There is something special about the energy at KubeCon + CloudNativeCon North America, with thousands of cloud-native enthusiasts, cutting-edge technology, and the unmistakable buzz of innovation. Yet sometimes, the most memorable moments do not happen on the main stage. Sometimes they happen at a booth, where real problems meet real solutions in real time.
The challenge
When Eric Schabell from Chronosphere approached the OpenSearch booth to share the OpenSearch Easy Install project at KubeCon, he raised a problem many in the observability space know well. He faced a stubborn integration issue between Fluent Bit and his OpenSearch backend that was blocking him from showcasing its cloud-native observability capabilities. Nothing was working. At least not yet.
The power of community
What happened next demonstrated the spirit of open source. The OpenSearch team collaborated with Eric to troubleshoot the issue in real time. With Eric’s laptop connected to the main screen, they began a live debugging session with no support ticket or wait.
The investigation
Figure 1: OpenSearch engineers debugging the issue at the OpenSearch booth. (Left to right) Sumukh Hanumantha Swamy, Jiaxiang (Peter) Zhu, Adam Tackett, Ritvi Bhatt
Eric followed the OpenSearch community quickstart documentation for both the backend and OpenSearch Dashboards components, which worked to get both components working together. The problems started when attempting to access the OpenSearch backend to integrate telemetry data.
However, Fluent Bit could not ingest log data into the OpenSearch cluster, and the OpenSearch dashboard was not registering any new index for the log telemetry being sent.
Figure 2: Empty index listing—something is wrong!
The breakthrough
As the detective work intensified, together the team discovered the real problem lurking in an unexpected place. Fluent Bit was emitting the _type field, causing downstream issues with the OpenSearch ingestion pipeline. The following configuration was being used in a fluent-bit.yaml file:
service:
flush: 1
log_level: info
http_server: on
http_listen: 0.0.0.0
http_port: 2020
hot_reload: on
pipeline:
inputs:
# This entry generates a successful message.
- name: dummy
tag: event.success
dummy: '{"message":"true 200 success"}'
# This entry generates a failure message.
- name: dummy
tag: event.error
dummy: '{"message":"false 500 error"}'
outputs:
- name: stdout
match: '*'
format: json_stream
json_date_format: java_sql_timestamp
- name: opensearch
match: '*'
host: localhost # use for source
#host: host.containers.internal # use for containers
port: 9200
http_user: 'admin'
http_passwd: 'Opensearch@demo1'
index: fb-index
type: fbType
net.keepalive: offThe following errors were being reported in the Fluent Bit log when this was run:
$ fluent-bit –config fluent-bit.yaml
…
{"date":"2025-11-24 13:13:56.770647","message":"true 200 success"}
{"date":"2025-11-24 13:13:56.771520","message":"false 500 error"}
[2025/11/24 14:13:57.790061000] [error] [output:opensearch:opensearch.1] HTTP status=400 URI=/_bulk, response:
{"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"Action/metadata line [1] contains an unknown parameter [_type]"}],"type":"illegal_argument_exception","reason":"Action/metadata line [1] contains an unknown parameter [_type]"},"status":400}
…
[2025/11/24 14:13:57.790149000] [ warn] [engine] failed to flush chunk '34633-1763990036.771042000.flb', retry in 11 seconds: task_id=0, input=dummy.0 > output=opensearch.1 (out_id=1)
[2025/11/24 14:13:57.790197000] [ warn] [engine] failed to flush chunk '34633-1763990036.771542000.flb', retry in 10 seconds: task_id=1, input=dummy.1 > output=opensearch.1 (out_id=1)
…After digging through documentation and drawing on their collective experience, the engineers found the solution. Adding suppress_type_name true to the Fluent Bit configuration file in the OpenSearch output plugin section would resolve the issue:
outputs:
- name: stdout
match: '*'
format: json_stream
json_date_format: java_sql_timestamp
- name: opensearch
match: '*'
host: localhost # use for source
#host: host.containers.internal # use for containers
port: 9200
http_user: 'admin'
http_passwd: 'Opensearch@demo1'
index: fb-index
type: fbType
net.keepalive: off
suppress_type_name: trueIt was one of those elegant fixes that, once discovered, seems obvious. But finding it required exactly the kind of collaborative expertise present at that booth. The script came to life, and data started flowing from Fluent Bit into OpenSearch.
