OpenSearch Plugin
The OpenSearch plugin registers an OpenSearch cluster as a Konduo resource and connects cluster health, node, shard, index, JVM, thread pool, search, and indexing signals to the operator UI.
Highlights
- Uses HTTP APIs for health checks and diagnostics.
- Maps exporter metrics to logical metrics through a Prometheus mapping pack.
- Focuses dashboards on cluster health, shard allocation, indexing/search throughput, JVM pressure, and thread pool queues/rejections.
- Separates diagnostics for connectivity, authentication, metric coverage, shard/index risk, and JVM/thread pressure.
Before Registration
- Prepare OpenSearch endpoint, credentials, TLS verification policy, and timeouts.
- Confirm exporter scraping and label filters before relying on metric dashboards.
- Use a read-only operating account that can query cluster health and index/shard APIs.
Operations Tips
- Read yellow or red health together with shard allocation, disk watermarks, and node availability.
- JVM heap pressure, GC, search/indexing latency, and thread pool rejections often appear together.
- Destructive index operations and arbitrary query execution are outside the current CE operating boundary.
OpenSearch Enterprise Overlay
The OpenSearch Enterprise overlay turns OpenSearch resources into the Enterprise log source provider. MCP descriptors, log query validation, field catalogs, log evidence mapping, diagnostics, and anomaly rules connect operational logs to incident analysis.
Highlights
- Provides log source profiles, field catalogs, mapping packs, diagnostics, and alert/anomaly rules through MCP.
- Supports bounded log search, around-event lookup, query resolution, and diagnostic history reads.
- Log evidence mapping links other resource diagnostics, such as Redis and PostgreSQL, to a configured log source.
- Log routes use limited windows and result counts to avoid leaking secret-like message fragments or bypassing safeguards.
Before Registration
- Prepare OpenSearch endpoint, index pattern, authentication, and TLS settings.
- Confirm field mappings and timestamp field for log source usage.
- Review RBAC so only intended operators can use MCP and log query workflows.
Operations Tips
- Start incident evidence searches with short lookback windows and explicit resource context.
- OpenSearch anomaly rules are metric-source based; log evidence is connected as analysis context.