We have updated our Terms of Service, Code of Conduct, and Addendum.

AWS OpenSearch Service and Cribl


Has anyone connected up an AWS Opensearch Service instance to Cribl? I created a local backend user in my domain and gave it what I thought were good permissions but I still get a 401 error when I test the connection. Can anyone share what they did to get this to work?



  • Kyle McCririe
    Kyle McCririe Posts: 29 ✭✭

    Hi, there I have set up Stream to send to Opensearch before. Can you please post a screenshot of the error?

    What destination are you attempting to use?

  • Brendan Dalpe
    Brendan Dalpe Posts: 201 mod

    Additional note for others reading this thread: Please note that only local users are supported today in Cribl Stream. IAM role authentication has been requested as an enhancement request under ticket CRIBL-5748.

  • Brendan Dalpe
    Brendan Dalpe Posts: 201 mod
    edited July 2023

    Hi @Austinr, were you able to resolve your problem? I just tested and was able to send data to an AWS hosted OpenSearch deployment.

    How I configured my instance:

    1. Created OpenSearch internal user cribl-workers.

    2. Created new OpenSearch role cribl-stream and mapped the cribl-workers user to the role.

    3. For role permissions, I granted:
      a. indices:data/write/bulk for Cluster permissions
      b. create_index and write under Index permissions mapped to my index pattern my-index-*
    4. Added a new Elasticsearch destination in Cribl Stream. I entered my Domain endpoint followed by /_bulk as the API URL.
    5. After Commit & Deploy, I ran the test and saw data in my ES instance after adding an Index mapping.