-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[META] OpenSearch Events Correlation Engine #6854
Labels
enhancement
Enhancement or improvement to existing feature or request
feature
New feature or request
Meta
Meta issue, not directly linked to a PR
Roadmap:Search
Project-wide roadmap label
Comments
sbcd90
added
enhancement
Enhancement or improvement to existing feature or request
untriaged
labels
Mar 28, 2023
6 tasks
dbwiddis
added
Meta
Meta issue, not directly linked to a PR
and removed
untriaged
labels
Apr 7, 2023
6 tasks
5 tasks
3 tasks
8 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
enhancement
Enhancement or improvement to existing feature or request
feature
New feature or request
Meta
Meta issue, not directly linked to a PR
Roadmap:Search
Project-wide roadmap label
Is your feature request related to a problem? Please describe.
OpenSearch is a scalable, flexible, and extensible open-source software suite for search, analytics, and observability applications licensed under Apache 2.0.
OpenSearch includes a data store and search engine where customers can store their business, operational, and security data from a variety of sources & run search queries on them.
Since the various customer infrastructure events, such as security events, observability events etc, spans across multiple indices & data streams, a strong correlation across these indices (or data streams) helps customers to identify patterns and dive into the relationship of events occurring across different systems in their infrastructure.
Describe the solution you'd like
Correlation Engine is an Events Knowledge Graph which can be used to identify and store connected events data spanning across multiple indices or data streams. Also, it helps generate insights by correlating the recent/historical data based on time windows provided by the client .
The Events Correlation Engine provides an approach to help customers correlate events across log sources by allowing customers to define their own Correlation Rules exactly once, while then generating correlations between events from different log sources automatically.
Describe alternatives you've considered
There are no direct alternatives to
Events Correlation Engine
inOpenSearch
today which allows correlations of events across indices based on time windows.Additional context
More detailed design covered as part of the RFC : #6779
Breaking the changes further into more granular issues for P0 items as below
Correlation Query Service
Correlation Service
The text was updated successfully, but these errors were encountered: