Different versions of Elasticsearch use different thread pools to process calls to the _index API. Elasticsearch 1.5 and 2.3 use the index thread pool. Elasticsearch 5.x, 6.0, and 6.2 use the bulk thread pool. OpenSearch and Elasticsearch 6.3 and later use the write thread pool. Currently, the OpenSearch Service console doesn't include a graph for the bulk thread pool.
Use GET _cluster/settings?include_defaults=true to check thread pool and queue sizes for your cluster.
Error logs are available only for OpenSearch and Elasticsearch versions 5.1 and later. Slow logs are available for all OpenSearch and Elasticsearch versions.
CloudWatch Logs supports 10 resource policies per Region. If you plan to enable slow logs for several OpenSearch Service domains, you should create and reuse a broader policy that includes multiple log groups to avoid reaching this limit.
If you plan to enable multiple logs, we recommend publishing each to its own log group. This separation makes the logs easier to scan.
Monitoring audit logs
To enable audit logs, your user role must be mapped to the security_manager role, which gives you access to the OpenSearch plugins/_security REST API. To learn more, see Modifying the master user.
If you encounter an error while following these steps, see Can't enable audit logs for troubleshooting information.