TVL Managed Superset
Get started

Connect Elasticsearch to Apache Superset 2026

Tutorial to connect Elasticsearch / OpenSearch to Apache Superset: driver, index pattern, performance.

· Tuvalu Tech OÜ

Elasticsearch (and its OpenSearch fork) is massively used for logs and search. Connecting Apache Superset to an ES cluster lets you build log analytics and search analytics dashboards. This guide details the procedure for 2026.

1. Why Superset + Elasticsearch?

  • Visualize centralized logs;
  • Search analytics (top queries, no-results rate);
  • Lightweight alternative to Kibana for BI on ES;
  • Combine ES with other sources in the same dashboard.

If you want a ready instance, TVL Managed Superset includes ES drivers by default.

2. Prerequisites

  • An accessible Superset instance;
  • An Elasticsearch 7.10+ or OpenSearch 1.x+ cluster;
  • An ES user with read-only role;
  • The elasticsearch-dbapi driver installed.

3. Install the driver

uv pip install elasticsearch-dbapi

4. Build the URI

# Standard Elasticsearch
elasticsearch+http://<user>:<password>@<host>:9200/

# With HTTPS
elasticsearch+https://<user>:<password>@<host>:9200/?verify_certs=true

# OpenSearch
opensearch+https://<user>:<password>@<host>:9200/

5. Add to Superset

  1. UI → Settings → Database Connections → + Database;
  2. Type: Elasticsearch or OpenSearch;
  3. Paste the URI;
  4. Test → Save.

6. Datasets on ES indices

Create a dataset pointing to an ES index:

  1. Datasets → + Dataset;
  2. Database = the ES connection;
  3. Schema = default (or other depending on config);
  4. Table = index name (logs-2026.05.*);
  5. Save.

For time-based indices, use wildcards (logs-*).

This configuration is applied by default on TVL Managed Superset, which follows community best practices.

7. SQL on Elasticsearch

ES supports a subset of SQL via Elastic SQL or OpenSearch SQL:

SELECT
  date_histogram(timestamp, 'hour') AS hour,
  level,
  COUNT(*) AS count
FROM "logs-*"
WHERE timestamp >= NOW() - INTERVAL '24 hours'
  AND service.keyword = 'api'
GROUP BY 1, 2
ORDER BY 1 ASC;

Limits: no JOIN, some restricted aggregations.

8. Typical use cases

  • Log analytics: top errors, p95 latency, hosts;
  • Search analytics: top user queries, 0-result rate;
  • Security monitoring: suspicious IPs, brute force;
  • APM: traces and application performance.

9. Common pitfalls

  • Driver compatibility: ES 8.x requires recent driver;
  • Field types: text vs keyword, keyword required for group by;
  • Time-based indices: use wildcards but mandatory filter on timestamp;
  • ES SQL limits: no JOIN, few window functions;
  • Performance: non-aggregated queries scan the whole index, slow.

10. Conclusion

Apache Superset + Elasticsearch is a useful combination for log analytics and search analytics, particularly when you want to avoid Kibana. For purely BI use cases, ClickHouse remains more performant. For continuous streaming logs, ES is unbeatable.

Want the benefits of Apache Superset without the friction of installation and maintenance? Deploy your instance in 3 clicks with TVL Managed Superset, hosted in Europe (OVHcloud, Roubaix, France).

For more: connect ClickHouse, connect MongoDB, real-time IoT.