Elastic releases
Listing releases of the Elastic stack with new features and references
Try the official Elasticsearch Service from the creators on Elastic Cloud (14-day free trial!).
Note: if you are using Kubernetes, OpenShift, AKS, EKS or GKE, you can have a look at Elastic Cloud for Kubernetes (ECK) through the guide, the release note and the blog post (part 1 and part 2)
Note2: you can also try the official Elastic Terraform provider (see blog post as well)!
EOL note: Starting 1st Oct 2022, a new policy applies.
- For v8.x, maintenance ends at the latest between 10th Aug 2024 and the v9.0 release date + 6 months. Support ends 6 months after maintenance.
- For v7.x and before please refer to the tables below.
Products below are: A (Elastic Agent), B (Beats), APM (APM agents), L (Logstash), ES (Elasticsearch), ML (Machine Learning) and K (Kibana).
8.7
Version-level references: Blog post
Product |
Feature |
Description |
References |
A |
Agent metrics |
Display agent metrics (CPU,RAM) in the agent list table & details page |
|
ES |
Health Reporting |
The new health report API is now GA and helps you understand your cluster state at a glance for faster troubleshooting |
Documentation, blog post |
ES |
Time Series Data Streams & Downsampling |
While time series was a tech preview in 8.6 it is now GA! Uses on average 70% less disk space for metrics & supports downsampling for longer retention |
Documentation |
ES |
Cloud Security Posture Management |
You can now easily audit your AWS configurations against security guidelines defined by the Center for Internet Security (CIS) |
Documentation |
ES |
Ingest pipelines improvements |
GeoIP, set and append ingest processors are now significantly faster. Running a document through multiple ingest pipelines is faster too. |
|
K |
Alert Flapping & Summarization |
Enable alert flapping detection to prevent being repeteadly alerted for rapidly changing status on rules. Summarize alerts to reduce number of notifications |
Documentation |
K |
Concurrent sessions management |
An administrator can now set the maximum number of sessions allowed for a user, disconnecting the oldest session when the limit is reached |
Documentation |
K |
Anomaly detection on geo data |
You can now create an anomaly detection job on geo data directly from a dashboard or follow a link to get to the advanced ML job wizard |
Documentation |
8.6
Version-level references: Blog post
Product |
Feature |
Description |
References |
A |
Security integ |
New integrations for Box, Darktrace, F5 BIG-IP, InfoBlox, Microsoft 365 Defender, Trend Micro and others... |
|
ES |
time_series index |
It's a new type of index that is optimized for time series of metrics data |
|
ES |
field_caps improved |
The field_caps API - that provides information about a field - is 10x faster! |
|
ES |
Shard balancing |
Introducing "desired balance" allocator (used by default in 8.6+) and two additional variables into the balancing computation |
github issue |
ES |
ESQL |
New query language coming soon... :-) |
blog post |
K |
Host observability |
Get a comprehensive and customizable view of all your hosts (inc. health & performance) |
|
K |
Ad hoc data views |
Create temporary data views on the fly to explore data, and permanently persist when ready |
|
K |
APM Dependencies |
New tab in the dependencies view showing operations, latency distrib & trace waterfalls |
|
K |
Enhanced case mngt |
New bulk actions, unassigned cases, unlinking of alerts, ticket linking back to Elastic |
|
K |
SIEM alert correlation |
Prebuilt rules now detect complex attack behaviors by correlating groups/sequences of alerts |
|
K |
Opsgenie connector |
New OOTB integration with Opsgenie for Kibana Alerting |
blog post |
K |
Universal profiling |
coming soon... :-) |
home page, blog post, eBPF blog post |
8.5
Version-level references: Blog post
Product |
Feature |
Description |
References |
ES |
10 to 30% faster |
When using explicit _id, GET and indexing are way faster! |
|
K |
Synthetics service |
Ability to enable synthetic tests (from a recorded script) using our Cloud service |
blog post, news blog post |
K |
Universal profiling |
Provides visibility into how application code and infrastructure are performing |
blog post, general on observability and press release |
K |
Lens to ML |
Anomaly detection jobs can now be created directly from the flyout of a Lens viz |
|
K |
KSPM on EKS |
Kubernetes Security Posture Management is now supported on AWS EKS |
|
K |
ML notifications |
In ML UI, dedicated notifications page to display all ML-related messages |
image |
K |
Case assignment |
Assign a case to users (via searching through user profiles) |
|
K |
Log pattern analysis |
In ML AIOps UI, take the "log rate spikes" (from 8.4) further by grouping results that co-occur |
image |
8.4
Version-level references: Blog post
Product |
Feature |
Description |
References |
A |
Added integrations |
Support for Azure Firewall, Cisco Identity Service Engine, Cisco Secure Email Gateway, Citrix WAF, Mimecast, Proofpoint TAP and SentinelOne |
|
A |
New remediations |
New cross-OS responses to enumerate, suspend and kill processes |
|
A |
Self healing |
Automated remediation feature that erases attack artifacts to return to pre-attack state |
|
APM |
AWS instrumentation |
APM agents adds auto-instrumentation for calls to native AWS services (inc S3, SNS, SQS, and DynamoDB) |
|
ES |
synthetic _source |
Reduce the index size and speed up analysis for specific time-series use cases |
doc |
K |
Responser |
New UI that enables viewing and invoking response actions quickly |
|
K |
SOAR partners |
New SOAR partnerships with D3 and Torq for customizable orchestration capabilities |
|
K |
Custom connectors |
An open community-based list of webhook actions that can be added to rules within Elastic Security |
blog post, github repo |
K |
Log rate spikes |
Identify deviations from the baseline log rate and which fields contribute the most to the deviation |
|
K |
Scheduled snooze |
Snooze option added to alert rules, allowing you to temporarily suppress notifications |
|
K |
Transforms retries |
Transforms recover after a failure without any user intervention |
|
K |
k8s dashboards |
OOTB Kubernetes dashboards have been revamped using Lens for enhanced drill-down and navigation |
|
K |
Ops alerting |
Easily access and manage all observability rules and alerts from within the Observability UI |
|
K |
APM errors |
APM error screens add transaction details to facilitate root cause analysis workflows |
|
K |
DevTools improvement |
Performance improvements, ability to leave comments and more! |
blog post |
8.3
Version-level references: Blog post
Product |
Feature |
Description |
References |
A |
New integrations |
AWS Fargate (monitor ECS containers), Nagios, Spark, Spring Boot, Salesforce and Hadoop |
AWS integration |
A |
Rolling upgrades |
Rolling upgrades during scheduled maintenance windows |
|
A |
Tagging |
Attach tags to agents during installation to have greater control over agents management at scale |
|
ES |
Hybrid deployments |
CCS and CCR now support searching and replicating data across Elastic Cloud, self-managed clusters, ECE and ECK. |
blog post, another one |
ES |
Search in v5 snapshots |
Use searchable snapshots to access 6-year-old data with no restore or reindex! |
blog post |
ES |
Sharding guidance |
Updated sharding guidance (starting v8.3+) on master & data nodes |
blog post, blog update |
ES |
Geo grid query |
Natively return all the documents that overlap a specific geo tile |
|
ES |
dot naming |
Now supporting dots in field names |
blog post and doc |
K |
Cloud Security |
New cloud posture management and workload protection capabilities, starting with CIS k8s benchmark |
blog post and GA |
K |
SOAR |
Elastic and Tines are partnering to help detect security threats and reduce mean time to respond |
blog post and SOAR & TI |
K |
Alerting in Discover |
