After (not?) getting forked by AWS and partnering with Google for managed services, Elastic Labs has bounced up again with a new major release of its Elastic Stack.
Version 7.0 of the tool suite, containing products such as search and analytics engine Elasticsearch, data processing pipeline Logstash, and data visualisation helper Kibana should amongst other things be faster, nicer to look at, and be better at cluster coordination.
Going through the individual components, Elasticsearch 7.0 marks another step by the engine to free itself from the type concept initially introduced to provide multi-tenancy within a single index. The extraction process has been going on since v5.0, with the current release being the first to deprecate APIs that accept types – their final removal is planned for the next major release.
In their stead, typeless counterparts have been provided. Since some of the changes can lead to breakage in existing code, Elastic proposes to upgrade to v6.7 before making the jump on the new release if you haven’t already. The version is the only 6.x release to include some features that help with the transition to v7.0. Other helpful tips the team has come up with include stopping using _default_ mappings as well as passing include_type_name=true on to index creation, template and mappings APIs.
New features include the option to use a nanosecond timestamp, a script_score query for generating a ranking score per second, and fine-grained control over order and proximity of matching terms with an intervals query. Speaking of ranks, rank_feature and rank_features have been added to the field types, along with a few other performance-boosting improvements. To make the cluster coordination layer safer and faster, it has been reworked and is now called Zen2 to mark its newness.
Kibana on the other hand gets a mostly visual update, giving a “lighter, more minimal feel throughout” – or, if you’re not into that, a dark mode available across the whole tool. To make navigation easier, there now is a fixed header to switch between spaces, display breadcrumbs and the like.
In v7.0, Beats and its modules will generate ECS format events by default, which in the future should make correlating data across sources easier. Other than that Beats has started rotating indices by using ILM policies by default and provides things like an AWS EC2 module to collect metrics from EC2 instances.
Along with the updated stack comes the release of a new Elastic Cloud Enterprise version. ECE 2.2 comes with a user interface for the cross-cluster search API introduced in the last release, facilitating the configuration of corresponding deployments, as well as API and UI access to the Elasticsearch Keystore to “create and store secure settings”. To make installing and managing the whole thing easier, Elastic has come up with a couple of ECE Ansible playbooks, which are available now.
ECE 2.2 also is supposed to be a bit faster and has been fitted with a beta version of role-based access control, which lets admins group users into four roles, which is quite nice given that in earlier versions you only had the chance to choose between admin super user and read-only user to govern access.
The new roles are called platform admin, platform viewer, deployments manager, and deployments viewer, with platform admins having the same permissions as admin users in older releases, and platform viewers being a copy of the old read-only role. Deployments managers however are allowed to create and manage deployments without having access to platform-level operations and resources, while deployments viewers can merely take a look at the deployments.