feat: added doc for migrate es to os

[chideat]

Summary by CodeRabbit

• Documentation
  • Added a comprehensive migration guide from Elasticsearch to OpenSearch covering two migration paths (ES 7.10 → OS 2.x → OS 3.x via snapshot & restore, and ES 8.x/9.x → OS 3.x via reindex from remote). Includes prerequisites, phased step‑by‑step procedures, Helm/OpenSearch Operator examples, repository/keystore/secret handling, verification checks, client compatibility notes, and operational considerations.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Adds a comprehensive migration guide detailing two migration paths from Elasticsearch to OpenSearch, prerequisites, phase-by-phase procedures (snapshot & restore, reindex-from-remote), Kubernetes/Helm examples, keystore/secret handling, verification steps, client compatibility notes, and CLI commands.

Changes

Cohort / File(s)	Summary
OpenSearch Migration Documentation docs/en/solutions/ecosystem/opensearch/How_to_Migrate_from_Elasticsearch_to_OpenSearch.md	New ~508-line migration guide covering ES 7.10 → OS 2.x (Snapshot & Restore, then upgrade to OS 3.x) and ES 8.x/9.x → OS 3.x (Reindex from Remote). Includes prerequisites (shared storage, repository-s3), plugin/version alignment, OpenSearchCluster CR and Helm examples, keystore/Secret handling, snapshot/recover and reindex commands, verification steps, client compatibility notes, and references.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• sinbadonline
• shibalu

Poem

🐰 I hopped through docs, nose in every line,

Snapshots and secrets tucked away just fine.
Helm charts hummed softly, indices found new light,
Reindex and restore — a migration done right. 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title refers to adding documentation for Elasticsearch to OpenSearch migration, which matches the primary change of introducing a comprehensive migration guide.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a7cd4c8 and 60c2f36.

📒 Files selected for processing (1)

• docs/en/solutions/ecosystem/opensearch/How_to_Migrate_from_Elasticsearch_to_OpenSearch.md

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2026-01-13T11:25:43.626Z

Learnt from: jing2uo
Repo: alauda/knowledge PR: 104
File: docs/en/solutions/How_to_Migrate_VirtualMachine_From_VMware.md:131-172
Timestamp: 2026-01-13T11:25:43.626Z
Learning: For Alauda Container Platform VMware migration documentation using Forklift Operator, the VMware provider configuration should use `insecureSkipVerify=true` in the secret because enterprise environments commonly use self-signed certificates for internal VMware infrastructure (vCenter/ESXi), making this option necessary rather than optional.

Applied to files:

• docs/en/solutions/ecosystem/opensearch/How_to_Migrate_from_Elasticsearch_to_OpenSearch.md

📚 Learning: 2025-09-23T02:29:55.305Z

Learnt from: davidwtf
Repo: alauda/knowledge PR: 60
File: docs/en/solutions/How_to_Use_Pipeline_to_Train_AI_Models.md:565-583
Timestamp: 2025-09-23T02:29:55.305Z
Learning: In enterprise environments using Alauda DevOps pipelines for AI model training, self-signed certificates are commonly used for internal Git repositories, requiring the `-c http.sslVerify=false` option to be supported rather than completely removed.

Applied to files:

• docs/en/solutions/ecosystem/opensearch/How_to_Migrate_from_Elasticsearch_to_OpenSearch.md

🪛 Gitleaks (8.30.0)

docs/en/solutions/ecosystem/opensearch/How_to_Migrate_from_Elasticsearch_to_OpenSearch.md

[high] 47-47: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 160-160: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 202-202: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 216-216: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 263-263: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 277-277: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 280-280: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 296-296: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 301-301: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 307-307: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 315-315: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 316-316: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 328-328: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 352-352: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 353-353: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 432-432: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 461-461: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 470-470: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 473-473: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

🔇 Additional comments (6)

docs/en/solutions/ecosystem/opensearch/How_to_Migrate_from_Elasticsearch_to_OpenSearch.md (6)

1-69: Excellent documentation structure and migration strategy overview.

The introduction, migration strategy table, and compatibility warnings are clear and well-organized. The prerequisites section appropriately highlights plugin version alignment requirements and includes practical considerations for air-gapped environments.