Create alerts for documents matching your query with a custom threshold and time interval |
history of Kibana |
K |
Viz to ML |
Transform a visualization (from a dashboard) into a machine learning anomaly detection job |
doc |
K |
D&D controls |
In your dashboard, add controls with simple drag & drop |
doc |
8.2
Version-level references: Blog post
Product |
Feature |
Description |
References |
A |
Added integ |
Added support for Microsoft 365 Defender, VMware Carbon Black or Cisco Secure Email & ISE |
|
A |
Logstash output |
The Elastic Agent (deployed with Fleet) now supports Logstash output |
comparison table |
A |
Custom blocklists |
Protect high-risk systems (PoS, MS...) by blocking the execution of specific app at the edge |
|
A |
Uptime & Cloud |
New cloud-based synthetic testing initiated from Elastic Cloud Uptime solution |
|
APM |
Sampling++ |
Tail-based sampling (added to existing head-based) for high volumes of transactions |
blog post, image |
ES |
Lookup runtime fields |
Enrich at query time from another index - Can I call it outer join?! |
doc |
ES |
Random sampler agg |
Exponentially accelerate aggregations (with a slight trade off in accuracy) by randomly sampling docs |
blog post, doc |
ES |
JWT support |
Authorize and authenticate Elasticsearch's API calls using JSON Web Tokens (JWT) |
|
ES |
Search UI |
New UI (actually a React lib) to quickly implement search experiences |
blog post, doc |
K |
French Kibana! |
Sorry, I couldn't miss that one ;) |
doc |
K |
Document explorer |
Enhanced doc explorer with column selection, sorting, highlighting, comparing, etc |
|
K |
Users view |
The new Users View supports security monitoring by presenting environment-wide user context |
visual |
K |
Session View |
New interface that provides a forensic view for examining process executions on Linux |
visual |
K |
Investigation guide |
Detailed (expert) investigation guides for a large set of prebuilt detection rules |
|
K |
Osquery from alerts |
Inspect hosts directly from an alert using the Osquery Manager integration for Elastic Agent |
visual |
K |
xMatters connector |
Create associated incidents in the xMatters’s automated incident management platform |
|
8.1
Version-level references: Blog post
Product |
Feature |
Description |
References |
A |
Security integrations |
Added integs for Akamai, Symantec, Zscaler ZIA & ZPA, Tenable, modsecurity, auth0 and much more! |
new integrations picture |
A |
network packet capture |
Npcap integration to ingest host-based network activity |
integration |
A |
Threat intel |
Added threat intelligence feeds from Recorded Future, ThreatQuotient and Cybersixgill |
SOAR & TI |
APM |
OpenTelemetry logs |
Ingest OpenTelemetry logs |
blog post and illustration |
APM |
Jenkins logs |
Collect detailed Jenkins logs (inc. errors and build execution details) with OT collector |
jenkins ot collector |
APM |
AWS Lambda tracing |
Collect application traces from AWS Lambda functions written in Node.js, Python, and Java |
blog post, doc |
ES |
20% better! |
20% faster indexing speeds and 20% lower data storage requirements with doc-value-only fields |
doc |
ES |
Hex tile agg |
Geospatial data can be partitioned into hexagonally shaped tiles. After all, hexagons are the bestagons - and I (frenchy) can't agree more! |
|
ES |
painless getting simpler |
New field API helps writing shorter painless |
doc |
K |
Gauge, waffle & mosaic |
Use gauges for metrics, waffles to see the smallest proportions and mosaics to better compare data with multiple variables |
video |
K |
Lens combined fields |
Combine multi-field top values with a simple drag & drop |
|
K |
Lens metric color |
Color by value range in Lens metrics |
example |
K |
Document Explorer |
In Discover, try out the new Document Explorer, a whole new way to examine your data |
history of Kibana |
K |
SIEM UI enhancements |
Many UI improvements on alerts, rules, exceptions and filters |
|
8.0
Version-level references: Blog post and beta post
Product |
Feature |
Description |
References |
A |
AWS SAR |
Ingest logs from AWS S3 using Elastic serverless forwarder (AWS Lambda app) |
blog post and security workloads |
A |
AWS Storage Lens |
Ingest Storage Lens metrics to optimize S3 usage costs, ensure data protection and monitor user activity trends |
blog post |
ES |
Security by default |
Elastic Stack security is on by default for self-managed clusters |
blog post |
ES |
NLP |
Native support for PyTorch ML models into Elasticsearch to do natural language processing (NLP) for named entity recognition (NER) and sentiment analysis |
blog post, another one, custom model & Maps, sentiment analysis, NER, text embeddings, webinar and another webinar |
ES |
ANN search |
Native support for approximate nearest neighbor (ANN) search to compare vector-based queries with a vector-based document corpus |
blog post |
K |
Field statistics |
In Discover, new tab to explore the fields in your data |
history of Kibana |
7.17
Version-level references: Blog post
Product |
Feature |
Description |
References |
ES |
Deduplicated settings |
All identical index mapping or settings are reduced to just one, saving a lot of heap |
|
K |
Upgrade assistant |
Upgrade to 7.17 to learn about deprecations, remediation options (inc setting changes) |
webinar |
7.16
Version-level references: Blog post
Product |
Feature |
Description |
References |
A |
Added integrations |
Added AWS WAF, Cisco Duo, CrowdStrike, GitHub and 1Password integrations |
|
A |
AWS Firelens |
Added integration for AWS FireLens to use ECS and Fargate logs in Observability & Security |
blog post |
A |
Enhanced protection |
Extended malicious behavior protection & memory threat protection |
blog post |
APM |
CI/CD |
Integrations for Ansible and Maven offering deeper visibility into job execution and deployment errors |
|
APM |
.Net auto-instrumentation |
Auto-instrumentation of .NET applications with no code changes required |
blog post and other one |
L |
ECS compliance |
The grok processor now supports ECS! in the path of getting LS fully ECS compliant... |
|
ES |
categorize_text |
New multi-bucket aggregation that groups semi-structured text into buckets |
blog post |
ES |
Heap reduction |
Greatly reduced heap consumption and improved search speed |
blog post |
ES |
EQL perf |
Performance increase of 830x (by removing the use of null values as join keys in sequences) |
|
ES |
Sort queries perf |
Performance improvement (up to 4x) for time-sorted data retrieval |
blog post |
ES |
Prebuilt ILM policies |
ILM now includes five built-in policies |
|
K |
Compressed spans |
In the APM UI, displaying a compressed view of spans |
visual |
K |
Integrations UI |
Search for all integrations - with a few clicks to deploy with Elastic Agent |
|
K |
Reference lines |
Horizontal reference lines in Kibana Lens to identify important values |
|
K |
ServiceNow integrations |
Certified integrations of ServiceNow SIR, ITSM and ITOM to accelerate |
blog post |
K |
Osquery manager |
Now GA with addition of custom config, ECS mapping, query testing & query pack scheduling |
blog post and a guide on threat hunting with osquery |
K |
Upgrade assistant |
Get prepared for 8.0 and beyond! |
webinar |
K |
OAuth 2 for emails |
Authenticate the email connector with OAuth 2.0 Client Credentials |
|
7.15
Version-level references: Blog post
Product |
Feature |
Description |
References |
A |
GCP integration |
Agentless ingestion of logs from GCP using Dataflow integration |
blog post for GCS, BigQuery and Pub/Sub |
A |
Added integrations |
New integrations for EDRs (Carbon Black, CrowdStrike, Palo Alto Cortex) and more |
|
A |
Scheduled queries |
Schedule queries to inspect hosts with osquery and get results in the Stack |
|
A |
Private EPR |
Self-managed version of Elastic Package Registry (EPR) as a Docker image |
doc |
A |
In-memory attacks |
Prevent memory manipulation (used for process injection via shellcode) |
blog post |
A |
Linux quarantine |
Use eBPF to isolate a Linux host from the network |
