenshot of the error?
What destination are you attempting to use?
Additional note for others reading this thread: Please note that only local users are supported today in Cribl Stream. IAM role authentication has been requested as an enhancement request under ticket CRIBL-5748.
Hi @Austinr, were you able to resolve your problem? I just tested and was able to send data to an AWS hosted OpenSearch deployment.
How I configured my instance:
Created OpenSearch internal user
cribl-workers.Created new OpenSearch role
cribl-streamand mapped thecribl-workersuser to the role.- For role permissions, I granted:
a.indices:data/write/bulkfor Cluster permissions
b.create_indexandwriteunder Index permissions mapped to my index patternmy-index-*
- Added a new Elasticsearch destination in Cribl Stream. I entered my Domain endpoint followed by
/_bulkas the API URL.
- After Commit & Deploy, I ran the test and saw data in my ES instance after adding an Index mapping.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.