Elastic has released version 7.3 of its portfolio stack, pushing some features into general availability while improving or extending others.

One of the more important changes in the recent Elasticsearch release are the improved data frames. Having already been available in the previous version, in 7.3 they’re now able to incorporate data as it is ingested or run as a single bath transform. Data frames are mainly meant to give users the option to combine related events of an index in a new index, to facilitate processes like querying.

Another feature that was extended in the release is the intervals query from v7.0. It lets users find records with specified words or combinations thereof within a certain distance from each other. New rules allow searches for terms starting with specific letters or relating to terms defined with wildcards such as *.

The team behind the search search and analytics engine also added an aggregation to find rare terms which can for example be used in the SIEM app to find events that could hint at security breaches. Two functions to calculate the similarity between query and document vectors have been integrated for those using Elasticsearch as a data source for machine learning scenarios.

Elastic SIEM was only presented to the world in version 7.2, but the devs behind it have been busy improving the security project by integrating machine learning capabilities to help with tasks like anomaly detection. Other additions include a Filebeat module to ingest Virtual Private Cloud flow logs from the Google Cloud and adding a way to inspect the queries used to generate the charts displayed in the app.

While the SIEM is still in its beta phase, the Elastic Infrastructure Metrics Explorer has made it through the testing stage and is now ready for production. Elastic Infrastructure also made good on its commitment to better support Kubernetes environments by adding a controllermanager to capture kube-controller-manager metrics, proxy for better insight into kube-proxy, and kube-scheduler for kube-scheduler metrics. Aside from that, AWS and Oracle database monitoring received some improvements.
Speaking of general availability, Elastic Maps, a service to visualise geospatial data, has also reached GA status. The latest version comes with options to change the visualisation in terms of colour and symbolise point features with customisable icons. Users can also plot the most recent entities now, profit from enhanced tooltips, and pagination controls. The upload of the data needed is meant to be easier in v7.3, since the team has made the beta of a GeoJSON upload feature available.

Speaking of general availability, Elastic Maps, a service to visualise geospatial data, has also reached GA status. The latest version comes with options to change the visualisation in terms of colour and symbolise point features with customisable icons. Users can also plot the most recent entities now, profit from enhanced tooltips, and pagination controls. The upload of the data needed is meant to be easier in v7.3, since the team has made the beta of a GeoJSON upload feature available.