Cmd and eBPF blog post |
APM |
iOS agent |
new APM agent for iOS (Swift only) based on OpenTelemetry |
blog post |
ES |
Vector tiles |
The vector tiles provides a huge performance improvement when searching geo_points and geo_shapes drawn to a map |
blog post |
ES |
Field usage |
Grab field usage information and statistics |
|
ES |
Disk usage |
Grab disk usage information of each field of an index or data stream |
blog post |
ML |
Import/Export |
Import and export jobs in Stack Management > Machine Learning Jobs |
|
K |
ML monitoring |
Use anomaly detection on jobs health and alert on issue |
blog post |
K |
Runtime field editor |
Create runtime fields on the fly in Kibana |
|
K |
Cursor hover |
In dashboards, cursor hover is synced across viz |
|
7.14
Version-level references: Blog post
Product |
Feature |
Description |
References |
A |
Quarantine |
Ability to isolate a host from a network with a simple Kibana clic |
|
A |
Live queries |
Run a live query at anytime on osquery using the sql commands |
|
ES |
Match_only_text |
Replacement for the text field type that leads to a 10% reduction of storage |
blog post |
ES |
EQL supports CCS |
EQL (and the whole Kibana Security app) supports Cross Cluster Search |
blog post |
ML |
APM RCA |
Reduce MTTR with automated root cause analysis of application issues |
|
ML |
Spoofed URLs |
Detect spoofed URLs by monitoring DGA domains |
blog post |
K |
Swimlane SOAR |
New connector with the Swimlane SOAR platform |
blog post |
K |
Rule updates |
In Kibana Security, rules update are faster and easier |
|
K |
Lens updates |
Use time shift and color by value and custom formulas in Lens |
blog post |
K |
Maps updates |
Highlight POI, mapping anomalies, a time slider and more |
blog post and volcano example |
7.13
Version-level references: Blog post
Note: Elastic has changed the licensing options for Elasticsearch and Kibana. Here is an update post
Product |
Feature |
Description |
References |
A |
Fleet server |
Dedicated component for managing agents and administering agent integrations |
|
A |
k8s auto-discover |
Improve ease of deployment in highly dynamic orchestrated environments |
|
A |
Heartbeat support |
Integration of uptime monitoring in Elastic Agent |
|
A |
osquery deployment |
Elastic Agent can install osquery on any host |
|
B |
Threat intel |
Seamlessly ingest freely available threat intelligence sources (Abuse.ch, AlienVault OTX, etc) |
blog post and other post and on Mozi and SOAR & TI |
L |
Data stream support |
Extends the Elasticsearch output plugin to write data streams |
|
L |
ECS compliance |
In the way to get Logstash ECS compliant |
github issue |
ES |
Runtime to indexed |
To create an indexed field based on a runtime field, simply "move" it in the index template |
|
ES |
Faster aggs |
Additional performance increase in terms and filter aggregations |
blog post |
ES |
Audit ignore policy |
Reduce the noise and remove unnecessary response from actions in ES audit logs |
|
ML |
SIEM ML jobs |
New ML jobs added in Kibana SIEM |
LOLBins ML or ML for AWS Cloudtrail or rare anomalies examples or unusual network activity |
ML |
model alias |
To simplify the deployment and upgrading of trained models |
|
K |
Custom banner |
Banner (showing at the top) that visually differentiates Kibana Spaces |
|
K |
Runtime fields editor |
Create your own fields in a Kibana index pattern on the fly |
|
K |
Frozen in ILM |
Configure the frozen tier and also choose the object store repository to use |
|
K |
APM time compare |
Allows users to quickly compare current and historical behavior |
|
K |
APM scatterplot |
Scatterplot view visually shows transactions by latency and load distribution |
|
K |
osquery integration |
osquery management and unified analysis integrated in Kibana |
|
7.12
Version-level references: Blog post
Product |
Feature |
Description |
References |
A |
Ransomware prevention |
New layer of ransomware prevention based on behavioral analysis |
|
APM |
Native OpenTelemetry support |
Users can now directly send data from OpenTelemetry agents to APM server |
blog post |
ES |
Frozen tier |
Makes object stores (S3) searchable by fetching needed data from the store and caching locally |
blog post, query 1PB |
K |
APM correlation |
Automatically surface factors that are highly correlated with underperforming transactions |
blog post |
K |
Dashboard-first |
Dashboard-first approach makes it simple to create and add viz without leaving the dashboard-building flow |
blog post and other post |
K |
Save session |
In Discover and Dashboard, you can save a long-running search to run in the background |
|
K |
Runtime fields |
You can now use runtime fields from within Discover and Kibana Lens |
new fields api |
K |
Transform retention |
Data Transforms adds data retention policy |
blog post |
K |
ServiceNow SIR connector |
Adding in SIEM the ServiceNow Security Incident Response (SIR) action |
|
7.11
Version-level references: Blog post
Note: Elastic is changing the licensing options for Elasticsearch and Kibana, moving from the Apache 2 licensed code to be dual licensed under both the Elastic License and SSPL. See blog post
Product |
Feature |
Description |
References |
A |
Added sources |
Catching up on Beats modules, Elastic Agent added auditd, CEF, iptables, osquery and other sources |
|
A |
Registered AV in Windows |
Windows now recognizes Elastic as an official antivirus solution |
|
A |
Trusted signer |
Trusted applications (on Windows) can now be defined by the software signer, path, and/or hash |
|
B |
Iotsio module |
Added monitoring for iostio |
blog post |
APM |
ECS logging libs |
ECS logging libraries are plugins (for most languages & frameworks) to link app logs & traces |
blog post |
ES |
Date hist speed++ |
The speed of date histograms has been increased by 85% |
blog post |
ES |
Runtime fields |
Give ability to define the schema at query time |
intro post and tech post |
ML |
Latest Transform |
In Data Transforms, new "latest" agg creating an index updated with the most recent document |
|
ML |
Space aware |
ML jobs are now space aware |
|
K |
Anonymous access |
Any saved object can be accessed with no credentials using specialized links |
|
K |
Service health view |
New service overview page summarizes all the information about the health of a service |
|
K |
Alerting GA |
Kibana Alerting is now generally available! |
blog post |
K |
Host details |
New view to the Metrics app to zoom out for historical key metrics for individual hosts |
|
K |
Page load |
New page load waterfall chart that displays the connection stats in the synthetic monitoring |
|
K |
Tags |
Set tags to better manage and access content in Kibana (nav bar) |
|
K |
Lens updates |
New color palette picking, custom chart labels and... CSV export! |
blog post |
K |
Maps server |
Elastic Maps Server, a downloadable docker image to use Maps offline |
|
K |
Timeline updates |
In SIEM, Timeline got tabbed info, fullscreen, multicolumn sorting, event details, etc |
import/export |
K |
SS in ILM |
Searchable snapshots in index lifecycle management UI |
|
K |
Audit log |
This new audit log records authentication and authorization, CRUD operations, HTTP requests etc |
|
K |
Data viz redesign |
The Machine Learning data visualizer gets redesigned |
|
7.10
Version-level references: Blog post
Product |
Feature |
Description |
References |
A |
Trusted apps |
Users can provide a list of trusted (whitelisted) apps in malware prevention |
|
APM |
PHP agent |
New PHP agent |
blog post, in v8 |
ES |
Searchable snapshots |
Elasticsearch can now search in snapshots stored in low-cost object stores like S3 |
blog post and vs AWS ultrawarm |
ES |
Improved compression |
10% storage savings in indices created in v7.10+ |
blog post |
ES |
Cold tier |
By replacing the index replica by a searchable snapshot, cluster storage can be reduced by up to 50% |
3-tier setup and cold tier testing |
K |
UX monitoring |
