Elastic has released version 7.13 of its Elastic Stack, bringing new capabilities to its Elastic Enterprise Search, Observability, and Security solutions, plus closer integration with Microsoft Azure.
Elastic 7.13 delivers updated versions of Elasticsearch, Kibana, Logstash, Elastic Observability and Elastic Security, while the entire stack is also available as a service on Elastic Cloud. This new release enables customers to search petabytes of data in minutes through searchable snapshots and a new frozen tier, while analysts can enhance data on the fly using runtime fields, Elastic’s implementation of schema on read in Kibana Lens and Discover.
Elasticsearch 7.13 is based on Apache Lucene 8.8.2, and one of the major new capabilities is the frozen tier. This makes it possibly to directly search object stores like Amazon S3, Microsoft Azure Storage, and Google Cloud Storage. Elastic claims it is able to do this efficiently by using an on-disk least frequently used (LFU) cache plus Lucene improvements like executing searches based on a precomputed set of index structures. This allows petabytes of data to be searched in minutes.
Azure thing
One feature still in public preview is the ability to deploy and manage Elasticsearch directly from within Microsoft’s Azure portal. This will allow developers to take advantage of simplified ingestion for Azure platform logs, virtual machine logs, and other resource logs. It also enables consolidated billing and single sign-on to the Elastic Cloud console using Azure credentials.
Runtime fields in Discover and Kibana Lens give users the option to create a schema on the fly at query time – known as schema on read – providing users such as data analysts the ability to format or transform data without having to call upon Elasticsearch admins. This offers the flexibility to adapt the data to new use cases that might not have been foreseen when the original schema was created.
Elastic’s efforts at creating an end-to-end supervised machine learning pipeline have come to fruition in 7.13, with its data frame analytics and inference features becoming generally available. According to Elastic, this provides users with the ability to train outlier detection, regression and classification models and then use those models to infer against streaming data.
Another new feature is Fleet, an app in Kibana that allows you to centrally manage an entire fleet of Elastic Agents. The agents are themselves deployed to host nodes to add monitoring for logs, metrics, and other types of data. This includes auto-discovery support for Kubernetes, support for APM server, allowing users to centrally manage APM server from Fleet and support for Heartbeat, Elastic’s uptime monitoring engine.
Elastic Security 7.13 introduces central management of the osquery instrumentation agent, via Elastic Agent. According to Elastic, this provides analysts with direct access to rich host data from across the ecosystem, retrievable with prebuilt and custom SQL queries for analysis in Elastic Security.
Elastic 7.13 is available now on Elastic Cloud as a hosted offering, while users may also download the Elastic Stack and cloud orchestration products, Elastic Cloud Enterprise and Elastic Cloud for Kubernetes for a self-managed experience.