Green and blue background with logos and text.

OpenSearch vs. Elasticsearch

Published August 2022

With OpenSearch originating as a fork from Elasticsearch, the two databases can appear to be near-identical to the unacquainted.  However, they are unique, becoming more so with each new update.  

Here we will discuss how the two search engines compare when it comes to security, licensing, core features, documentation, community support, dashboards, machine learning, tools, plugins, and services/support.

Security out of the box

In our experience companies are most interested in controlling who can login/access the API and what data each user can view and change.  Those are going to be critical needs for the vast majority of use cases.

The free version of Elasticsearch only supports access control for user accounts that exist in Elasticsearch.  This limitation makes it hard for most companies to adopt because they are using a centralized user management system such as LDAP or OpenID.

OpenSearch includes access control for centralized user management, including LDAP and OpenID.  With Elasticsearch, you need to pay for the premium license to get this critical feature.

Basically, the full suite of security features you will likely need are available at the Elasticsearch premium level.  Whereas, you get them for free with OpenSearch.

There are a few other security features to highlight.

The premium versions of Elasticsearch include IP filtering, document-level security, encryption at rest, machine learning anomaly detection, and ransomware prevention.  The complete feature list is available on the subscriptions page.

OpenSearch provides a full suite of security with its OpenSearch Security plugin, which comes bundled with the OpenSearch distribution.  It includes a number of features for authentication, access control, and audit/compliance logging.  

A new plugin is coming soon to OpenSearch, slated for mid-September 2022, that will provide several new security features.  They are calling it the Security Analytics Solution, and it will enable OpenSearch users to detect security threats.  Feature highlights include: IP reputation, pre-built rules for common threats, threat correlation, external storage archival, and integration points with external threat feeds.

Check out the OpenSearch project roadmap for more information on this new plugin.

Licensing

There are two facets of Licensing to consider:  expert emergency support and license restrictions.

Emergency Support.

Companies want to have someone to call when things go wrong – a cluster goes down, they lose data, there’s a breach, etc. 

An Elasticsearch premium license provides that support. 

But, the same level of support is also available for free tools – free Elasticsearch, free and open source OpenSearch, and others – through third party consulting companies or through AWS OpenSearch.

OpenSearch has a Partners page that lists a number of consulting companies, including Dattell’s OpenSearch support page, that provide 24×7 support. 

We dive into support options a little deeper at the end of this article.

License Restrictions.

Much has been said about the disappointment of Elasticsearch moving from the open source Apache License, Version 2.0 to ELv2 and SSPL.  We are concerned about what the future might hold now that Elastic, a company that used to be vehemently open source, is now using licenses that are not Open Source Initiative (OSI) certified. 

OpenSearch, on the other hand, is free under the Apache License, Version 2.0.  This license is an extremely permissive license, under which users can modify, distribute, and sublicense the original code. No restrictions are set on the original code except that the source code contributors cannot be held liable by end users for any reason.

In other words, you’re free to build any product on top of the Apache License without fear that your product is infringing upon license agreements.  

With ELv2 and SSPL, you’ll need to be careful what your product does. For instance, the SSPL states “If you make the functionality of the Program or a modified version available to third parties as a service, you must make the Service Source Code available via network download to everyone at no charge…”  That’s a real concern for companies using Elasticsearch as part of their product(s).  

Here are links to the FAQ pages for ELv2, SSPL, and Apache License, Version 2.0 for more information.

Features

OpenSearch includes the following features not offered by free Elasticsearch:

In other words, when using OpenSearch you are getting these features for free, rather than paying for premium Elasticsearch. 

There are a few features that premium Elasticsearch includes that currently aren’t included with OpenSearch. 

For instance, Elasticsearch has additional aggregation features like geoshape aggregations and geohexgrid aggregations. Premium Elasticsearch also includes extra dashboard features for Kibana including Canvas (a presentation tool) and Lens (smart suggestions for data visualization).

Some features in OpenSearch come bundled as plugins.  For instance, anomaly detection alerting is baked into premium Elasticsearch. OpenSearch users, on the other hand, need to incorporate two plugins to achieve the same functionality:  anomaly detection plugin and alerting plugin. 

The plugins come included with the OpenSearch download so it’s a fairly straightforward setup.  Keep in mind though that if you’re migrating to OpenSearch, learning a new tool is always going to involve extra effort. 

The full list of features included at the free, Platinum, and Enterprise Elasticsearch levels can be found here.  When we refer to “premium Elasticsearch” we are referring to both the Platinum and Enterprise levels.

Documentation

Elastic’s documentation is extensive.  They have blog posts, product guides, training videos, webinars, discussion forums, a Slack channel, YouTube channel, a newsletter, and the list goes on. If you’re using Elasticsearch and have a general question, you have many places to go for an immediate answer.  

The OpenSearch documentation on the other hand is nascent, as you might expect for a one year old, open source technology.  There are currently gaps in documentation, such as the limited information on how to set up OpenID authentication.  

For OpenSearch’s part they are making great strides with filling in these gaps and holding community meetings twice a month where users can ask questions and propose needs for documentation.  

There is also a growing list of Partners on the OpenSearch website that offer OpenSearch consulting support and managed services. These third-party OpenSearch experts can train new users and bring firsthand experience to implementing and optimizing the search engine.

Since OpenSearch is a recent fork from Elasticsearch, users can also call on Elasticsearch documentation for most inquiries.  Set Elasticsearch’s documentation to version 7.10 and everything will apply to OpenSearch (but not to OpenSearch plugins). 

