For data scoffers: Elastic slings workplace search into free tier, trials query language, flexible ingestion

For data scoffers: Elastic slings workplace search into free tier, trials query language, flexible ingestion

Elastic has updated its portfolio to version 7.9, which comes with an overhauled Kibana, data ingestion help, additional security features, and the preview of a new-ish query language, just so you can expand your repertoire.

Since data processing is at the core of Elastic’s business, one of the more major improvements in the company’s stack has to be the reworking of the way core component Elasticsearch, an search and analytics engine, ingests data. The fixed ingestion queue of the project has been exchanged for a flexible one, with a new subsystem accounting for the number of bytes associated with an operation and rejecting requests exceeding a set limit. Elasticsearch now also knows a wildcard data type to make the search for partial strings more efficient. 

According to Elastic, there were many requests for a correlation query language to help with threat hunting and security related detection tasks. In Elastic 7.9 these are answered with a preview for the Event Query Language which came as part of the acquisition of security company Endgame last year. For now, EQL is only available as an Elasticsearch API, though an UI for incorporation in Elastic Security and Kibana is said to be in the future as well.

With version 7.9, users who were interested in the Workplace Search introduced earlier this year but couldn’t bring themselves to pay for it yet, can now take it for a spin via the basic free distribution tier. The latter now also includes a preview of malware prevention, though this isn’t the only addition in the security component of the Elastic stack. 

Amongst other things it now collects endpoint data to help teams find threats early and respond to incidents more quickly, and offers previews for adding workflows for rule exceptions, interactive process tree visualisations, and investigation guides for detection rules.

The release of Elastic 7.9 also is a reason to celebrate for the team behind visualisation interface Kibana, which has been busy reworking the tool’s architecture for the last 1.5 years. 

With the process now finished, users should be able to load the different application screens much faster, while the Elastic team promises the new foundation will also lead to  more new features in every release. Plugin developers meanwhile might have drawn the short straw for this one, since they will have to work their way through a migration guide in order to have their creations work with Kibana 7.9.

New architecture aside, Kibana now also includes an option to explore the underlying data of any chart by clicking on the corresponding option in its action panel. Users who’ve already made their first steps with the anomaly explorer visuals of the last release, now get the chance to select cells in a visual and use the selection as a time or overall filter for a dashboard, and skip from an embedded explorer view into a dashboard one. 

Examples for other enhancements are variables in the Canvas component, new configurations when embedding dashboards into other contexts, and the option to compare data by using two y axes in a graph in Kibana Lens.
Links to blog posts detailing the changes and pointing out some other additions can be found on the Elastic website.