New Blog --> Crushing False Positives: Supercharging SOC Efficiency with Smarter Threat Intel
New Blog --> Crushing False Positives: Supercharging SOC Efficiency with Smarter Threat Intel
Start Free Trial

ChaosSearch Blog

10 MIN READ

OpenSearch vs. Elasticsearch: Which is Better?

OpenSearch vs. Elasticsearch: Which is Better?
10:42

Following its release under the open-source Apache 2.0 license in 2010, Elasticsearch rose to prominence as the world’s most popular enterprise search engine. Elasticsearch is frequently deployed alongside Logstash and Kibana, a combination known as the ELK stack, to enable log analytics use cases that include application observability, security log analysis, and understanding user behavior.

In 2015, Amazon took advantage of that open-source license to launch Amazon Elasticsearch Service (Amazon ES), a cloud-based managed service that would allow AWS customers to launch scalable Elasticsearch clusters, connect data sources to cluster endpoints, and load, process, analyze, or visualize data in the cloud.

But developers at Elastic N.V. would eventually object to Amazon’s use of their product and trademarks, filing suit against the tech giant in 2019 for alleged trademark infringement and false advertising. Elastic and Amazon would resolve the litigation in 2021 with two important developments:

  1. In January 2021, Elastic N.V. announced that, beginning with version 7.11, Elasticsearch would be licensed under Server Side Public License (SSPL) and the Elastic License. This change prevents Amazon and other companies from providing Elasticsearch as a service without collaborating directly with Elastic.
  2. In April 2021, Amazon announced that it would fork the last open-source version of Elasticsearch (7.10.2) to launch a new open-source search engine project. Since the name “Elasticsearch” could no longer be used, the new project would be known as OpenSearch. Amazon would also offer OpenSearch as a cloud service under the name “Amazon OpenSearch Service”.

Going beyond the history of these two search solutions, we’ll take a closer look at how Opensearch and Elasticsearch have diverged over the past 2.5 years and which one is best for your AWS log analytics or enterprise search application.

 

Is OpenSearch or Elasticsearch Better

 

OpenSearch vs. Elasticsearch: What’s the Same?

OpenSearch was developed from a relatively advanced fork of Elasticsearch, so all the basic functionality of search, analytics, and dashboards in the two applications are the same.

OpenSearch and Elasticsearch both offer a multi-tenant architecture and analytics engine with full-text search and distributed search capabilities. As such, both OpenSearch and Elasticsearch can be used to fulfill website search, enterprise search, and log analytics use cases.

In the next section, we’ll explore key differences between OpenSearch and Elasticsearch across six dimensions: licensing, community, features, security, performance, and pricing.

 

Are Elasticsearch or OpenSearch Serverless Architectures Effective? Check out the blog!

 

OpenSearch vs. Elasticsearch: What’s the Difference?

When you’re comparing OpenSearch and Elasticsearch, these are the key differences.

  1. Licensing
  2. Community
  3. Features
  4. Security
  5. Performance
  6. Pricing

We’ll discuss each in further detail, below.

 

Licensing

Prior to 2021, Elasticsearch was available for public use under the Apache 2.0 license. This license allowed users to use, distribute, or modify the software for any purpose, as well as to distribute modified versions of Elasticsearch without having to pay any royalties.

Following their dispute with Amazon, Elasticsearch is now licensed under the SSPL and Elastic license. After this change, Elasticsearch is no longer considered open source as the licensing now requires anyone offering Elasticsearch functionality to a 3rd party to release the entire source code and all APIs necessary for the 3rd party to run it themselves.

OpenSearch is currently licensed under the Apache 2.0 license.

 

Community

Both OpenSearch and Elasticsearch have healthy, engaged, and devoted communities, so it’s unlikely that either search engine will fall far behind in feature offerings or go unsupported anytime soon.

However, looking at the codebases for each of these solutions on GitHub reveals that the Elasticsearch codebase has had a greater number of commits over the past year compared to OpenSearch.

 

OpenSearch Codebase Commits

Image Source

Graph illustrating the number of new commits to the OpenSearch code base over the past 12 months.

 

Elasticsearch Codebase Commits

Image Source

Graph illustrating the number of new commits to the Elasticsearch codebase over the past 12 months.

 

This isn’t a totally fair comparison, as the Elasticsearch codebase also includes code for the X-Pack Elasticsearch plugin, which provides alerting, monitoring, and machine learning features on top of Elasticsearch (the comparable features for OpenSearch are in a different codebase). Still, the high number of commits suggests that Elasticsearch is being developed and improved at a faster rate compared to the OpenSearch project.

 

Features

When Amazon initially forked Elasticsearch 7.10.2 to create OpenSearch, they first had to remove all code that was not compatible with the Apache 2.0 license. This included disabling all telemetry collection functionality and removing the entire Elastic X-Pack code.