New User Experience app allows you to monitor key user experience metrics, inc Web Vitals |
blog post |
K |
Synthetic monitoring |
Multistep checks to simulate complex user flows and measure performance from Uptime UI |
blog post, Synthetic monitoring service and ynthetics on Kibana |
K |
Nav bar |
Move faster in Kibana with new navigational search (at the top of Kibana) |
|
K |
ML in metrics |
Detect common infrastructure issues with new one-click ML jobs |
|
K |
URL drilldown |
Create navigation paths to web apps using URLs that can even include data parameters |
blog post |
K |
Chart description |
In dashboards, a description can be added to a chart (displayed as tooltip) |
|
K |
APM canvas |
Pre-made Canvas workpad displaying APM data |
blog post |
K |
Jira action |
New Jira connector for Kibana alerting |
|
K |
Correlation rules |
Leverages EQL to automate detection of multi-stage attacks |
blog post |
K |
RBAC for alerting |
Feature control for stack-level alerts, actions and connectors |
|
K |
Detection rules repo |
All detection rules (including newest Azure/GCP) are shared and contributed in github |
blog post and github repo |
K |
Feature importance |
In ML Data Frame Analytics, displaying the feature importance |
|
K |
Maps alerting |
Added location-based "geo-fencing" alerts in Maps |
blog post |
7.9
Version-level references: Blog post
Product |
Feature |
Description |
References |
A |
Elastic Agent |
Single agent to collect all kinds of data from a host, including logs, metrics, and endpoint security data |
blog post |
A |
Ingest Manager |
Central place to control all integrations (formerly called modules) for Elastic Agent |
|
A |
Fleet |
Centrally manage all Elastic Agents from Kibana |
|
A |
Anti-malware |
Signatureless malware prevention now built into Elastic Agent |
blog post and sandbox setup and Sunburst protection |
B |
Security integrations |
Added Microsoft Defender ATP, PowerShell, Gsuite and tens of others leveraging RSA2ELK |
|
APM |
OpenTelemetry |
Elastic APM exporter takes data from OpenTelemetry collector and sends them to Elastic APM server |
blog post |
L |
Faster startup |
Faster pipeline startups and restarts |
|
L |
App Search output |
Added Elastic App Search output pluging |
|
ES |
EQL |
New Event Query Language facilitating correlation designed for security use cases |
blog post |
ES |
Wildcard type |
New data type splitting strings into 3-letter tokens to introduce wildcard and regex search |
blog post |
ES |
Data streams |
Single named resource to ingest & manage time series data |
intro post and beyond |
ES |
Tableau Connector |
Provides direct, real-time access to Elasticsearch data from Tableau Server and Tableau Desktop |
Tableau connector |
ML |
Added SIEM jobs |
Adding new ML jobs to detect threats, integrated in the SIEM app |
|
ML |
Model snapshot |
Lets you quickly revert back to an earlier snapshot or even just skip the problem events |
|
K |
New Kibana platform |
New platform enabling instant page loads |
Kibana platform |
K |
Explore viz data |
In a dashboard, click 'explore underlying data' to see the documents in Discover |
|
K |
Lens improvements |
Multiple Y axes, custom color selection, handling sparse data |
|
K |
Observability homepage |
Curated view presenting key information across all your observability data (logs, metrics, APM, uptime) |
|
K |
Uptime ML alerting |
Addition of alerting on anomaly detection (from ML) in Uptime |
blog post |
K |
Threshold-based rules |
In SIEM, new rules detecting number of matches exceeding a threshold |
|
K |
Process-tree viz |
In SIEM, new interactive visualization of endpoint-based activity |
|
K |
Alert exception |
Create rule exceptions in SIEM (indivisually or with a list) |
|
K |
ServiceNow action |
Trigger ServiceNow incidents with alerts |
|
K |
IBM Resilient action |
Open or update a case within IBM Security Resilient from Kibana alerting |
|
K |
Enterprise search |
App Search and Workplace Search have their UI integrated in Kibana |
|
7.8
Version-level references: Blog post
Product |
Feature |
Description |
References |
B |
Added integrations |
Main additions are Google Cloud operations suite (formerly Stackdriver), Fortinet, Check Point and CrowdStrike Falcon |
all integrations |
B |
Certificate validity |
Elastic Uptime adds TLS/SSL monitoring to automatically track certificate validity and expiration dates |
blog post and another |
APM |
OpenTelemetry support |
Added an Elastic APM exporter to integrate the OpenTelemetry trace data into Elastic APM |
blog post |
ES |
Geo aggs |
Aggregations now support BKD-backed geo_shapes (geo bounds, grids and centroids) |
|
ES |
Histogram aggs |
New aggregations (sum, value count & avg) on the histogram field |
|
ES |
t-test |
Metric aggregation used in A/B testing |
|
ES |
ARM support |
ES now runs on ARM |
blog post |
K |
New navigation menu! |
with simple organization and grouping |
|
K |
Dashboard upgrades |
Cloning a viz, drilldown links between dashboards and including ML anomaly swimlanes |
|
K |
Anomaly explorer in dahsboards |
embed visuals from ML Anomaly Explorer inside dashboards |
|
K |
1GB File upload |
The file data visualizer upload supports 1GB files |
|
K |
Alerting connectors |
Connectors are globally available, easy to configure with Kibana keystore support |
|
K |
Jira integration |
New integration with Jira Core, Jira Service Desk and Jira Software to quickly open or update a Jira incident or issue to take action |
|
K |
Maps for APM RUM |
Real User Monitoring data can now be added as a layer in a Map |
|
K |
ML in service maps |
APM service maps automatically pull data from ML and color service nodes to show the anomalies |
|
K |
Treemap |
Lens adds treemap viz type |
|
K |
Pipeline builder |
The new ingest node pipeline builder makes it easy to configure custom ingest pipelines |
|
K |
Pre-access screen |
Shown before a user is allowed to authenticate into Kibana, with custom text and completion button |
|
K |
Custom sign-on |
Configurable sign-on experience for anyone using SSO (password hints, custom icons) |
|
7.7
Version-level references: Blog post
Product |
Feature |
Description |
References |
B |
Added integrations |
Main additions are Prometheus/OpenMetrics, AWS (Lambda, VPC, Aurora, DynamoDB), Google Cloud (Pub/Sub and LB), Azure (db account, AKS and container metrics), Pivotal Cloud Foundry, MQTT, Redis, and IBM MQ |
Prometheus blog post, all integrations |
B |
Security sources |
Adding Okta, Microsoft 365 and Check Point security sources |
blog post on Okta |
APM |
Inferred spans |
Surface additional spans that show you granular method-level info powered by a low overhead async profiler |
blog post and okta security |
ES |
async search |
Run potentially long-running queries in the background, allowing you to track their progress and retrieve partial results as they become available. |
|
ES |
Heap reduction |
Moved the terms index of the _id off heap for time-series |
blog post |
ES |
Faster sort |
Improved performance on time sorted queries (note that this does not help when aggregations are requested) |
|
ES |
Platform support |
ES now supports RHEL/CentOS 8, Windows 2019 and OpenJDK 14 |
support matrix |
ML |
Multiclass classification |
Data frame analytics can classify a range of outputs, not only right or wrong (binary classif introduced in 7.5) |
example on DGA detection and part 2 on inference |
K |
Lazy loading |
Kibana uses asynchronous search in Dashboard and Discover to optionally ignore timeout until completion |
|
K |
Alerting in apps |
Full new Kibana alerting tightly integrated into the SIEM, Metrics, APM and Uptime apps, managed from the UI |
blog post, genesis |
K |
APM Service map |
Shows a graphical view of the dependencies between applications and external services with high level KPIs |
|
K |
APM agent config |
Ability to configure the APM agent properties in the APM app |
|
K |
APM custom links |
Create dynamic custom links (populate GitHub/Jira issues or link to a Kibana dashboard) based on your specific APM data |
