Clone this repository on your Docker host, cd into directory and run the following command:

git clone
cd opensearch-lab-test

cd opensearch
openssl genrsa -out key.pem 2048 
openssl rsa -in key.pem -outform PEM -pubout -out public.pem 
chmod 644 *.pem

sed -i  's/KEY_REPLACE_ME/YOUR_AWS_S3_ACCESS_KEY/' Dockerfile

cd ..
ADMIN_USER=admin ADMIN_PASSWORD=admin ADMIN_PASSWORD_HASH=JDJhJDE0JE91S1FrN0Z0VEsyWmhrQVpON1VzdHVLSDkyWHdsN0xNbEZYdnNIZm1pb2d1blg4Y09mL0ZP docker-compose up -d

Creating fake logs send then in Opensearch in logstash-* index

docker run -it  --log-driver fluentd --net host  --log-opt fluentd-address= --log-opt tag=es --rm mingrammer/flog -b 104857600


  • Docker Engine >= 1.13
  • Docker Compose >= 1.11

Make sure the Linux setting vm.max_map_count is set to at least 262144. Even if you use the Docker image, set this value on the host machine. To check the current value, run this command:

cat /proc/sys/vm/max_map_count

To increase the value, add the following line to /etc/sysctl.conf:


Then run sudo sysctl -p to reload.


  • Opensearch and Opensearch Dashboard http://<host-ip>:5601
  • Cerebro http://<host-ip>:9000
  • Prometheus (metrics database) http://<host-ip>:9090
  • Grafana (visualize metrics) http://<host-ip>:3000
  • NodeExporter (host metrics collector)
  • cAdvisor (containers metrics collector)
  • Caddy (reverse proxy and basic auth provider for prometheus)

Cheatsheet for testing snaphost

#Snaphot S3 Repository with Encrypted Repository Plugin for OpenSearch

PUT _snapshot/enc
    "type": "encrypted",
    "settings": {
      "storage_type": "s3",   
      "client": "default",
      "bucket": "",
      "base_path": "enc"

#Snaphot S3 Repository 

PUT _snapshot/noenc
  "type": "s3",
  "settings": {
      "client": "default",
      "bucket": "YOUR_BUCKET_NAME",
      "base_path": "noenc"

GET _cat/indices

# Create snaphost with Encrypted Repository Plugin

PUT _snapshot/enc/test1
  "indices": "logstash-*",
  "ignore_unavailable": true,
  "include_global_state": false,
  "partial": false

GET _snapshot/enc/test1

# Create without Encrypted Repository Plugin
PUT _snapshot/noenc/test1
  "indices": "logstash-*",
  "ignore_unavailable": true,
  "include_global_state": false,
  "partial": false

GET _snapshot/noenc/test1

# Restoring snaphost from none encrypted repository

POST _snapshot/noenc/test1/_restore
  "indices": "logstash-*",
  "ignore_unavailable": true,
  "include_global_state": false,
  "include_aliases": false,
  "partial": false,
  "rename_pattern": "(.+)",
  "rename_replacement": "noenc-$1",
  "index_settings": {
    "index.blocks.read_only": false
  "ignore_index_settings": [

 GET _cat/recovery/noenc-logstash-2022.07.06
# Restoring snaphost from encrypted repository

 POST _snapshot/enc/test1/_restore
  "indices": "logstash-*",
  "ignore_unavailable": true,
  "include_global_state": false,
  "include_aliases": false,
  "partial": false,
  "rename_pattern": "(.+)",
  "rename_replacement": "enc-$1",
  "index_settings": {
    "index.blocks.read_only": false
  "ignore_index_settings": [
  GET _cat/recovery/enc-logstash-2022.07.06