Hot Take: Elasticsearch 8.15 Is Overpriced—Use OpenSearch 2.12 for Log Aggregation

The debate over open-source search and analytics tools has raged since Elastic switched Elasticsearch to the SSPL and Elastic License 2.0 in 2021. For teams using these tools purely for log aggregation, the latest Elasticsearch 8.15 release has made the cost-benefit analysis even more lopsided. Here’s why OpenSearch 2.12 is the smarter choice for log-focused workloads.

Why Elasticsearch 8.15 Is a Costly Fit for Log Aggregation

Elasticsearch 8.15 ships with a host of enterprise-grade features: native vector search for AI workloads, advanced machine learning models for anomaly detection, and deep integrations with Elastic’s managed cloud platform. But for teams only aggregating, searching, and visualizing application and infrastructure logs, these features are unused bloat.

Licensing is the biggest pain point. Under Elastic License 2.0, production use of Elasticsearch without a paid subscription requires strict compliance with usage limits, and even small-scale deployments can incur steep per-node fees for enterprise support and advanced features. For a 5-node cluster handling 100GB of logs per day, annual Elasticsearch licensing costs can easily exceed $15,000—money that could be better spent on storage or additional observability tools.

Beyond licensing, Elasticsearch 8.15 introduces breaking API changes from the 7.x line that OpenSearch is based on, adding migration friction if you’re moving from older Elasticsearch versions. For log aggregation, where stability and low overhead matter more than cutting-edge AI features, this churn is unnecessary.

OpenSearch 2.12: The Open-Source, Cost-Effective Alternative

OpenSearch is the Apache 2.0-licensed fork of Elasticsearch 7.10.2, maintained by the OpenSearch Project (backed by AWS and a broad community of contributors). Version 2.12, released in Q3 2024, includes all the core features log aggregation teams rely on: full-text search, fast aggregations, index lifecycle management (ILM), and security plugins for role-based access control.

Best of all, OpenSearch has no licensing fees. You can deploy it on-premises, in your own cloud environment, or use managed OpenSearch services (like AWS OpenSearch Service) at a fraction of the cost of Elastic’s managed offerings. Hardware requirements are nearly identical to Elasticsearch, so you won’t need to upgrade your infrastructure to switch.

OpenSearch 2.12 also includes key quality-of-life updates: improved query performance for large log datasets, better integration with OpenTelemetry, and enhanced dashboarding capabilities in OpenSearch Dashboards (the fork of Kibana). For teams already using Kibana for log visualization, migration is straightforward—most Kibana 7.x dashboards work seamlessly with OpenSearch Dashboards with minimal tweaks.

Migrating from Elasticsearch to OpenSearch for Logs

Migration is simpler than you might think, especially if you’re using standard log shipping tools like Filebeat, Fluentd, or Fluent Bit. These tools support OpenSearch’s REST API out of the box, so you can point your shippers to your new OpenSearch cluster without modifying your log collection pipelines.

For existing Elasticsearch indices, you can use tools like elasticsearch-dump to export data from Elasticsearch 7.x clusters and import it into OpenSearch. If you’re running Elasticsearch 8.x, you’ll need to map any 8.x-specific API usage to OpenSearch’s 7.x-compatible endpoints, but for basic log indices (which rarely use 8.x-exclusive features), this is a low-effort process.

We recommend testing in a staging environment first: deploy a small OpenSearch 2.12 cluster, ship a subset of your logs to it, and validate that search, aggregation, and dashboard functionality matches your current Elasticsearch setup. Most teams find parity within a week of testing.

When Should You Still Use Elasticsearch 8.15?

This hot take only applies to pure log aggregation workloads. If you need Elasticsearch 8.15’s exclusive features—like vector search for retrieval-augmented generation (RAG) pipelines, Elastic’s proprietary ML models, or first-party support from Elastic’s team—then the higher cost may be justified. For most teams using these tools to centralize and search logs, those features go unused.

Conclusion

Elasticsearch 8.15 is a powerful tool, but it’s overpriced for the narrow use case of log aggregation. OpenSearch 2.12 delivers all the core functionality you need, with no licensing fees, a stable open-source roadmap, and seamless migration paths for most log pipelines. If you’re spending thousands on Elasticsearch licenses for log aggregation, it’s time to give OpenSearch a try.