|
K |
ML in Uptime |
Uptime has incorporated machine learning into its ability to highlight anomalous response durations |
|
K |
Viz in Canvas |
Add existing visualizations created in Kibana Lens, Visualize, or TSVB inside a Canvas |
|
K |
File upload |
The file upload UI (in ML > Data Visualizer) now has the ability to recommend a Filebeat config file |
|
K |
Cases |
Embedded case management in Elastic SIEM |
|
K |
ServiceNow integ |
Cases directly integrates with ServiceNow ITSM, allowing analysts to forward info from Elastic SIEM to ServiceNow |
|
K |
Maps additions |
Show individual points when zooming in, and filter on distance (radial) |
|
K |
Painless Lab |
Added in "Dev Tools", painless lab allows to run and debug Painless (simple, fast and secure scripting language for Elasticsearch) scripts |
|
7.6
Version-level references: Blog post
Product |
Feature |
Description |
References |
B |
Cloud modules |
New beat modules to capture AWS billing, AWS VPC flow logs, any GCP service monitored by Stackdriver and Azure Storage (blobs, files, etc) |
|
L |
Monitor to Cloud |
Easy configuration to send Logstash stack monitoring data to a cluster in Elastic Cloud |
|
APM |
Jaeger bridge |
Provide a direct bridge between Elastic APM and Jaeger with Jaeger intake support |
blog post, APM, free and open |
APM |
.Net logger |
Full C# representation of ECS using .NET types with integrations for Elastic APM Logging with Serilog and NLog, vanilla Serilog, and for BenchmarkDotnet |
blog post |
ES |
Faster sort |
Improve (like 35x!) the performance of queries that are sorted by date or other long values |
|
ES |
Faster composite agg |
Faster composite aggregations on sorted indices |
|
ES |
Faster geo_shape |
The geo_shape query has been enhanced to use a BKD tree |
blog post |
ES |
CCx proxy |
A proxy can now be used between clusters for both CCR and CCS |
|
ES |
Histogram |
New histogram data type as a more efficient way to handle data that can be represented in a histogram |
|
ES |
String stats |
New string stats aggregation calculates the count, Shannon entropy and the min/max and average length of the strings |
|
ML |
Inference |
Supervised ML models can be used for inference at ingest time |
blog post and end to end example |
ML |
Language detection |
Language identification model used to label the language on documents at ingest time |
blog post |
ML |
Py Panda |
Python Elasticsearch client called eland to analyse, explore and manipulate data that resides in Elasticsearch |
github and jupyter viz in kibana |
K |
SIEM detection engine |
Automate threat detection and minimize MTTD with nearly 100 OOTB rules aligned with the ATT&CK framework |
blog post, detection rules repo, copy-paste attack detection |
K |
APM in SIEM |
Elastic SIEM added curated visibility into HTTP data (coming from Elastic APM) with adequate rules |
|
K |
AWS/GCP in SIEM |
Support for AWS CloudTrail and GCP events in the SIEM app |
|
K |
SIEM overview |
New Elastic SIEM app overview page with timelines, news, signals, sources, etc |
|
K |
Logs categorization |
New categories tab in the Logs UI uses ML categorization to find anomalies on unstructured logs |
blog post and a quick start post |
K |
Uptime |
Addition of a world map to the Uptime UI enables visualization of user-perceived performance on a global scale |
|
K |
Lens additions |
Added a quick "reset layer" action and support for scripted fields in Kibana Lens |
|
K |
Nested search |
Ability to search and filter on nested fields. More to come soon ;) |
|
K |
ILM&SLM |
ILM users now have the ability to utilize a wait_for_snapshot action |
|
K |
Template UI |
New visual mapping editor for index templates |
|
K |
Maps style |
Categorical styling and customize labels within the layer style panel |
|
K |
Maps in Canvas |
Ability to embed map elements directly into Canvas workpads |
|
7.5
Version-level references: Blog post
Product |
Feature |
Description |
References |
B |
Stack monitoring |
External collection for Elastic Stack Monitoring is now available via Metricbeat |
blog post |
B |
Azure modules |
Addition of Metricbeat and Filebeat modules to monitor logs and metrics from Azure Event Hub and Azure Monitor |
blog post, Azure module |
B |
Heartbeat for k8s |
Enhancing Uptime (heartbeat) to include hint-based auto-discovery for Kubernetes monitoring |
|
ES |
Snapshot retention |
Added in SLM (snapshot lifecycle management) the retention configuration |
|
ES |
API keys |
Kibana app to easily view/manage API keys |
|
ES |
Enrichment proc |
Added an enrich processor (in ingest pipeline) to lookup in an Elasticsearch index and add the results to your document at indexing time |
blog post, other one and ip enrichment |
ES |
Pause CCR |
Pause & resume flows in CCR, useful for upgrades |
|
ES |
Geotile grid agg |
This enhancement enables users to aggregate all docs within a given tile on a geographical map |
|
ML |
Classification |
Binary classification predicts the class or category of a given data point in a dataset |
intro post and bench post, feature importance |
K |
Lens |
New way to rapidly draw meaningful visualization without needing any technical experience of Elasticsearch |
blog post |
K |
Sharing Canvas |
Share static Canvas workpads in HTML format using a JavaScript snippet |
|
K |
News feed |
Introducing a newsfeed that highlights what's new at Elastic (blogs, webinars, security vulnerabilities...) |
|
K |
SIEM & EES |
Elastic SIEM now supports data from EES (Elastic Endpoint Security, previously Endgame) |
|
K |
SIEM widgets |
The SIEM app adds event histogram, TLS widget and source/dest countries |
|
K |
Log rate |
The logs app now has a dataset-based log rate anomaly detection based on ML |
|
K |
ILM age |
Control the index age math that’s used by index lifecycle management (ILM) for phase timings calculations |
blog post |
K |
Query cancellation |
If a user navigates away or updates a query before getting the results, Kibana now cancels the Elasticsearch query |
|
K |
Landing page |
Configure the landing page on a per-space basis |
|
K |
Custom avatar |
Configure a custom avatar per space |
|
7.4
Version-level references: Blog post
Product |
Feature |
Description |
References |
B |
New modules |
Beats modules capturing metrics from StatD, AWS ELB, EBS and CloudWatch, logs from IBM MQ & AWS S3 (access logs) and a CEF decoder in Filebeat |
blog post, another on S3 |
B |
SQS & Kafka input |
Filebeat now supports AWS SQS (used to read from S3) and Kafka inputs |
|
B |
Java logging |
Send (ECS compliant!) logs from Java apps using native integration in log4j & logback |
github project |
APM |
Angular & .Net frameworks |
Added support for Angular (RUM agent) and .Net framework (.Net agent) |
|
APM |
Geolocation |
Geolocation added in RUM to display "performance by geographic region" breakdown |
|
APM |
APM to log |
Integrated way to navigate between APM and the Logs app |
blog post |
APM |
Java logger |
Centralized logging for Java applications with the Elastic stack made easy using plugins for Log4j & Logback |
github |
ES |
New alerting |
Basis of the new Kibana's alerting system are being delivered... stay tuned! |
blog post |
ES |
Results pinning |
By using the new pinned query, users can manage and order results as they see fit |
blog post |
ES |
Agg on range |
Run aggregations (cardinality, missing, value count, histogram and date histogram) on range fields |
|
ES |
Geospacial |
Geospacial improvements : shape field type and circle ingest processor |
|
ES |
Auto cancel |
Auto terminate queries sent through the _search endpoint when the initiating connection is closed |
|
ML |
Regression |
Regression analysis estimates the relationships among a number of feature variables and a dependent variable |
feature importance |
K |
Missile map |
Map (in both Maps & SIEM) showing network connections live |
blog post |
K |
SLM |