Community

The role of the community is different for the two technologies.  

OpenSearch encourages contributions from the community.  This approach allows OpenSearch to move quickly to add new features with the help of community members.  Users can submit pull requests, open up new issues, or leave feedback within the OpenSearch GitHub repositories

OpenSearch also has an active forum that includes a wide range of topics for Announcements, General Feedback, Community, Security, Plugins, and others.  

The aforementioned bi-weekly community meetings are held online to encourage broad participation. And the first ever OpenSearchCon is being held September 21, 2022 in Seattle. Here’s the link to the events page for more information on community events.  

Elastic allows contributions from community members through the Elastic GitHub repository. However, Elastic only lets employees commit changes.  The drawback to this approach is that changes will be prioritized according to what most benefits Elastic versus what most benefits the community / users.

Elastic also hosts a broad range of events, both virtual and in person. See their events page for more information.

Dashboards

Kibana has some functionality not included with OpenSearch Dashboards (also sometimes simply referred to as Dashboards). For instance, Canvas and Lens allow for presentation mode and drag-and-drop visualizations. 

Additionally, Kibana Maps makes for easier visualization and analysis of geospatial data.  Whether these features will be helpful will depend on your use case.

OpenSearch Dashboards includes all of the visualization capabilities available in Kibana version 7.10.2.  In addition, OpenSearch sees their dashboarding tool moving in a unique direction, rather than matching Elastic’s features. 

It is great for users that Kibana and OpenSearch are going to start looking like unique products, not just copycats.  With options comes real advancement.  

For instance, Grafana is a fork from Kibana and rather than being a duplicate service, it instead offers unique benefits.  Similarly, OpenSearch Dashboards is moving in the direction of becoming a standalone tool apart from OpenSearch.  This way it’s both useful as a companion to OpenSearch and also alongside other databases.  

Additionally, there are new features coming to OpenSearch such as the ability to add and remove extensions on the fly without taking the cluster down. 

Machine Learning

Currently the machine learning (ML) capabilities of both OpenSearch and Elasticsearch are limited by their use of CPUs.  

For any substantial projects it’s better to use tools specifically built for ML, such as TensorFlow or Pytorch, because they make use of GPUs and are purpose-built for ML.

For users that want to run ML within the database, there are a few features to highlight.  OpenSearch has made it easier in recent versions for users to run and add ML models through their ML Commons. K-Means and Random Cut Forest (RCF) are both supported.

Elasticsearch offers machine learning for anomaly detection and also for making future projections. Most of the machine learning tools are only available in the premium versions of Elasticsearch. 

If you decide to use OpenSearch or Elasticsearch for ML, then create specific ML instances to prevent CPU competition.

Toolkit for Log Collection & Aggregation

The Elasticsearch companion tools are an established ecosystem.  Logstash ingests and transforms data.  It can add structure to unstructured data, anonymize individual fields, and decipher locations from IP addresses.  Beats are single-purpose data shippers that send data from up to thousands of machines to Logstash or Elasticsearch.

OpenSearch can be supported by a number of tools, including Logstash and Beats.  Others include Fluentd, Fluent Bit, OpenTelemetry Collector, and Data Prepper.  

Data Prepper is an OpenSearch project for accepting, filtering, transforming, enriching, and routing data. Currently Data Prepper can process distributed trace data and log ingestion.  Future releases will support metric data.

Both technologies work well with Apache Kafka, a stream-processing platform that can handle high volumes of data (trillions of events per day) and guarantees all data will be delivered.

Plugins

Plugins allow users to enhance database functionality.  Elasticsearch and OpenSearch both have a set of plugins available.  The Elasticsearch plugin list is available here, and the OpenSearch plugin list is here.

OpenSearch has a variety of plugins, including for security, cross cluster replication, alerting, and scheduling. 

Elasticsearch has plugins that help to customize Elasticsearch for particular use cases.  They include plugins for mapping, analysis, script engines, and discovery.

Services and Support

OpenSearch has been turned into a service offering from Oracle and of course AWS.  And there are a number of managed services and consulting support Partners (https://opensearch.org/partners) listed on the OpenSearch website, including Dattell. 

Because of Elastic’s licensing, the newer versions of Elasticsearch cannot be provided as a packaged service by any parties other than Elastic itself.  However, there are still third party consulting companies that offer preventative maintenance and support services, including Dattell. 

Elastic has a Partner page as well.  It is designed more as a reseller channel than a consulting arm of the organization.  To learn more about partners check out the Elastic Partners page.

Summarizing OpenSearch vs. Elasticsearch

In summary, OpenSearch is completely free and comes with a full suite of security features, with even more in the works. It’s missing some documentation and has a smaller community, but we see many companies working consistently to fill those gaps. 

Elasticsearch’s premium offerings come with more features, especially for visualization, and Elastic has a great library of documentation and tutorials. But, premium Elasticsearch can come at a hefty price, and the licensing changes are a real concern.

If your company has extra money to throw around (and we can be talking on the order of hundreds of thousands or millions depending on cluster size, etc.) then using Elasticsearch can be the easier approach in the near-term.  

If you want to save on the budget, then use OpenSearch over free Elasticsearch because OpenSearch comes with additional features, importantly a full suite of security features.  It will take a little extra training and support in the beginning, but the ROI is outstanding.

Looking for support?

Dattell provides 24×7 support and managed services for OpenSearch and Elasticsearch on our clients’ environments.