# Monitoring domains {% hint style="info" %} This page was generated from content adapted from the [AWS Developer Guide](https://github.com/awsdocs/amazon-opensearch-service-developer-guide.git) {% endhint %} ## Monitoring cluster metrics * **Important**\ Different versions of Elasticsearch use different thread pools to process calls to the `_index` API. Elasticsearch 1.5 and 2.3 use the index thread pool. Elasticsearch 5.*x*, 6.0, and 6.2 use the bulk thread pool. OpenSearch and Elasticsearch 6.3 and later use the write thread pool. Currently, the OpenSearch Service console doesn't include a graph for the bulk thread pool.\ Use `GET _cluster/settings?include_defaults=true` to check thread pool and queue sizes for your cluster. ## Monitoring logs * **Note**\ Error logs are available only for OpenSearch and Elasticsearch versions 5.1 and later. Slow logs are available for all OpenSearch and Elasticsearch versions. * **Important**\ CloudWatch Logs supports [10 resource policies per Region](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutResourcePolicy.html). If you plan to enable logs for several OpenSearch Service domains, you should create and reuse a broader policy that includes multiple log groups to avoid reaching this limit. For steps on updating your policy, see [Enabling log publishing (AWS CLI)](#createdomain-configure-slow-logs-cli). * **Important**\ CloudWatch Logs supports [10 resource policies per Region](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutResourcePolicy.html). If you plan to enable slow logs for several OpenSearch Service domains, you should create and reuse a broader policy that includes multiple log groups to avoid reaching this limit. * **Note**\ If you plan to enable multiple logs, we recommend publishing each to its own log group. This separation makes the logs easier to scan. ## Monitoring audit logs * **Note**\ To enable audit logs, your user role must be mapped to the `security_manager` role, which gives you access to the OpenSearch `plugins/_security` REST API. To learn more, see [Modifying the master user](https://github.com/kevinslin/aws-reference-notes/blob/main/services/amazon_open_search_service/fgac.md#fgac-forget). * **Important**\ If you encounter an error while following these steps, see [Can't enable audit logs](https://github.com/kevinslin/aws-reference-notes/blob/main/services/amazon_open_search_service/handling-errors.md#troubleshooting-audit-logs-error) for troubleshooting information. ## Monitoring with CloudTrail * **Note**\ CloudTrail only captures calls to the [Configuration API](https://docs.aws.amazon.com/opensearch-service/latest/APIReference/Welcome.html), such as `CreateDomain` and `GetUpgradeStatus`. CloudTrail doesn't capture calls to the [OpenSearch APIs](https://github.com/kevinslin/aws-reference-notes/blob/main/services/amazon_open_search_service/supported-operations.md), such as `_search` and `_bulk`. For these calls, see [Monitoring audit logs in Amazon OpenSearch Service](https://github.com/kevinslin/aws-reference-notes/blob/main/services/amazon_open_search_service/audit-logs.md). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://awsnotes.dendron.so/analytics/amazon-opensearch-service/common/monitoring-domains.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.