Management UI for snapshot lifecycle management (in Management/Snapshot and restore) |
|
K |
Index template |
Manage index templates |
|
K |
PKI auth |
Native support for PKI authentication enables to log into Kibana using X.509 client certificates and a two way encryption system |
|
K |
Share queries |
Share saved queries accross Discover, Visualize & Dashboard |
|
K |
Custom time range |
Ability to configure each viz or saved search for a specific time range |
|
K |
Copy objects |
Copy saved objects accross spaces |
|
7.3
Version-level references: Blog post
Product |
Feature |
Description |
References |
B |
New modules |
Filebeat gets new modules for MS SQL Server, Google pub/sub and VPC flows ; Metricbeat adds Oracle and AWS RDS modules |
|
L |
JMS plugin |
Consume data from any JMS technology by embracing the bring-your-own-driver model (similar to the JDBC plugins) |
blog post |
APM |
SPA support |
RUM (Real User Monitoring) supports Single Page Applications (SPA) in React |
|
APM |
Maps integration |
RUM now adds geoip by default so performance can be displayed in Maps app in Kibana |
|
APM |
Time spent |
The "Time spent by type" chart allows to see exactly where applications are spending their time |
|
ES |
Rare terms |
New aggregation designed to identify the long-tail of terms that have low doc counts |
|
ES |
Voting-only master |
The new voting-only master-eligible node can participate in master elections without acting as a master |
|
ES |
Vector scoring |
Adds two predefined functions to use for calculating vector similarity between a given query vector and document vectors |
blog post |
ES |
Flattened type |
Allows an entire flat JSON object to be indexed into a single field |
|
ES |
Synonyms update |
Synonym filters used by search analyzers can now be updated without restarting the index |
blog post |
ML |
Security jobs |
Create ML jobs from the SIEM app in Kibana |
|
ML |
Outlier detection |
Outlier detection integrated in data transforms |
catching malware, benchmark |
K |
Log to APM |
Logs & APM are not integrated so you can automatically navigate from a specific log event to APM traces |
|
K |
Uptime summaries |
Monitor Summaries allow to see multiple Heartbeat results grouped in a single expandable row per endpoint |
|
K |
Snapshot mngt UI |
The snapshot management UI enables create, restore and delete |
|
K |
Kerberos auth |
Single-sign-on (SSO) access to users to log into Kibana using Kerberos |
|
K |
CSV export |
Export a saved search in a CSV file |
|
7.2
Version-level references: Blog post, Video
Product |
Feature |
Description |
References |
B |
New modules |
A lot of new modules (Palo Alto Networks - PANW, Cisco ASA firewall, Netflow & IPFIX, NATS, CoreDNS, Windows sysmon & security) |
release post, signals on sysmon data |
B |
Scripting |
Scripting in Go at the edge (on servers) |
|
L |
Google modules |
New input & output modules to interact with GCS (Google Cloud Storage) buckets |
|
APM |
.Net agent |
Instrument ASP.NET Core 2.x+ and Entity Framework Core 2.x+ apps (and others manually via the API) |
video |
APM |
Metrics |
APM agents now collect language-specific metrics (for example Java heap memory and thread count) |
|
ES |
OpenID realm |
OpenID Connect realm (authentication backbone used by Okta, Google, etc) added |
blog post |
ES |
Geo in SQL |
Geographical queries through SQL statements |
|
ES |
Geo ranking |
Use time or geographical distance (normalized) in the computation of the relevance ranking score |
blog post |
ES |
Type ahead |
New search_as_you_type field type providing results from the field while the user is typing the query |
|
ML |
Data transforms |
Data transforms enable to pivot (aggregate) an existing index to a secondary, summarized index, by batch or continuously |
|
K |
SIEM |
Dedicated UI for exploring and visualizing host and network-based data, made for investigation |
blog post, building a SIEM |
K |
Metrics explorer |
Navigate through most important infrastructure metrics and interact using tags and chart groupings |
blog post |
K |
Logs UI++ |
Adding field pinning and quick filtering in the Logs UI |
blog post |
K |
Feature control |
Allows to hide and restrict applications and features (per Kibana Space) |
blog post |
K |
ML Query bar |
New query bar in the ML app to make it easier to search the anomaly results for specific influencers |
blog post |
K |
Uptime integration |
Provide bi-directional links between Uptime and Logs, Infrastructure, and APM |
blog post |
K |
Snapshot repo UI |
Snapshot repository management, in Kibana. Snapshot management is coming ;) |
|
K |
Saved Object restore |
New API to export & import saved objects, including dependencies |
|
K |
Rollup in TSVB |
Time Series Visual Builder now supports rollup index |
|
K |
Plugin API |
New platform to develop plugins in Kibana |
blog post |
7.1
Version-level references: Blog post, getting started, how to setup encryption, prevent breach
7.0
Version-level references: Blog post
Product |
Feature |
Description |
References |
B |
ECS |
Beats now use the new field naming convention Elastic Common Schema (ECS) |
blog post, webinar, ECS doc, observability with ECS, blog post |
B |
AWS module |
New metricbeat module to monitor AWS EC2 using Cloudwatch |
video, blog post |
B |
MSSQL module |
New metricbeat module for Microsoft SQL Server |
blog post |
B |
OpenMetrics support |
Deeper integration between Elastic Stack and Prometheus by support the OpenMetrics standard |
blog post, observability, by Elastic, Prometheus at scale |
B |
Zeek module |
New ingestion module for Zeek (Bro) |
blog post |
L |
Java execution |
Logstash now executed in Java by default, for better performance, less memory and java plugins support |
blog post, java plugins |
ES |
Typeless APIs |
6.0: no more than one type, 7.0: new typeless APIs, 8.0 will remove APIs that accept types |
blog post |
ES |
Cluster coordination |
New Zen2 cluster coordination which is faster, safer, and easier to use |
blog post |
ES |
Circuit breaker |
Adding a real memory circuit breaker which detects unserviceable requests to improve node resiliency |
blog post |
ES |
Adaptive Replica Selection |
Instead of basic round robin, ARS allows requests to be sent to the most available shard (and node) based on response time and queue size |
blog post |
ES |
Faster "top k" queries |
Huge speed boost when retrieving only top k hits of a search query |
blog post |
ES |
Function scoring |
Script score queries provide a simpler, modular, and more flexible way to generate a ranking score per record |
blog post |
ES |
New ranking |
New field types to boost documents based on values that are relevant to the scoring |
blog post |
ES |
Nanosecond precision |
Elasticsearch now supports anosecond precision in time fields, which allows high-frequency data collection |
blog post |
ES |
Helm charts |
Elastic now provides helm charts for Elasticsearch and Kibana |
blog post |
K |
New UI |
New navigation, dark mode, recent items, responsive, KQL by default... you'll love it! |
K7 release post |
6.8
Version-level references: Blog post, getting started, how to setup encryption, prevent breach
6.7
Version-level references: Blog post
Product |
Feature |
Description |
References |
K |
Uptime UI |
Active uptime monitoring of services & apps, based on Heartbeat |
blog post, video |
K |
Maps |
Dedicated solution for mapping, querying, and visualizing geospatial data |
blog post, new features, Maps example |
K |
Frozen management |
Frozen indices can be managed in ILM and index management |
|
K |
Localization |
Localizing Kibana, starting with Chinese |
|
6.6
Version-level references: Blog post
Product |
Feature |
Description |
References |
B |
Auditbeat module |
Record host, process, socket & user activity on a host, using ECS |
blog post |
B |
Netflow input |
Filebeat adds a new NetFlow input |
|
L |
Java plugins |
Introducing native support for input, filter and output java plugins |
blog post |
APM |
OpenTracing |
