A lightweight open-source agent runs on your server, connects locally to your cluster, and sends diagnostic data to our platform — which runs 50+ automated checks and tells you exactly what's wrong and how to fix it.
11
diagnostic categories
50+
automated checks
5 min
setup time
0
credentials sent to us
Health Score
82
Degraded
Critical Issues
2
Needs attention
Agents Online
3/3
All connected
JVM Heap % — last 24h
▲ 81% — elevated
Health Score — last 7d
82 / 100 — stable
Latest findings
2 unassigned shards on production-cluster
ShardsJVM heap usage at 81% on node-1
NodesNo ISM policy on 4 indices
ISMWho is this for
You deployed OpenSearch yourself and want health visibility without paying for a full APM platform or enterprise support contract.
You left Elastic Cloud or self-hosted ES behind. Your cluster is running — but your monitoring didn't come with it.
You know the _cat APIs exist. You don't have time to write and maintain dashboards around them. You just want to know when something is wrong.
How it works
Step 01
Download the single Go binary for your OS. No runtime, no Docker, no dependencies. Linux, macOS, and Windows supported.
Step 02
Point the agent at your OpenSearch endpoint. It connects locally over loopback or your internal network — no inbound port exposure, works behind VPNs.
Step 03
The agent sends collected metrics to our API. Within seconds you see a health score, prioritised findings, and step-by-step fixes.
Quick install — Linux
# Download the agent curl -Lo agent https://github.com/iyanou/opensearch-doctor-agent/releases/latest/download/agent-linux-amd64 chmod +x agent # Run the setup wizard ./agent --init
macOS and Windows also supported — see all install options
Features
Catch unassigned shards, heap pressure, missing snapshots, insecure configs, and more — before they cause an outage. Every check comes with a specific fix recommendation.
Know if a node is trending toward heap exhaustion before it hits. Track 24h, 7d, or 30d trends for JVM heap, CPU, disk, search latency, and health score.
Get paged the moment your cluster goes RED, heap spikes above 85%, or your agent goes offline — not when a user files a ticket.
Detect TLS misconfigurations, anonymous access, missing audit logging, and auth backend issues automatically. Know your exposure before an attacker does.
No vague warnings. Every finding includes the exact command, config change, or setting to fix it — with a direct link to the OpenSearch docs.
Deploy in your VPC, behind a firewall, or on an air-gapped network. The agent connects outbound only. Your cluster endpoint never needs to be exposed.
— used by OpenSearch operators running clusters on EC2, Kubernetes, and bare metal —
Why we built this
In 2025 we launched ElasticDoctor — a monitoring tool for Elasticsearch clusters. It failed within weeks.
Engineers refused to paste their cluster credentials into a web form. Rightfully so — we would have refused too. Our architecture also required clusters to be publicly internet-accessible. Another non-starter for anyone running internal infrastructure.
Then Elastic released AutoOps. Hard to compete with the vendor itself.
So we stopped and thought about what engineers actually need. The answer was clear: monitoring that comes from your environment, not reaches into it.
That's OpenSearch Doctor. A local agent that never touches your credentials, works behind firewalls, and sends only diagnostic metrics — built for the open-source fork that Elastic doesn't monitor for you.
Eraste Akande
Founder, OpenSearch Doctor
Pricing
Every account starts with a 14-day free trial — full Scale-level access. No credit card required. Pick your plan after.
Annual billing available — 2 months free. See full comparison →
The agent runs directly on your server alongside OpenSearch. It only needs outbound internet access to reach our platform — your cluster port never has to be exposed. Works with private networks, VPNs, and air-gapped environments. Credentials stay local; only diagnostic metrics are ever transmitted.