add compatible-mode for opensearch

[fabian-heib]

Description

Add compatible-mode for when opensearch is set with compatible-mode based on discussion #1507

Checklist

• I have reviewed the contributing guidelines.
• I have included unit tests for my changes or additions.
• I have successfully run make test-docker with my changes.
• I have manually tested all relevant modes of the change in this PR.
• I have updated the documentation.
• I have updated the changelog.

Questions or Comments

I can add documentation and changelog if this PR is something you want merged, about the unit test i'm not sure where it would put it, also the naming on the arg can be changed to something better.

[jertel]

Before moving forward I would like to better understand your situation. Can you please share the output of curl -u es_username:es_password -s -k -L -H "Content-Type: application/json" https://localhost:9200 (replacing es_username and es_password with the correct values)?

[fabian-heib]

Before moving forward I would like to better understand your situation. Can you please share the output of curl -u es_username:es_password -s -k -L -H "Content-Type: application/json" https://localhost:9200 (replacing es_username and es_password with the correct values)?

{
  "name": "opensearch-master-2",
  "cluster_name": "opensearch",
  "cluster_uuid": "xxxxx",
  "version": {
    "number": "7.10.2",
    "build_type": "tar",
    "build_hash": "99a9a81da366173b0c2b963b26ea92e15ef34547",
    "build_date": "2024-10-31T19:08:39.157471098Z",
    "build_snapshot": false,
    "lucene_version": "9.12.0",
    "minimum_wire_compatibility_version": "7.10.0",
    "minimum_index_compatibility_version": "7.0.0"
  },
  "tagline": "The OpenSearch Project: https://opensearch.org/"
}

This is a managed service that we got so turning the compatible mode off is a no go

[jertel]

Thanks for providing that. Ideally I'd prefer a solution that let the user force ElastAlert 2 to use a specific version, instead of reading it from the cluster. That would give us similar flexibility for the future, where-as this compatibility mode flag would be somewhat specific to this situation.

Please try inserting the following lines of code at the top of the util.py::get_version_from_cluster_info() method:

    override_version = os.environ.get('ES_VERSION', None)
    if override_version:
        elastalert_logger.info('Using ES_VERSION environment variable: %s' % override_version)
        return override_version

And then rerun with that environment variable set to an 8.x version? If that works for you I'd like to go with that approach instead.

[fabian-heib]

I have added also a testcase since this approach was easier to test

Edit: Verifiy it now and works, set the env ES_VERSION to 8.2.0

[jertel]

Sorry for the delay. This PR is looking good. The docs (probably the docs/recipes/faq.rst) and changelog still need updated, however.

[jertel]

I'd like to publish a new release soon so I wanted to see if you'll be able to push the remaining changes for this. I would expect it should only take a few minutes of your time. Thanks.

[fabian-heib]

Added the docs now, sorry for delay but I forgot about this