---

137-198: Well-documented credential management approaches.

The section properly demonstrates secure credential handling using keystore for Elasticsearch and Kubernetes Secrets for OpenSearch. The inclusion of both interactive and non-interactive modes, along with the S3 endpoint configuration notes, provides comprehensive guidance.

---

258-282: Solid restore and verification procedures.

The restore command correctly excludes system indices (.kibana*, .security*, .monitoring*) to prevent conflicts with OpenSearch's internal indices. The verification steps appropriately check both index structure and document counts.

---

333-355: Clear and appropriate upgrade procedure.

The upgrade steps are concise and correctly update both the OpenSearch version and the corresponding plugin version. The note about automatic rolling upgrade by the Operator and the post-upgrade verification steps provide good operational guidance.

---

423-475: Comprehensive reindex execution and monitoring procedures.

The reindex-from-remote procedure is well-documented with async execution, task monitoring, and proper verification steps. The inclusion of document count comparison between source and target clusters ensures data integrity validation.

---

476-508: Excellent client migration guidance and comprehensive reference table.

The client migration section provides clear compatibility warnings and a complete table of official OpenSearch clients across all major languages. The emphasis on using native OpenSearch clients over Elasticsearch clients is appropriate and well-justified. Reference links are properly formatted.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR adds comprehensive documentation for migrating from Elasticsearch to OpenSearch, covering multiple migration paths depending on source and target versions.

Changes:

• Added detailed migration guide documenting two primary scenarios: ES 7.10 → OS 2.x → OS 3.x using Snapshot & Restore, and ES 8.x/9.x → OS 3.x using Reindex from Remote
• Included step-by-step procedures with configuration examples for plugin installation, S3 credentials setup, snapshot creation, restoration, and cluster upgrades
• Provided client migration guidance with references to official OpenSearch clients for multiple programming languages

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In
`@docs/en/solutions/ecosystem/opensearch/How_to_Migrate_from_Elasticsearch_to_OpenSearch.md`:
- Around line 376-414: The YAML for the Elasticsearch resource has mis-indented
fields under the nodeSet named "default": the config and podTemplate blocks must
be nested under the same list item for nodeSets (the block starting with - name:
default) so that podTemplate and config are children of that nodeSet; fix the
indentation to move config: and podTemplate: beneath the "- name: default" entry
(or remove the empty config: if you don't need it) so the Elasticsearch kind's
nodeSets, config, and podTemplate structure is valid.
- Around line 504-510: Update the reference URLs in the References section so
they use the correct docs.opensearch.org domain: replace
`https://opensearch.org/docs/latest/upgrade-or-migrate/` with
`https://docs.opensearch.org/latest/upgrade-or-migrate/` and
`https://opensearch.org/docs/latest/api-reference/document-apis/reindex/` with
`https://docs.opensearch.org/latest/api-reference/document-apis/reindex/`; also
scan the remaining links in the same list (`Snapshot and Restore`, `Keystore
Management`, `OpenSearch Clients`) and change any
`https://opensearch.org/docs/...` occurrences to
`https://docs.opensearch.org/...` so all reference URLs use the proper domain.
- Around line 126-142: The YAML example redundantly lists the same repository-s3
plugin under spec.bootstrap.pluginsList and spec.general.pluginsList; remove the
spec.bootstrap.pluginsList entry so the plugin is only declared under
spec.general.pluginsList (keep the
https://artifacts.opensearch.org/.../repository-s3-2.19.3.zip line in
spec.general.pluginsList and delete the duplicate under
spec.bootstrap.pluginsList) to avoid duplicate installation and
bootstrap-related reliability issues.

🧹 Nitpick comments (4)

docs/en/solutions/ecosystem/opensearch/How_to_Migrate_from_Elasticsearch_to_OpenSearch.md (4)

11-11: Clarify operator version applicability.

The version statement indicates "OpenSearch Operator ~= 2.8.*", but the examples throughout the document use OpenSearch versions 2.19.3 and 3.3.1. Ensure this version constraint accurately reflects the tested/supported operator versions. If the guide supports a broader range of operator versions, consider updating this line.

