Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove Filebeat compatibility setting from opensearch.yml #499

Closed
3 tasks done
Tracked by #496
AlexRuiz7 opened this issue Oct 28, 2024 · 1 comment · Fixed by #504
Closed
3 tasks done
Tracked by #496

Remove Filebeat compatibility setting from opensearch.yml #499

AlexRuiz7 opened this issue Oct 28, 2024 · 1 comment · Fixed by #504
Assignees
@mcasas993
Labels
level/task Task issue mvp Minimum Viable Product type/change Change performed in a resource or Wazuh Cloud environment

Comments

@AlexRuiz7
Copy link
Member

AlexRuiz7 commented Oct 28, 2024
edited
Loading

Description

Filebeat won't be used on Wazuh 5. There is a compatibility setting in opensearch.yml to allow Filebeat to connect to the Indexer. We need to remove this line from the configuration file.

### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true

Plan

  • Research about this setting and extract any side effect of its removal.
  • Identify potential propagation to other components (search for this setting in other repositories of Wazuh).
  • Finally, remove the setting from our opensearch.prod.yml file.
@AlexRuiz7 AlexRuiz7 added level/task Task issue type/change Change performed in a resource or Wazuh Cloud environment mvp Minimum Viable Product labels Oct 28, 2024
@AlexRuiz7 AlexRuiz7 mentioned this issue Oct 28, 2024
Closed
13 tasks
@wazuhci wazuhci moved this to Backlog in Release 5.0.0 Oct 28, 2024
@wazuhci wazuhci moved this from Backlog to In progress in Release 5.0.0 Oct 28, 2024
@mcasas993
Copy link
Member

Results of research about this setting and extract any side effect of its removal

OpenSearch tools

Agents and ingestion tools

Historically, many multiple popular agents and ingestion tools have worked with Elasticsearch OSS, such as Beats, Logstash, Fluentd, FluentBit, and OpenTelemetry. OpenSearch aims to continue to support a broad set of agents and ingestion tools, but not all have been tested or have explicitly added OpenSearch compatibility.

As an intermediate compatibility solution, OpenSearch has a setting that instructs the cluster to return version 7.10.2 rather than its actual version.

So you can maintain the compatibility adding this setting:

PUT _cluster/settings
{
  "persistent": {
    "compatibility": {
      "override_main_response_version": true
    }
  }
}

Migrating from Elasticsearch OSS to OpenSearch

Cluster with legacy clients

If you're actively connecting to the cluster with legacy clients that check for a particular version number, such as Logstash OSS, add a compatibility setting to opensearch.yml:
compatibility.override_main_response_version: true

Other compatibilities

Zammad

When someone ask for the compatibility of Zammad with OpenSearch they responded that using
compatibility.override_main_response_version: true
opensearch configuration setting works.

@mcasas993 mcasas993 mentioned this issue Oct 29, 2024
Merged
1 task
@mcasas993 mcasas993 linked a pull request Oct 29, 2024 that will close this issue
Remove filebeat compatibility setting #504
Merged
1 task
@wazuhci wazuhci moved this from In progress to Pending review in Release 5.0.0 Oct 29, 2024
@wazuhci wazuhci moved this from Pending review to Done in Release 5.0.0 Oct 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mcasas993 mcasas993

Labels
level/task Task issue mvp Minimum Viable Product type/change Change performed in a resource or Wazuh Cloud environment
Projects
Release 5.0.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove filebeat compatibility setting wazuh/wazuh-indexer
2 participants
@AlexRuiz7 @mcasas993