Skip to main content

OpenSearch 2.x-3.x: New Features and Ecosystem Evolution

Created: March 5, 2026 CalmOps 2 min read
Table of Contents

Introduction

OpenSearch has evolved significantly since its fork from Elasticsearch. This article explores the key features in versions 2.x and 3.x, plus the growing ecosystem.

OpenSearch 2.x Features

# Create k-NN index
PUT /vectors
{
  "settings": {
    "index": {
      "knn": true,
      "knn.algo_param.ef_search": 100
    }
  },
  "mappings": {
    "properties": {
      "embedding": {
        "type": "knn_vector",
        "dimension": 128,
        "method": {
          "name": "hnsw",
          "space_type": "cosinesimil",
          "engine": "faiss"
        }
      }
    }
  }
}

# Search vectors
POST /vectors/_search
{
  "size": 10,
  "query": {
    "knn": {
      "embedding": {
        "vector": [0.1, 0.2, ...],
        "k": 10
      }
    }
  }
}

Security Enhancements

# Field-level security
PUT /_opendistro/_security/api/roles/custom-role
{
  "index_permissions": [{
    "index_patterns": [" sensitive-*"],
    "field_security": {
      "except": ["password", "ssn"]
    }
  }]
}

Performance Improvements

# Segments merging optimization
# Improved memory management
# Better caching strategies

OpenSearch 3.x Features

# Binary vectors support
PUT /bin-vectors
{
  "mappings": {
    "properties": {
      "embedding": {
        "type": "knn_vector",
        "dimension": 128,
        "space_type": "hamming"
      }
    }
  }
}

# Hybrid search
POST /_search
{
  "query": {
    "bool": {
      "must": [
        { "knn": { "embedding": { "vector": [...], "k": 10 } } }
      ],
      "should": [
        { "match": { "content": "search query" } }
      ]
    }
  }
}

Improved Analytics

# Pipeline aggregations
POST /sales/_search
{
  "aggs": {
    "max_price": {
      "max": { "field": "price" }
    }
  }
}

OpenSearch Dashboards

Visualizations

# Create visualization
# Bar charts, line charts, pie charts
# Maps, heat maps
# Saved objects

Dashboards

# Dashboard JSON
{
  "title": "Sales Dashboard",
  "panels": [
    {"id": "chart1", "type": "line"},
    {"id": "chart2", "type": "bar"}
  ]
}

Data Prepper

Pipeline Configuration

# pipeline.yaml
pipeline:
  source:
    file:
      path: "/path/to/logs.log"
  processor:
    - grok:
        match:
          message: '%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:status}'
  sink:
    - opensearch:
        hosts: ["https://localhost:9200"]
        index: "logs"

Observability

Log Analytics

# Ingest logs
POST /_ingest/pipeline/logs
{
  "description": "Parse logs",
  "processors": [
    {
      "grok": {
        "field": "message",
        "patterns": ["%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} %{GREEDYDATA:message}"]
      }
    }
  ]
}

Conclusion

OpenSearch continues to evolve with vector search, improved security, and better performance. The ecosystem provides complete observability and analytics solutions.

Comments

Share this article

Twitter Bluesky Mastodon LinkedIn Facebook Reddit

Scan to read on mobile