All agents now have OpenTracing compatible bridges |
blog post, W3C TraceContext |
APM |
APM to Infra |
When looking at a trace, you can jump to the host or container metrics and logs. This is Observability! |
|
ES |
Frozen indices |
Frozen indices allow for a much higher ratio of disk storage to heap, at the expense of search latency |
blog post |
ES |
SQL Date Histograms |
Added support for date histograms via the SQL API |
|
ML |
Annotations |
Create annotations to keep a record of actions taken, from the Kibana UI |
blog post |
K |
ILM |
managing indices lifecycle (hot/warm/cold/delete) from Kibana |
blog post, ILM to APM data and ILM troubleshooting |
K |
CCR UI |
Two new interfaces to manage remote clusters and remote replication process |
5' video |
K |
PNG export |
Export dashboards as a PNG report |
|
K |
Upgrade to 7.0 |
Prepare for an upgrade from Elasticsearch 6.x to Elasticsearch 7.0 |
blog post |
K |
ES cluster |
Kibana now allows the definition of multiple Elasticsearch nodes |
|
6.5
Version-level references: Blog post, Video
Product |
Feature |
Description |
References |
B |
Central management |
Enroll, configure, and manage Beats deployments from a central place using either the UI or API |
blog post |
B |
Functionbeat |
Functionbeat is a new Beat that deploys as a function in serverless platform, and streams cloud infrastructure data to Elasticsearch |
blog post |
APM |
Distributed tracing |
Distributed tracing gives an end-to-end trace on a request as it traverses multiple services |
video, blog post, Distributed tracing |
APM |
Monitoring |
APM monitoring lets you track the health of your Elastic APM deployments from the Kibana Monitoring app |
|
ES |
Cross Cluster Replication (CCR) |
Synchronization of indices across clusters |
webinar, blog post, another post, benchmark CCR, bidirectional replication |
ES |
ODBC |
Query Elasticsearch using the SQL API and the ODBC driver |
5' video |
ES |
Minimal snapshots |
50% smaller snapshots with source-only (needs reindex though) |
doc |
ML |
Multi-bucket span |
Detect anomalies that span multiple buckets and adjust anomaly score accordingly |
blog post |
K |
Canvas |
Create and share live infographic style presentations of your Elasticsearch data |
getting started, metrics and markdown, airport security, service KPIs, bikes sharing, tables and debug, AMA booth, coffee machine, 5' video, demo video, preview at Elastic{ON} |
K |
Spaces |
Kibana Spaces organize your Kibana objects (for eg. visualizations and dashboards) into separate "spaces", and use RBAC to control which users have access to which space |
intro, migration, 5mn video |
K |
Sample data |
Several datasets (with dashboard, canvas, etc) are available to start playing around in Kibana! |
5mn video, another one, the flights dataset and the e-commerce dataset |
K |
Rollup UI |
Management UI to configure and manage and visualize rollup indices (for metrics) |
blog post |
K |
Data visualizer |
This new UI (in ML tab) finds the structure of an uploaded file, generates the grok, ingest pipeline and mapping to eventually import data in Elasticsearch |
blog post and earthquake data import, 5' video |
K |
Infra UI |
The Infrastructure solution allows to easily navigate between logs and metrics activity on any specific host, pod, or container |
blog post, other post, 6mn video, preview at Elastic{ON} |
K |
Logs UI |
The Logs UI in Kibana displays live trail, like a tail -f combined with a grep |
blog post, other post |
6.4
Version-level references: Blog post
Product |
Feature |
Description |
References |
B |
Dissect processor |
A new processor that's fast and performant, and brings more processing power to the edge device |
|
L |
Azure module |
Monitoring your Azure cloud environment using the Elastic Stack is a single command away |
blog post |
APM |
ML integration |
Click a button in the APM app to enable Machine Learning jobs and start detecting anomalies on performance and errors |
|
APM |
Java agent |
New APM agent for Java |
blog post, custom instrumentation, perf tuning, regression testing, plugin contrib, 5mn video and other 5' video and java monitoring |
APM |
RUM agent |
Real User Monitoring |
blog post, another post |
ES |
Kerberos auth |
Use Kerberos as authentication realm |
blog post |
ES |
FIPS 140-2 |
Elasticsearch now has the ability to run with a FIPS 140-2 enabled JVM |
blog post |
ES |
Field alias |
Create aliases on fields, no need to reindex anymore. Good to get prepared for ECS |
blog post |
ML |
Custom rules |
Custom rules for fine tuning machine learning results (to avoid learning or alerting on specific conditions) |
blog post |
6.3
Version-level references: Blog post, Video
Opening the code of X-Pack: Webpage, Blog post and Elastic{ON} announcement
Product |
Feature |
Description |
References |
B |
K8S and Docker autodiscovery |
The Autodiscover feature allows logs & metrics to be captured automatically |
kubernetes observability, blog post, another one, Amazon EKS monitoring, video, 5' video |
B |
syslog input |
Send logs to Filebeat using syslog over UDP or TCP |
blog post |
L |
Connecting pipelines |
Multi-staged processing pipelines can connect pipelines within a Logstash process |
|
APM |
Watcher integration |
Receive alerts on errors (in APM data) |
|
ES |
SQL |
Query Elasticsearch using the SQL language, coming with a JDBC driver |
part 1 and part 2 |
ES |
Rollups |
Take historic data and generate aggregate statistics. Very useful for metrics in particular |
video |
ML |
CCS support |
Machine Learning jobs now support Cross Cluster Search |
|
K |
Auto complete |
Auto complete added in the Kibana Discover query bar |
blog post |
K |
Index Management UI |
Browse indices, see details about an individual, and change some options (close, force merge, clear cache, etc.) directly from the UI |
|
6.2
Version-level references: Blog post
Product |
Feature |
Description |
References |
B |
Monitoring |
Monitor Beats health in a new Kibana UI |
|
B |
Keystore |
Hide passwords from configuration files using a secure keystore |
blog post |
L |
Keystore |
Hide passwords from configuration files using a secure keystore |
|
L |
JDBC static filter |
|
|
ES |
Rank Evaluation |
Track how rankings of expected results is measured against specific queries |
blog post |
ES |
SAML support |
Get access to the Elastic Stack with the introduction of SAML support |
blog post, SAML on Azure, SAML with ADFS |
ML |
Calendar setting |
Skip analyzing the data during scheduled events (entered manually or imported via ics) |
|
K |
Vega |
Support for Vega & Vega lite visualizations |
getting started, blog post, sankey viz |
6.1
Version-level references: Blog post
Product |
Feature |
Description |
References |
B |
TLS support |
Packetbeat adds support for the TLS protocol to inspect the TLS enveloppe |
|
L |
Ruby filter |
Complex modification of events in Logstash is now possible via the Logstash Ruby filter |
|
APM |
New! |
APM released, with server, agents and UI |
blog post, python agent |
ES |
Split API |
Each original primary shard is split into two, or more, primary shards in the new index, as a companion to the Shrink Index API |
|
ES |
Composite agg |
The composite aggregation is designed to return all terms and sorted in 'natural order' |
blog post |
ML |
Forecasting |
Based on the past, what values would you expect in the future |
blog post, video |
K |
Input control |
Input control visualization components allow users to select particular values and guide to important filtering values for a dashboard |
blog post, video |
6.0
Version-level references: Blog post, Video (FR)
Product |
Feature |
Description |
References |
B |
Docker & K8S |
Logs and metrics out of Kubernetes and Docker |
docker, kubernetes, 5mn video |
B |
Auditbeat |
A new beat to capture auditd (based on the Linux audit framework) |
blog post, use ML |
L |
Multiple pipelines |
