Elastic, the company behind Elasticsearch, has unveiled version 7.4 of its overarching Elastic Stack suite. The latest release aims to simplify cluster administration and operations, introduces new aggregation and machine learning capabilities, and brings updates for stack security among a slew of other enhancements.
Elastic Stack lumps together Elasticsearch with a number of related tools, notably Logstash for ingesting log data and Kibana for analytics and visualisation, which are developed and released together.
One major new feature for this release is snapshot lifecycle management, which allows an administrator to define policies that automatically govern when and how often snapshots for data backup and restore purposes are made in Elasticsearch.
According to Elastic, this capability when combined with the index lifecycle management feature introduced in v6.7, will dramatically simplify operating a production Elastic cluster. Furthermore, by implementing these as native features of the Elastic Stack, administrators also have less need to rely on external tools and cron jobs and can focus on defining the data protection policies that matter to their business.
On the security side, Elastic SIEM now integrates with Elastic Maps to provide a visual display of the geographic location for inbound IP addresses drawn from network data, providing valuable context for any threat investigation. The map responds to global date and query filters, allowing users to filter according to specific devices, protocols, or other attributes. Filtering on event types such as alerts and attacks turns it into an effective alert or cyber attack map, according to Elastic.
Elasticsearch itself has a number of improvements to its core search and analytics capabilities. These include native results pinning functionality, better handling of geospatial search and analysis, plus new aggregations. For geospatial search, users can now position and query in x, y coordinate systems of their own choosing, while the new aggregations comprise the ability to run Histogram and Date Histogram aggregations on range fields plus the cumulative cardinality aggregation, which allows users to calculate net new occurrences within a given time range.
Elastic started to introduce machine learning capabilities across the Elastic Stack in v7.3, and this continues in this release with the addition of regression analysis APIs as an experimental feature, plus a new Analytics tab in the Machine Learning app in Kibana to access outlier detection.
Kibana itself has also added a new security enhancement, in the shape of public key infrastructure (PKI) authentication, a feature that will be welcome by users in sectors such as finance, healthcare, government, and military, Elastic said.
Elastic APM adds new agents to support the plug-and-play experience for more common programming frameworks. These include Angular support in the RUM agent and .NET framework support in the .NET agent, while structured filters in the Elastic APM UI aim to help analysts search trace data faster and shorten resolution cycles.
Elastic Stack 7.4 is available immediately via the cloud-hosted Elasticsearch Service, while customers requiring the self-managed on-prem version can download it from the Elastic website.