OpenSearch Logs¶
Connect HolmesGPT to OpenSearch for centralized log analysis and historical log access.
Prerequisites¶
- OpenSearch cluster with Kubernetes pod logs
- API key with read access to log indices
- Network connectivity from HolmesGPT to OpenSearch
Logging Toolsets
Only one logging toolset should be enabled at a time. If you enable this toolset, disable the default kubernetes/logs
toolset.
Available Log Sources:
- Kubernetes logs - Direct pod log access (enabled by default)
- Grafana Loki - Centralized logs via Loki
- OpenSearch logs - Logs from OpenSearch/Elasticsearch
- Coralogix logs - Logs via Coralogix platform
- DataDog - Logs from DataDog
💡 Choose one: Only enable one logging toolset at a time for best performance.
Configuration¶
Add the following to ~/.holmes/config.yaml, creating the file if it doesn't exist:
toolsets:
opensearch/logs:
enabled: true
config:
opensearch_url: https://opensearch.example.com:443
index_pattern: kubernetes-* # Pattern matching log indices
opensearch_auth_header: "ApiKey YOUR_API_KEY"
labels: # Map fields to match your log structure
pod: "kubernetes.pod_name"
namespace: "kubernetes.namespace_name"
timestamp: "@timestamp"
message: "message"
kubernetes/logs:
enabled: false # Disable default Kubernetes logging
holmes:
toolsets:
opensearch/logs:
enabled: true
config:
opensearch_url: https://opensearch.example.com:443
index_pattern: kubernetes-*
opensearch_auth_header: "ApiKey YOUR_API_KEY"
labels:
pod: "kubernetes.pod_name"
namespace: "kubernetes.namespace_name"
timestamp: "@timestamp"
message: "message"
kubernetes/logs:
enabled: false # HolmesGPT's default logging mechanism MUST be disabled
Update your Helm values and run a Helm upgrade:
Validation¶
Test your configuration:
Troubleshooting¶
Common Issues¶
- Authentication errors: Verify your API key has read access to the specified indices
- No logs found: Check that
index_pattern
matches your actual OpenSearch indices - Field mapping errors: Ensure
labels
section maps to correct field names in your logs
Finding Your Index Pattern¶
# List indices to find the correct pattern
curl -X GET "https://opensearch.example.com/_cat/indices?v" \
-H "Authorization: ApiKey YOUR_API_KEY"
Capabilities¶
Tool Name | Description |
---|---|
opensearch_fetch_logs | Fetch logs from OpenSearch for specified pods and time ranges |
opensearch_search_logs | Search logs in OpenSearch using query patterns |