Introducing the new Open Distro for Elasticsearch plugin for Grafana, also available in Amazon Managed Service for Grafana

Published: 19 Apr 2021

Back in December, Amazon Web Services (AWS) and Grafana Labs partnered to launch the Amazon Managed Service for Grafana in a preview to a limited set of customers. Amazon Managed Service for Grafana is a scalable managed offering that provides AWS customers a native way to run Grafana directly within AWS alongside all their other AWS services. 

Now, anyone can sign up for Amazon Managed Service for Grafana and seamlessly upgrade to the full Grafana Enterprise experience , which allows them to amplify their existing IT investments by bringing data together through data source plugins for ServiceNow, Splunk, Snowflake, Datadog, MongoDB, Oracle, New Relic, Dynatrace, Wavefront, SignalFx, and AppDynamics. Grafana Enterprise customers get expert 24x7x365 support directly from Grafana Labs, as well as customized training and professional services. 

If you’re already using Amazon Managed Service for Grafana, you can start a 30-day trial of Grafana Enterprise here .

Grafana Labs, in partnership with AWS, is also making available a new Open Distro for Elasticsearch data source plugin . This plugin is designed for users of Amazon Elasticsearch Service and Open Distro for Elasticsearch, which is an Apache 2.0-licensed distribution of Elasticsearch enhanced with enterprise security, alerting, SQL, and more. The new Open Distro for Elasticsearch plugin further extends Grafana’s plugin ecosystem, as we recently announced the Grafana data source plugin for Elasticsearch developed in partnership with Elastic.co , the creators of Elasticsearch.

The Open Distro for Elasticsearch plugin, which also works with OpenSearch , includes support for Piped Processing language (PPL ), a new way to write complex queries in Elasticsearch and quickly explore and discover data. An alternative to Elasticsearch Domain Specific Language statements or queries with JSON objects, PPL queries consist of a set of commands delimited by pipes. Pipes allow you to combine two or more commands as a chain; the output of one command acts as an input for the next command. For example, you can search for keywords and take the results from the command on the left of the pipe and apply them to the command on the right of the pipe. 

Below is a sample PPL query using the default sample data in Elasticsearch. The query is searching for client IPs that have 503 and 404 errors in the logs:

source=kibana_sample_data_logs
| fields host, clientip, response, bytes
| where response='503' or response='404'
| stats count() as ip_count, sum(bytes) as sum_bytes by host, response
| rename response as resp_code
| sort - ip_count, + sum_bytes
| eval per_ip_bytes=sum_bytes/ip_count,
double_per_ip_bytes = 2 * per_ip_bytes

Or a simple version:

source=kibana_sample_data_logs
| fields host, clientip, response, bytes
| where response='503' or response='404'
| stats count() as ip_count, sum(bytes) as sum_bytes by host, response

You can read more about the Open Distro for Elasticsearch plugin here , and register for a joint AWS + Grafana Labs webinar on April 22 to learn more about Amazon Managed Service for Grafana, Grafana Enterprise, and the Open Distro for Elasticsearch plugin.