Run multiple pipelines concurrently for different use cases in the same instance, with centralized pipeline management, pipeline viewer and a conversion tool from ingest pipelines! |
blog post, maintainable pipelines, management UI, pipeline viewer and conversion tool, doc |
ES |
Rolling upgrade |
Upgrade a cluster without a cluster restart (from 5.6.3 to 6.x) |
|
ES |
Faster restart |
Faster Restarts and Recoveries using operations-based shard recovery (using sequence IDs) |
blog post |
ES |
Sparse data |
sparse fields (with no data) in doc-values will be significantly smaller |
blog post |
ES |
Distributed alerting |
Distributed watch execution moves watch execution to the nodes that hold the shards of the watcher index |
Blog post |
ES |
Removal of types |
Indices now have only a single mapping type |
blog post, another, doc |
ES |
Security |
We no longer use changeme as a default password! And TLS/SSL between nodes is required when security is enabled |
blog post, another, TLS |
K |
Kuery Language |
Try out the new Kibana Query Language |
blog post |
K |
CSV export |
Search in Discovery then export matching documents as a CSV file via the reporting menu |
video |
K |
Watcher UI |
New UI for creating and editing alerts based on thresholds |
blog post |
K |
Full screen & dashboard only |
Enter full screen mode when viewing a dashboard and only share dashboards to users |
blog post, video |
K |
Cluster Alerts |
Alerts on Monitoring Email Notifications and License Expiration |
|
5.6
Version-level references: Blog post
Product |
Feature |
Description |
References |
L |
Modules |
Logstash modules enable easy setup of Logstash configuration, index mapping in Elasticsearch & Kibana dashboards. Starting with two modules for Netflow and Arcsight |
Arcsight module, doc |
ES |
Rolling upgrade |
Upgrade a cluster without a cluster restart (starting from 5.6.3) |
|
ES |
Java High-level client |
New Java high-level REST client (built on top of the low-level client) accepts objects for the most important APIs |
blog post |
ES |
Join datatype |
New way to specify parent/child relationships without needing types |
doc |
K |
Migration assistant |
Prepare upgrades by inspecting breaking changes to index, cluster settings, etc |
|
5.5
Version-level references: Blog post
Product |
Feature |
Description |
References |
L |
Queueing |
Dead Letter Queues enables local queueing in Logstash (when using Elasticsearch output) |
|
ES |
MSI installer |
Windows MSI Installer for Elasticsearch with both GUI and silent installation support |
|
ML |
Monitoring |
Monitor assigned nodes, number of processed documents, and a job's state over time |
|
K |
Filter editor |
New filter editors (drop-downs, text-boxes) in Discover |
|
K |
Regions in maps |
The Elastic Maps Service now supports region maps |
blog post, another, 5' video |
K |
Grok debugger |
Debug grok patterns (from Logstash or ingest pipelines) in Kibana |
video and blog post |
K |
CCS support |
Index Patterns can now point to indices from remote clusters using cross cluster search feature |
|
5.4
Version-level references: Blog post
Product |
Feature |
Description |
References |
B |
Modules |
Modules for JMX (using Jolokia) to monitor Java applications, Linux auditd and system authentication logs |
blog post |
ML |
New! |
Machine Learning makes it easy to detect anomalies (spot infrastructure problems, cyber attacks, or business issues) by automatically modeling the normal behavior of time series data |
blog post, scoring, span, sizing |
K |
Time Series Visual Builder |
Time Series Visual Builder (TSVB) combines pipeline aggregations and a new UI for interacting with, and designing visualizations from, time series data |
getting started, other post, annotations, demo, video part1, video part2, video part3, blog post |
K |
Watcher UI |
Watcher UI allows you to do basic operations on watches |
|
5.3
Version-level references: Blog post
Product |
Feature |
Description |
References |
B |
Filebeat modules |
Introducing modules (filebeat config, ES template and K dashboards) for Apache2, MySQL, Nginx, and System |
blog post, video |
B |
Dynamic config reload |
Dynamic configuration reloading makes it possible to change any module configuration on the fly without restarting the Beat |
|
ES |
CCS |
Cross-cluster search, aka searching across multiple clusters, replacing the tribe node |
blog post |
5.2
Version-level references: Blog post
Product |
Feature |
Description |
References |
B |
Heartbeat |
Heartbeat periodically checks the status of services (availability and round-trip-time) |
blog post |
B |
Prometheus exporter |
Prometheus module that collects metrics from the Prometheus exporters |
|
K |
LS Monitoring UI |
New monitoring UI with nice graphs and historical data to track changes in your production Logstash instances |
blog post, video |
K |
Heatmaps |
Heatmaps are great to pick out an area of high or low volume in time series data |
blog post |
5.1
Version-level references: Blog post
Product |
Feature |
Description |
References |
B |
Docker module |
Periodically collect container metrics from cgroup |
blog post, metadata enrichment |
B |
Kafka module |
Connects to the local Kafka node and reads periodically details about the partitions |
blog post and kafka monitoring |
L |
Presistent queues |
Inbuilt persistent queues enable Logstash to persist events before processing them |
blog post, with parallel pipelines |
L |
Truncate |
Truncate is a new filter that allows you to truncate fields longer than a given byte-length |
|
ES |
Faster reindexing |
Reindex can now perform their tasks in parallel automatically |
|
K |
Tag cloud |
New visualization displaying tags (words) as a cloud |
|
K |
Advanced monitoring |
Advanced view in monitoring and more charts in index and node views |
|
K |
Search profiler |
Get detailed information about the parts of your queries that take time |
|
5.0
Version-level references: Blog post, Intro video, Feature tour, Kibana 5 video
"ELK" becomes "The Elastic Stack", see Webpage
Product |
Feature |
Description |
References |
B |
Metricbeat |
Metricbeat replaces Topbeat as the primary tool for collecting metrics |
|
B |
Kafka output |
Native Kafka output support in Beats |
|
L |
Monitoring |
New monitoring feature provides runtime visibility into the Logstash pipeline |
|
ES |
Ingest node |
Ingest Node is an Elasticsearch node type enabling some data enrichment capabilities at index time |
blog post, CSV ingest |
ES |
Painless scripting |
New scripting language for query, alert, reindex, or in an ingest node for a powerful way to manipulate documents |
blog post, video |
ES |
Keyword field |
Analyzed and not-analysed string fields have been replaced by dedicated text fields for full text search, and keyword fields for string identifier search, sorting, and aggregations |
|
ES |
Shrink API |
Shrink an existing index into a new index with fewer primary shards |
|
ES |
Rollover API |
Rolls an alias over to a new index when too large or too old |
blog post |
ES |
Java Low-level client |
A simple low-level Java HTTP/REST client |
|
ES |
Benchmarking |
We open sourced our Elasticsearch benchmarking tool Rally |
doc |
K |
Timelion |
New visualization tool with query DSL and interesting math functions and rendering capabilities |
getting started, blog post, another, video |
K |
Console |
Build free-form requests to Elasticsearch from Kibana (replacing Sense) |
|
K |
Security UI |
Management UI in Kibana for creating and managing both users and roles |
|
K |
Kibana monitoring |
Monitoring for Kibana as part of the monitoring (Marvel) UI |
|
K |
Scripted fields |
Create computed scripted fields in Kibana using Painless |
video |
Authors
-
Vincent Maury - Initial commit - blookot
Disclamer
This is an unofficial informative document. Vincent Maury or Elastic cannot be held responsible for erroneous information. Official information can be found on the only official Elastic website.
License
This project is licensed under the Apache 2.0 License - see the LICENSE.md file for details