These changes resulted in a significant loss of functionality for the earliest versions of OpenSearch, but Amazon is continuing to deliver new OpenSearch features via external plugins/connectors that can replace these capabilities. So instead of the original telemetry collection features from Elasticsearch, AWS customers can use the OpenTelemetry Collector plugin to collect and format telemetry data. There’s also an OpenSearch Observability plugin that can be used to analyze telemetry data from distributed applications.

Elasticsearch and Kibana are still typically used together, while Amazon has developed its own visualization tool called OpenSearch Dashboards by forking Kibana.

 

Security

Elasticsearch and OpenSearch are equipped with many of the same security features - but while these features are all included with OpenSearch, some are only available on Elasticsearch to paying customers.

Basic security features like password protection and data encryption are included with OpenSearch and with the free version of Elasticsearch. But Elasticsearch users will need to upgrade to a premium subscription (Gold, Platinum, or Enterprise) before taking advantage of advanced security features, including role-based access control (RBAC), field and document level security, and audit logging.

 

Save Your Sanity: Achieving the Security Data Lake. Lay the right foundation for your organization's growth. Download Report.

 

Performance

If you’re performing search operations at scale, you’re probably interested in knowing which of these search engines can deliver faster queries. Elastic recently published a blog covering this exact topic, titled “Elasticsearch vs. OpenSearch: Unraveling the performance gap”.

The blog cites findings from an investigation by TechTarget’s Enterprise Strategy Group that compared Elasticsearch and OpenSearch performance across six areas: text querying, sorting, date histogram, terms, and ranges. Overall, it was found that the Elasticsearch engine is 40-140% faster than OpenSearch while consuming fewer compute resources.

 

Pricing

The self-managed versions of Elasticsearch and OpenSearch can be downloaded for free, but users will need to install, manage, and operate them using their own hardware and computing resources.

The more common way to use these search engines is in the cloud - either with the Elastic Cloud (available on multiple public cloud providers) or with Amazon OpenSearch Service. Elastic Cloud pricing starts at $95+/month for a Standard subscription, while AWS customers can start using OpenSearch Service for free if they remain under the AWS Free Tier usage limits.

OpenSearch users also get access to the full OpenSearch feature set, while some Elasticsearch features are only available for users in the Gold, Platinum, or Enterprise subscription tiers. Actual pay-per-use costs for both Elasticsearch and Amazon OpenSearch Service will vary between users, but both providers offer a tool that lets you estimate costs:

Estimate Amazon OpenSearch Service Costs

Estimate Elastic Cloud Costs

 

How Does ChaosSearch Compare with OpenSearch and ElasticSearch?

Elasticsearch and OpenSearch are diverging in some notable ways, but they’re ultimately cut from the same cloth - Elasticsearch 7.10.2. And while there are some minor differences, the two solutions are pretty comparable at this point for the vast majority of mainstream use cases.

So whether you’re choosing to adopt Elasticsearch or Amazon OpenSearch to enable log analytics at scale, you’ll likely face many of the same challenges we’ve described in the past:

  • Complex management requirements related to configuring log ingest, managing data pipelines, clusters, and sharding, and handling exceptions
  • High cost of ownership that increases exponentially as daily log ingest increases
  • Stability and uptime challenges as search indices grow increasingly large
  • Scalability issues
  • Data retention trade-offs where users start limiting data retention to reduce storage costs

ChaosSearch provides an alternative to Elasticsearch and OpenSearch that delivers reduced management overhead and high scalability with no data retention trade-offs and lower total cost of ownership (TCO). It also provide capabilities well beyond both Elasticsearch and OpenSearch, such as automated ingestion with dynamic schema detection, as well as true multi-model support such as SQL (e.g correlations) and Generative AI (i.e. conversational) - one platform, multiple interfaces.

 

ChaosSearch Analytical Database

 

ChaosSearch users can land their data directly in Amazon S3 or GCS, taking advantage of the most durable, scalable, and cost-effective public cloud storage. By seamlessly transforming this cloud storage into a dynamic analytical database, it integrates diverse data streams, streamlines intricate pipelines, and delivers at-scale actionable insights through Search+SQL+GenAI analytics.

By eliminating manual redundancies and activating static data lakes, ChaosSearch provides businesses with both real-time and historical intelligence, ultimately creating a world where data is not just stored but becomes a dynamic force driving growth and innovation.

 

Ready to learn more?

Download our free guide Considering the Switch from ELK to see how you can calculate the TCO of your existing ELK stack solution and build a rock-solid business case for switching to ChaosSearch.

 

Considering the switch from ELK? Build a rock-solid business case with this detailed guide & workbook!

About the Author, David Bunting

David Bunting is the Director of Demand Generation at ChaosSearch, the cloud data platform simplifying log analysis, cloud-native security, and application insights. Since 2019 David has worked tirelessly to bring ChaosSearch’s revolutionary technology to engineering teams, garnering the company such accolades as the Data Breakthrough Award and Cybersecurity Excellence Award. A veteran of LogMeIn and OutSystems, David has spent 20 years creating revenue growth and developing teams for SaaS and PaaS solutions. More posts by David Bunting