Now the Fluent Bit log shows just the stdout output plugin telemetry data in the console:
$ fluent-bit –config fluent-bit.yaml
…
{"date":"2025-11-24 13:22:11.125846","message":"true 200 success"}
{"date":"2025-11-24 13:22:11.126130","message":"false 500 error"}
{"date":"2025-11-24 13:22:12.140066","message":"true 200 success"}
{"date":"2025-11-24 13:22:12.140096","message":"false 500 error"}
{"date":"2025-11-24 13:22:13.137258","message":"true 200 success"}
{"date":"2025-11-24 13:22:13.137303","message":"false 500 error"}
…Now that the log telemetry data was seamlessly integrating into the OpenSearch backend, we just needed to verify that in the OpenSearch Dashboards UI!
Beyond the fix
The OpenSearch team did not stop there. With the integration working, they walked Eric through the OpenSearch interface and helped create visualizations of the output logs.
Figure 3: Note that the “fb-index” has been created to store incoming log telemetry data as defined in the Fluent Bit configuration.
To view this telemetry data, we needed to first create a new index pattern with fb-index:
Figure 4: Search for the fb-index.
Then we selected the primary time field:
Figure 5: Select the @timestamp field.
Finally, we opened OpenSearch Dashboards => Discover to view the Fluent Bit log telemetry data:
Figure 6: The Fluent Bit log telemetry data in Discover.
What started as a debugging session became an impromptu tutorial. The team showcased new observability features in OpenSearch Dashboards, including enhanced log pattern detection, improved trace analytics, and streamlined metric visualization capabilities. They also demonstrated how to build custom dashboards, set up alerts based on log patterns, and leverage the platform’s full observability stack. These insights would enhance Eric’s future demonstrations.
The takeaway
This is what open source is about. People coming together to solve real problems in real time, experts willing to help someone outside of their team, and the understanding that collaboration benefits everyone. Ultimately, Eric’s demo was unblocked. Chronosphere gained deeper insights into integrating Fluent Bit and OpenSearch, the OpenSearch engineers applied their problem-solving skills in a practical setting, and everyone at the booth witnessed effective collaboration focused on finding a working solution.
As Eric mentioned in his post, he plans to share what he learned through new workshops, demos, and blog content. This type of collaboration strengthens the community and helps others facing similar challenges.
The bigger picture
This experience reminded our team of why we love working in open source. Working in a booth setup without access to all our typical tools added an extra layer of difficulty, yet we were able to resolve the issue in a relatively short amount of time through collaboration. For the OpenSearch team, moments like these make conference attendance about more than answering questions. We put our heads together, leverage our collective knowledge, and watch solutions unfold in real time.
To Eric and everyone else who approaches conference booths with real challenges and genuine curiosity: Thank you. You push us to think differently and dig deeper. These moments remind us that behind every integration issue is someone trying to build something meaningful.
Join the community
If you’re working with Fluent Bit and OpenSearch or facing your own integration challenges, the OpenSearch community is here to help. Whether you’re on a conference show floor, attending a user group, posting on our community forum, or reading our documentation, we are committed to ensuring that you can build the observability solutions you need.
###
Additional pictures
References for writing article
Post from Eric Schabell on linked in: https://www.linkedin.com/posts/ericschabell_kubecon-fluentbit-cloudnative-ugcPost-7394724705922101248-dqHz/?utm_source=share&utm_medium=member_ios&rcm=ACoAACtb4vwBBPYI1Sx6HI9EhJjpJ0wAKn04nvE
Post from Eric of the demo: https://www.linkedin.com/posts/ericschabell_kubecon-fluentbit-cloudnative-ugcPost-7394803020573679616–Xcl/?utm_source=share&utm_medium=member_ios&rcm=ACoAAADm0bMB0ijS_Heqgc5IbqgtJz4mamz5kK4
Cx script: https://gitlab.com/o11y-workshops/opensearch-install-demo/-/blob/main/init.sh
Solution: https://forum.opensearch.org/t/after-upgrade-opensearch-2-6-0-fluentbit-gives-error-action-metadata-line-1-contains-an-unknown-parameter-type-status-400/13750 : suppress_type_name true
