π¦ 1. What is Elasticsearch?
-
A search engine designed for log and text data.
-
Stores large volumes of logs and lets you search/filter them quickly.
-
Part of the Elastic Stack.
πΊ 2. What is ELK Stack?
ELK = Elasticsearch + Logstash + Kibana
| Component | Role |
|---|---|
| Elasticsearch | Stores and indexes logs |
| Logstash | Parses and transforms log data |
| Kibana | UI for searching and dashboards |
Example:
-
You send syslogs to Logstash
-
It parses and sends them to Elasticsearch
-
You view logs via Kibana
β οΈ Problem with ELK:
Elastic (the company) changed their license model to a non-open-source license after v7.x.
π 3. What is OpenSearch?
-
A fully open-source fork of Elasticsearch + Kibana
-
Maintained by Amazon AWS
-
Same APIs and functionality
-
Used in place of Elasticsearch by Graylog and others
Summary:
| Tool | Origin | License | Still Open? | Works with Graylog? |
|---|---|---|---|---|
| Elasticsearch | Elastic.co | Was Apache, now SSPL | β No (new versions) | β (v7.10 last supported) |
| OpenSearch | AWS | Apache 2.0 | β Yes | β Yes (preferred) |
π§ TL;DR
-
Elasticsearch = powerful log search engine
-
ELK Stack = Elasticsearch + Logstash + Kibana (full log pipeline)
-
OpenSearch = open-source drop-in replacement for Elasticsearch
-
Graylog uses OpenSearch to store/search logs (you donβt interact with it directly)
You can think of OpenSearch as the log database behind the scenes.