Elastic 7.15 plays to the SRE crowd with improved isolation and insight capabilities

Elastic 7.15

Elastic, proprietor of an assortment of search and data analytics tools, has updated its product stack with polished versions of its application performance management correlation feature and web crawler, bumping the version number to 7.15

As in the last couple of releases, most of the interesting changes can be found in newer components Elastic Observability and Security. The latter for example has been equipped with “malicious behaviour protection” — a combination of post-execution analytics and response actions to prevent things like credential theft through memory dump, process injection via shell code, and advanced persistence techniques. 

To help users find out why an alert has been triggered, the latest iteration of the security alert table comes with a Reason field and there are flyouts with alert summaries available. Should the trigger have anything to do with suspicious behaviour in a Linux environment, users can quarantine the machine in question via the user interface, since host isolation features have been extended to cover Linux as well as Windows and macOS machines. 

Another form of insight provides the now generally available Elastic APM correlations feature. By visualising data that is potentially connected to high-latency transactions or failures, the new addition can help SREs to find the reason behind slow operations. The APM user interface was also reworked with two new troubleshooting views and capabilities to show external dependencies and their behaviour over time.

Teams working in air-gapped environments might be interested to learn that the Elastic Package Registry is now available as a Docker image, which can be run on any infrastructure. However, this self-managed option is still a work in progress and maybe shouldn’t be used in production settings, yet.

For version 7.15 of Elastic’s software-as-a-service product Elastic Cloud, the company mostly focussed on ways to make deployments work better with the Google Cloud. Users should now be able to use Google Cloud’s own extract, transform, and load services for ingesting data from Cloud Storage, Big Query, and Pub/Sub via new data source integration Google Cloud Dataflow. While this is meant to increase the speed of operations, recently added Google Private Service Connect looks to keep data off the internet by offering private connectivity from Google Cloud virtual private cloud to Elastic Cloud deployments. 

Elastic cornerstone project Elasticsearch didn’t see too many additions, but there are new APIs for estimating the disk usage of index fields and generating vector titles from geospatial data. Enterprise Search, a commercial offer which uses Elasticsearch as its foundation, has meanwhile been fitted with the final version of the Elastic App Search web crawler. After being introduced earlier this year, the tool is out of beta and can be used to index and extract web content into App Search engines. 

Other than that, Enterprise Search now includes easy brand integration for the search interface, and configurable automatic filter detection in the Workplace Search component.