All about that integration: Elastic 7.16 embraces ServiceNow, adds FireLens support

Elastic has rounded off the year with the release of version 7.16 of its product portfolio, providing enterprise users with new bits and pieces to make Elasticsearch and Co easier to incorporate into more complex setups.

In fact, the update might be of most interest to Elastic users who either rely heavily on ServiceNow for their processes or do a lot of work on AWS. Thanks to an integration with AWS’s container log router FireLens, for instance, AWS users now have the chance to let their system ingest logs from Amazon Elastic Container Services and Fargate. The resulting data can then be used with Elastic’s observability and security tooling, which should hopefully help users become aware of hiccups or misconfigurations early — or at least keep systems in check.

Users working with both Elastic and ServiceNow can take the newly certified IT Service Management and Security Incident Response applications for a spin — both should be available in the ServiceNow app store now. Together with the new integration for ServiceNow IT Operations Management, the apps are meant to help streamline team workflows, automate alert forwarding, and escalate cases correctly.

The 7.16 release sees access to App Search and Workplace Search features landing in Elasticsearch’s user interface Kibana, which also comes fitted with a unified integrations UI for the management of distributed endpoint agents. Customers are supplied with new endpoints for checking if certain documents are available, and admins can choose between a wider range of authentication providers for handling admission to Enterprise Search deployments.

Elastic Security also gained a couple of new capabilities since the last update, including enhancements to the malicious behaviour preventions introduced in September. Version 7.16 also includes memory threat protection for macOS and Linux systems, and integrations for AWS Web Application Firewall, Cisco Duo, GitHub audit data, and 1Password events. 

Elastic Agent integrations for a variety of security data, infrastructure, datastore, and application sources received their final polish and have moved to general availability with the release. This should also be of interest to users of Elastic Observability, since it means additional options to monitor build and deployment pipelines. Other than that, the company’s observability bundle now includes curated data exploration views for real-time user monitoring, mobile app performance management, and synthetics.

Looking into the core product — Elastic’s search engine — there isn’t much to write home about. Elastic Enterprise Search at least looks to improve the user experience by pushing into beta stage its data-driven capability to present more-relevant search results first. 

However, there have been some small efforts to speed things up a little. For one, Elasticsearch was modified to need less memory heap on data nodes and no longer use null values as join keys in sequences for its event query language (EQL). The Elastic team also optimised sort queries and added a new vector tiles API which promises to improve scalability when searching geo_points and geo_shapes. Details can be found on the Elastic blog.