I have "Graylog 5.2" (and also Opensearch Dashboards 2.11) installed and running and are now wondering, if I can use "Opensearch Dashboards" with the existing Graylog Index for use in the "Anomaly Detection Plugin" in Opensearch Dashboards. Has anybody experience with this constellation?
In "Index Management" within "Opensearch Dashboards", I do see multiple Indices ranging from graylog_9 to graylog_11 (rolling logs retention?). Don't know which one of those to use without breaking my Graylog instance.
I am aware, that there is a paid version of Graylog (Security Edition) that comes with Anomaly Detection enabled, but it is too expensive an option for my purposes, so I thought, using the Anomaly Detection plugin of "Opensearch Dashboards" could be the appropriate solution for me.
Any suggestions are highly appreciated.
After some digging into the indices, I found the solution myself. In Opensearch Dashboards it is possible to use wildcards. In my case graylog_*
Anomaly Detection in Opensearch Dashboards works like a charm now. I hope, this insight will help anyone in the future.