Skip to content

[DOCS-12318] Add data streams option #33555

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
maycmlee wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[DOCS-12318] Add data streams option #33555

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 17 additions & 2 deletions content/en/observability_pipelines/destinations/amazon_opensearch.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,20 @@ Set up the Amazon OpenSearch destination and its environment variables when you

### Set up the destination

1. Optionally, enter the name of the Amazon OpenSearch index. See [template syntax][3] if you want to route logs to different indexes based on specific fields in your logs.
1. In the **Mode** dropdown menu, select **Bulk** or **Data streams**.
- **Bulk** mode
- Uses Amazon OpenSearch's [Bulk API][4] to send batched events directly into a standard index.
- Choose this mode when you want direct control over index naming and lifecycle management. Data is appended to the index you specify, and you are responsible for handling rollovers, deletions, and mappings.
- To configure **Bulk** mode:
- In the **Index** field, optionally enter the name of the Amazon OpenSearch index. You can use [template syntax][3] to dynamically route logs to different indexes based on specific fields in your logs, for example `logs-{{service}}`.
- **Data streams** mode
- Uses [Amazon OpenSearch Data Streams][5] for log storage. Data streams automatically manage backing indexes and rollovers, making them ideal for timeseries log data.
- Choose this mode when you want Amazon OpenSearch to manage the index lifecycle for you. Data streams ensures smooth rollovers, Index Lifecycle Management (ILM) compatibility, and optimized handling of time-based data.
- To configure **Data streams** mode, optionally define the data stream name (default is `logs-generic-default`) by entering the following information:
- In the **Type** field, enter the category of data being ingested, for example `logs`.
- In the **Dataset** field, specify the format or data source that describes the structure, for example `apache`.
- In the **Namespace** field, enter the grouping for organizing your data streams, for example `production`.
- In the UI, there is a preview of the data stream name you configured. With the above example inputs, the data stream name that the Worker writes to is `logs-apache-production`.
1. Select an authentication strategy, **Basic** or **AWS**. For **AWS**, enter the AWS region.
1. Optionally, toggle the switch to enable **Buffering Options**.<br>**Note**: Buffering options is in Preview. Contact your account manager to request access.
- If left disabled, the maximum size for buffering is 500 events.
Expand All @@ -40,4 +53,6 @@ A batch of events is flushed when one of these parameters is met. See [event bat

[1]: https://app.datadoghq.com/observability-pipelines
[2]: /observability_pipelines/destinations/#event-batching
[3]: /observability_pipelines/destinations/#template-syntax
[3]: /observability_pipelines/destinations/#template-syntax
[4]: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/gsgupload-data.html
Copy link
Contributor Author

@maycmlee maycmlee Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mikhacim can you confirm that this is the correct link for Amazon OpenSearch bulk API?

[5]: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/data-streams.html
19 changes: 17 additions & 2 deletions content/en/observability_pipelines/destinations/opensearch.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,20 @@ Set up the OpenSearch destination and its environment variables when you [set up

### Set up the destination

1. Optionally, enter the name of the OpenSearch index. See [template syntax][3] if you want to route logs to different indexes based on specific fields in your logs.
1. In the **Mode** dropdown menu, select **Bulk** or **Data streams**.
- **Bulk** mode
- Uses OpenSearch's [Bulk API][4] to send batched events directly into a standard index.
- Choose this mode when you want direct control over index naming and lifecycle management. Data is appended to the index you specify, and you are responsible for handling rollovers, deletions, and mappings.
- To configure **Bulk** mode:
- In the **Index** field, optionally enter the name of the OpenSearch index. You can use [template syntax][3] to dynamically route logs to different indexes based on specific fields in your logs, for example `logs-{{service}}`.
- **Data streams** mode
- Uses [OpenSearch Data Streams][5] for log storage. Data streams automatically manage backing indexes and rollovers, making them ideal for timeseries log data.
- Choose this mode when you want OpenSearch to manage the index lifecycle for you. Data streams ensures smooth rollovers, Index Lifecycle Management (ILM) compatibility, and optimized handling of time-based data.
- To configure **Data streams** mode, optionally define the data stream name (default is `logs-generic-default`) by entering the following information:
- In the **Type** field, enter the category of data being ingested, for example `logs`.
- In the **Dataset** field, specify the format or data source that describes the structure, for example `apache`.
- In the **Namespace** field, enter the grouping for organizing your data streams, for example `production`.
- In the UI, there is a preview of the data stream name you configured. With the above example inputs, the data stream name that the Worker writes to is `logs-apache-production`.
1. Optionally, toggle the switch to enable **Buffering Options**.<br>**Note**: Buffering options is in Preview. Contact your account manager to request access.
- If left disabled, the maximum size for buffering is 500 events.
- If enabled:
Expand All @@ -39,4 +52,6 @@ A batch of events is flushed when one of these parameters is met. See [event bat

[1]: https://app.datadoghq.com/observability-pipelines
[2]: /observability_pipelines/destinations/#event-batching
[3]: /observability_pipelines/destinations/#template-syntax
[3]: /observability_pipelines/destinations/#template-syntax
[4]: https://docs.opensearch.org/latest/api-reference/document-apis/bulk/
Copy link
Contributor Author

@maycmlee maycmlee Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mikhacim can you also confirm that this is the correct link for OpenSearch bulk API?

[5]: https://docs.opensearch.org/latest/im-plugin/data-streams/
Loading