---

228-234: Consider documenting asynchronous snapshot creation for large datasets.

The example uses wait_for_completion=true, which may cause timeout issues for large clusters. Consider adding a note that users can set wait_for_completion=false and monitor progress separately using the Snapshot Status API for production environments with large datasets.

---

273-280: Use placeholder credentials in documentation examples.

The example uses hardcoded admin:admin credentials. While these are example credentials for documentation purposes, consider using placeholders like <username>:<password> to avoid confusion and prevent accidental copy-paste of insecure credentials in production environments.

📝 Suggested improvement

-curl -k -X POST "https://localhost:9200/_snapshot/migration_repo/snapshot_1/_restore" \
-  -u "admin:admin" \
+curl -k -X POST "https://localhost:9200/_snapshot/migration_repo/snapshot_1/_restore" \
+  -u "<username>:<password>" \
   -H 'Content-Type: application/json' -d'

---

305-313: Consider using jq for more robust JSON parsing.

The sed-based approach to extract mappings (line 306-307) is fragile and may break with formatting changes or unexpected JSON structure. Consider using jq for more reliable JSON manipulation.

🔧 More robust alternative using jq

-# 1. Get the original index mapping and extract the mappings object using sed
-curl -s -X GET "https://localhost:9200/migration_test/_mapping" -u "admin:admin" -k | \
-  sed 's/^{"migration_test"://' | sed 's/}$//' > mapping.json
+# 1. Get the original index mapping and extract the mappings object using jq
+curl -s -X GET "https://localhost:9200/migration_test/_mapping" -u "<username>:<password>" -k | \
+  jq '.migration_test' > mapping.json

This also addresses the hardcoded credentials issue.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8943816 and c91620b.

📒 Files selected for processing (1)

• docs/en/solutions/ecosystem/opensearch/How_to_Migrate_from_Elasticsearch_to_OpenSearch.md

🧰 Additional context used

🪛 Gitleaks (8.30.0)

docs/en/solutions/ecosystem/opensearch/How_to_Migrate_from_Elasticsearch_to_OpenSearch.md

[high] 273-274: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 288-288: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 291-291: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 306-306: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 310-311: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 316-317: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 325-325: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 326-327: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 339-339: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 363-363: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 364-364: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

🔇 Additional comments (3)

docs/en/solutions/ecosystem/opensearch/How_to_Migrate_from_Elasticsearch_to_OpenSearch.md (3)

150-211: LGTM! Clear security-focused credential management.

The section correctly emphasizes using keystore/secrets instead of including credentials in API request bodies. The examples for both Elasticsearch and OpenSearch are clear and follow security best practices.

---

344-356: LGTM! Clear upgrade procedure.

The upgrade procedure correctly updates both the OpenSearch version and the matching repository-s3 plugin version. The operator will handle the rolling upgrade automatically.

---

1-510: Well-structured comprehensive migration guide.

This document provides thorough coverage of ES to OpenSearch migration scenarios with clear, actionable steps. The two-phase approach for ES 7.10 migration is well-explained, and the inclusion of client migration guidance adds significant value.

Strengths:

• Clear compatibility warnings preventing common pitfalls
• Comprehensive examples for different deployment methods (Helm, Operator, ECK)
• Appropriate security practices (keystore/secrets over hardcoded credentials)
• Well-organized with logical flow and helpful diagrams

Areas addressed in review comments:

• Technical accuracy improvements (YAML syntax, JSON parsing)
• Documentation best practices (credential placeholders)
• Verification requests for external dependencies

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In
`@docs/en/solutions/ecosystem/opensearch/How_to_Migrate_from_Elasticsearch_to_OpenSearch.md`:
- Around line 70-107: Update the OpenSearch YAML examples to use a boolean for
the S3 path style setting: locate occurrences of the key
s3.client.default.path_style_access in the OpenSearch sections (the examples
that currently set it to the string "true") and change the value to the boolean
true so it matches the Elasticsearch example and the official
OpenSearch/Elasticsearch docs.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c91620b and c4f81da.

