40 results found
-
A unified search, alarm & dashboarding experience in OpenSearch
As a security analyst,
I want to have a unified alerting, dashboarding and search experience in my SIEM, so that our capabilities are not spread across multiple plugins with differing query languages.
Currently between Dashboards/Discover, Security Analytics, Observability there is not a unified experience, it is extremely confusing and difficult to use, and to make this harder each component has a different set of upstream repositories and seemingly little co-ordination between them in features, documentation and bug fixes, making the experience very confusing and difficult.
2 votes -
Search a string as another data type in OpenSearch
As a security or data analyst,
I want to be able to treat a string as another data type at search, for example searching the string "1" as an integer upon search, so that I can search data appropriately without having to update the mapping and reindex all data.
2 votes -
OpenSearch Dashboards range pickers in Visualisations
As a security analyst,
I want to utilise 'range' in visualisations without having to Edit Query as DSL,
so that I can save time and also have people without extensive DSL knowledge create visualisations.2 votes -
Keep OpenSearch Security Plugin SIGMA rules up to date.
As a security analyst and operator,
I want to utilise up-to-date SIGMA rules in the OpenSearch Security Plugin, so that I can utilise current contributions from the opensource community.
For example - at the time of writing this - the Okta rules in Security Plugin repo (main branch) have not been updated since February 2023 - with 13 rules available , while the SIGMA repo (master branch) Okta rules were last updated in December 2023 - with 21 rules available, notably including rules based on the high-profile Okta breach in 2023.
This can be observed across many rule categories, with…
2 votes -
View the underlying data of a visualisations in OpenSearch Dashboard
As an OpenSearch user
I want to view the data underneath the visualisation
so that I can quickly identify root cause of some abnormal behaviour of my system2 votes -
Opensearch Large Shard Warning
As an operator of Opensearch,
I want to be alerted when my shards are outside of recommend best practices of 10-50GB / shard,
so that I can avoid having overly large shard size cause performance problems for ingestion and query.In addition, please tell me how within the alert to split my shards if they do get too large.
1 voteThanks Jason. We can roadmap this. WIll update the idea when we have more concrete timeline
-
Enable all cross cluster replication APIs
As an OpenSearch operator
I want to be able to pause, stop, and start cross cluster replication
so that I can use this feature to support failover in a disaster recovery scenario.Typically in Elasticsearch or Opensearch, CCR can be used to support a DR deployment by placing two clusters (a leader and follower) in separate regions. When the leader cluster becomes unavailable, applications/clients can failover to the follower cluster by stopping replication on the following cluster which makes it a regular index.
https://opensearch.org/docs/latest/tuning-your-cluster/replication-plugin/api/
1 voteCurrently we are controlling this process of start/pause etc so we can control replication process during the entire cluster's lifecycle (through all the node recycling, upgrading etc.) to ensure the stability of our services.
I put this to Gather interest, I am also aware of the failover capability mentioned in the ideas as well (we have different ideas ticket for that), this is something we can have a look and see if we need to expose all APIs if the main usecase is failover
-
OpenSearch compute-optimized and storage-optimized clusters
As an architect
I want to create right-sized clusters for my use case
so that I can get the most value.Currently, all the OpenSearch clusters have a 1:4 CPU:RAM ratio. High throughput application search use cases often have small data sets and can benefit from more relative CPU than RAM or disk (e.g. 1:2 CPU:RAM ratio). Logging use cases with large volumes of data may benefit from storage optimized instances with 1:8 CPU:RAM ratio with more disk.
1 vote -
Support two-zone OpenSearch clusters
As an OpenSearch architect
I want to provision the minimum amount of hardware I need to meet my requirements
so that I can optimize costs.Currently, OpenSearch on Aiven only supports 3 AZ deployments for production-grade plans. OpenSearch clusters with data nodes deployed across 2 AZs can be considered production-grade as long as you have master nodes across 3 AZs.
1 vote -
Set BASE_URL for Opensearch dashboards
As Opensearch Administrator
I want to be able to set custom Base_URLs for my OpenSearch clusters
so that I can simplify usage for my customers when they have multiple OS services per group/client/customer.1 vote -
The ability to Reduce logs in OpenSearch
As a security analyst,
I want to 'reduce' the logs searched to reduce the data to common patterns, allowing me to easily see meaningful events.
1 vote -
Add the ability to remove 'count' column in Table visualisations in OpenSearch
As a security analyst,
I want to remove the 'count' column in Table visualisation, so that the data irrelevant to what we need is not displayed.
1 voteI will raise an upstream ticket on this
-
Save comments in OpenSearch searches
As a security analyst,
I want to add comments into my searches within Discover, so that we have a shared history and understanding of what the intention of a search or part thereof is for.
1 vote -
Professional or Customer Support for OpenSearch Use
As a security analyst or operator,
I want to have support in using OpenSearch effectively for my use-case, so that I can have success in using this (complex, confusing, disparate) system as a SIEM without expending countless hours in trying to troubleshoot or effectively utilise the tool.
1 vote -
filter by backend cluster setting
As an application developer
I want to add an advanced configuration for cluster setting 'plugins.alerting.filterbybackend_roles'
so that I can prevent users from different tenants from seeing each other's monitorsCurrently unable to implement the following due to the current limitation: https://opensearch.org/docs/latest/observing-your-data/alerting/security/
1 voteThis is currently an advanced configuration for Security Plugin on OpenSearch upstream, we are evaluating this idea will comeback to this later on this quarter. This idea is valid and put it in Gathering Interest state now in a meantime
-
Allow changing of OpenSearch configurable limits
As a customer
I want to change the configurable limits in OpenSearch
so that I can change things like https://opensearch.org/docs/latest/install-and-configure/configuring-opensearch/circuit-breaker/ when doing one-off large operations like deleting a bulk amount of data1 vote -
Add Support for building Generative AI pipeline
As an product engineer for a Generative AI application
I want to build my entire GenAI app on top of OpenSearch
so that I can leverage OpenSearch's advance search capability1 vote -
Multiple OpenSearch datasource for a single OpenSearch Dashboard
As an DevOps engineer, database admin
I want to integrate a multiple OpenSearch datasource into a single OpenSearch Dashboard
so that I do not have to have too many different OpenSearch dashboard running at the same time
In addition, single OpenSearch Dashboard is easier to manage and shared across multiple teams.1 vote -
min_index_buffer_size setting in Aiven for OpenSearch
As a customer
I want to be able to setmin_index_buffer_sizeas an OpenSearch advanced config
so that I can manage the memory usage of my OpenSearch1 vote -
Performance Insights for OpenSearch
As an OpenSearch administrator I would like to see performance statistics and possibly root cause analysis for any performance issues. OpenSearch project has Performance Analyzer plugin as well as root cause analysis framework for performance optimisation.
https://opensearch.org/docs/latest/monitoring-your-cluster/pa/index/
https://opensearch.org/docs/latest/monitoring-your-cluster/pa/rca/index/0 votes
- Don't see your idea?