jertel
commented
3 years ago Thanks for the notice. Someone will need to submit a PR with changes to support both Opensearch without breaking Elasticsearch, preferably without needing to use the compatibility mode. There have been some discussions about Opensearch in the ElastAlert 2 discussions forums, so we are aware that work is going to be needed. Currently the primary ElastAlert 2 maintainers do not use Opensearch so it hasn't been a priority for us. However, if anyone else would like to get a jump on this feel free to submit a PR to get it rolling.
nsano-rururu
AWS has recently released their version of ES as OpenSearch v1.0. This breaks the version detection being used in elastalert2, forcing pre ES v5 mode to be enabled, causing nothing to work.
AWS does have one way to resolve this, enable "compatibility mode", which must be done when you create the domain. There does not appear to be a way to change it after the fact.
https://github.com/phillbaker/terraform-provider-elasticsearch/issues/218
Also, thank you for keeping this project alive.