📒 Files selected for processing (1)

• docs/en/solutions/ecosystem/opensearch/How_to_Migrate_from_Elasticsearch_to_OpenSearch.md

🧰 Additional context used

🪛 Gitleaks (8.30.0)

docs/en/solutions/ecosystem/opensearch/How_to_Migrate_from_Elasticsearch_to_OpenSearch.md

[high] 47-47: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 160-160: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 202-202: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 216-216: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 263-263: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 277-277: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 280-280: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 296-296: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 301-301: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 307-307: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 315-315: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 316-316: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 328-328: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 352-352: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 353-353: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 432-432: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 461-461: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 470-470: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 473-473: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In
`@docs/en/solutions/ecosystem/opensearch/How_to_Migrate_from_Elasticsearch_to_OpenSearch.md`:
- Around line 407-419: Update the documentation block under the
OpenSearchCluster CR example to add a prominent security warning about
reindex.ssl.verification_mode: "none" and replace the casual note with a danger
callout that states it must not be used in production; then provide secure
alternatives (use proper CA certificates, set verification_mode to
"certificate", or only use "none" for isolated testing) and brief procedural
guidance to export the ES cluster CA, create a Kubernetes Secret with that CA,
mount it into OpenSearch, and configure the truststore path so users can
validate certificates instead of disabling verification.
- Around line 294-303: Replace the fragile sed pipeline (the two sed commands
that strip the outer {"migration_test": ...} and trailing brace) with a jq-based
extraction that parses JSON and writes a correct mappings object to
mapping.json; specifically, use jq to extract the migration_test mappings (e.g.,
.migration_test.mappings) and output that to mapping.json so the subsequent curl
-d `@mapping.json` call receives valid JSON instead of a potentially corrupted
result from sed.
- Around line 248-254: The snapshotRepositories YAML block sets the repository
option readonly as a string ("true"); change the readonly setting to a boolean
true (no quotes) in the snapshotRepositories entry (the migration_repo settings
block) so it conforms to OpenSearch's expected boolean type for the readonly
field.

♻️ Duplicate comments (1)

docs/en/solutions/ecosystem/opensearch/How_to_Migrate_from_Elasticsearch_to_OpenSearch.md (1)

179-184: Correct the data type in the configuration guidance.

The note suggests using s3.client.default.path_style_access: "true" (string), but this setting requires a boolean value per OpenSearch documentation. This is inconsistent with line 86, which correctly uses the boolean true.

📝 Corrected guidance

-    - For path-style access: Add `s3.client.default.path_style_access: "true"` (required for MinIO)
+    - For path-style access: Add `s3.client.default.path_style_access: true` (required for MinIO)

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c4f81da and a7cd4c8.

📒 Files selected for processing (1)

• docs/en/solutions/ecosystem/opensearch/How_to_Migrate_from_Elasticsearch_to_OpenSearch.md

🧰 Additional context used

🪛 Gitleaks (8.30.0)

docs/en/solutions/ecosystem/opensearch/How_to_Migrate_from_Elasticsearch_to_OpenSearch.md

[high] 47-47: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 160-160: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 202-202: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 216-216: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 263-263: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 277-277: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 280-280: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 296-296: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 301-301: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 307-307: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 315-315: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 316-316: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 328-328: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 352-352: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 353-353: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 432-432: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 461-461: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 470-470: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

---

[high] 473-473: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.

(curl-auth-user)

🔇 Additional comments (4)

docs/en/solutions/ecosystem/opensearch/How_to_Migrate_from_Elasticsearch_to_OpenSearch.md (4)

16-30: Excellent migration strategy overview.

The table clearly presents the supported migration paths and the critical compatibility notes appropriately warn users about ES 7.10 → OS 3.x limitations and Lucene version incompatibilities.

---

70-107: LGTM!

The Elasticsearch Helm configuration correctly demonstrates plugin installation using an init container approach. The S3 configuration properly uses a boolean value for path_style_access (line 86).

---

487-500: Comprehensive client reference table.

The table provides a complete list of official OpenSearch clients across multiple languages with direct links to their documentation. All URLs correctly use the docs.opensearch.org domain.

---

1-15: Well-structured migration documentation.

The document provides clear organization with version-specific migration paths, comprehensive prerequisites, and step-by-step procedures. The version compatibility matrix and warnings about unsupported paths help prevent common migration mistakes.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}