1. What is OpenSearch?
Amazon OpenSearch Service is a managed search, log analytics, and real-time monitoring service using the OpenSearch engine (successor to Elasticsearch).
Core Concept
OpenSearch = search + log analytics. Full-text search with relevance scoring. ELK stack replacement (OpenSearch + Dashboards). Real-time indexing (~1s). NOT a data warehouse or general SQL database.
2. Key Characteristics
- Full-text search with relevance scoring
- Near real-time indexing (~1 second)
- OpenSearch Dashboards (ex-Kibana) for visualization
- Multi-AZ HA. Encryption at rest + in transit.
- Serverless option (no cluster management)
- Scales to PBs, hundreds of nodes
3. Common Patterns
4. Data Ingestion
- Kinesis Firehose: most common, near real-time, managed
- CloudWatch Logs: subscription filter → OpenSearch
- DynamoDB Streams: → Lambda → OpenSearch
- Application: direct REST API calls
5. Athena vs Redshift vs OpenSearch
Exam Tip
OpenSearch: "Full-text search" = OpenSearch. "ELK replacement" = OpenSearch + Dashboards. "Search DynamoDB" = DDB Streams → Lambda → OpenSearch. "Clickstream real-time" = Kinesis → OpenSearch. NOT for SQL analytics (Athena) or warehouse (Redshift).