OpenSearch 2.7.0 is ready to download ! The latest version of OpenSearch delivers a range of new capabilities for search, analytics, observability and security applications, as well as significant enhancements to management and usability. This release also marks the official release of several major features that were previously released as experimental—we hope you're as eager as we are to get segment replication, searchable snapshots, and more into production! See the release notes for a full record of improvements , and you can explore OpenSearch's visualization tools on the Playground .
Improve efficiency at scale with searchable snapshots
Searchable snapshots, introduced experimentally in OpenSearch 2.4.0, allow you to search indexes stored as snapshots in remote repositories in real time without downloading the entire set of index data to cluster storage in advance. Now, searchable snapshots are production ready, with many performance, stability, and management enhancements ( shown here ) that help you take advantage of remote storage options while saving time and storage capacity. With this release, Phase 2 of the Project Storage roadmap is now officially released.
Enhance performance with segmented replication
With the general release of segmented replication, users can choose another strategy for replicating their data, potentially improving performance for high-ingestion workloads. Segment replication copies Lucene segment files from the primary shard to its replicas. Lucene's write-once segment architecture means that only new segment files need to be copied, providing higher indexing throughput and lower resource utilization at the expense of increased network utilization and refresh times. You can now choose between segment replication and document replication; whenever a document is added, removed, or updated in the index, document replication performs the same indexing operation in parallel on the primary shard and each replica. Segment replication was released as experimental in OpenSearch 2.3.0, and received many contributions as it approached its official release, as shown by the project here.
Visualize and explore data from multiple sources
Also ready for production is support for multiple data sources in OpenSearch dashboards . Now you can dynamically manage data sources across multiple OpenSearch clusters, create index patterns based on those sources, run queries against specific data sources, and combine visualizations into a single dashboard. Introduced as an experimental feature in OpenSearch 2.4.0, this feature gained functionality in preparation for version 2.7.0, including integration with the developer tools console and several usability enhancements, as described in this issue .
Reduced overhead for flat objects with a large number of fields
Complex JSON objects often contain a large number of subfields. As the index grows, the overhead required to map each field can consume too much storage and memory, which can lead to a "map explosion" that affects the performance and resiliency of the cluster. With the new flat object field type, you can choose to store complex JSON objects in the index without having to index all fields individually. By defining a flat object, you can choose to store the object and all objects within it, avoiding the need to index subfields individually, while making those subfields accessible as keys using dot notation in the DSL and SQL. This means you can tune the mapping of indexes to data and better manage and utilize resources.
Using Observability Features in the OpenSearch Dashboard
With 2.7.0, OpenSearch continues the trend of integrating observability functionality as a core functionality in the OpenSearch dashboard. You can now easily access observability features from the main menu, create and select observability dashboards from Dashboards, and add event analytics visualizations (PPL) to new or existing dashboards in OpenSearch Dashboards . Simply create a new dashboard from OpenSearch Dashboards, view observability dashboards as an option, or add your favorite event analytics PPL visualizations to existing dashboards. See the documentation for details on this feature .
Query geospatial data using shape-based filters
This release brings another round of enhancements to the geospatial tools in the OpenSearch Dashboard, with the ability to filter geospatial data based on geospatial field types . In earlier releases, users could filter documents by non-geospatial field types in document layers. You can now filter data by drawing rectangles or polygons over selected areas on the map. This applies filters to geospatial data to identify spatial relationships; you can use this function to return whose geographic coordinates (geo_point) or geographic shape (geo_shape) intersect, contain, lie within, or are not in the query geometry Documentation found in Geometry.
View the OpenSearch map in your local language
In 2.7.0, OpenSearch will now automatically render maps with labels and content in the language of the configured OpenSearch instance. In earlier versions, maps were rendered using the language provided by the source library. You can now choose to display the map in a supported language of your choice. On startup, the selected language will be defined by the OpenSearch Dashboard YAML configuration file; keep an eye out for an optional dropdown in future releases.
Simplify administration with component templates
OpenSearch 2.7.0 simplifies the management of multiple index templates by adding component templates directly into the index management UI of the OpenSearch dashboard . In the past, users had difficulty managing multiple index templates due to duplication, resulting in a larger cluster state. Also, making changes to multiple templates requires a manual update of each template. Component templates further enhance the index management UI introduced in 2.5.0 , allowing you to overcome these challenges by abstracting common settings, mappings, and aliases into reusable building blocks.
Dynamically configure leases in the OpenSearch Dashboard
Another time-saving upgrade for OpenSearch administrators is the availability of dynamic tenant management . The OpenSearch Dashboard uses tenants as spaces to hold and share index patterns, visualizations, dashboards, and other objects, with administrative control over which users can access tenants and the level of access provided. In earlier versions, the dashboard supported tenant creation and mapping, while tenant configuration was done in YAML files, requiring changes within each data node to maintain consistency across nodes, and a restart of the dashboard was required to take effect. With this release, administrators can view, configure, and enable or disable tenants in the dashboard and implement those changes without rebooting.
Maintain performance through hot shard recognition
This release brings hot shard recognition to the collection of tools available in OpenSearch's Performance Analyzer plugin . Hot shards consume more compute, memory, or network resources than other shards in the index; if left unaddressed, they can lead to lower query throughput and increased index latency, potentially affecting cluster availability. You can now use Performance Analyzer's root cause analysis agent to identify hot shards in your cluster so they can be mitigated to improve cluster performance.
Analyze security events with built-in correlation tools
Log data containing security events can span multiple indexes and data streams, and visualizing the relationships between connected events can provide valuable insights for security analysts. Included in this release as an experimental feature, the Correlation Engine allows you to define correlations in security event data, enabling high-fidelity results across disparate log sources such as DNS, Netflow, and Active Directory, to name a few . This knowledge graph can be used to identify, store, and recall connected event data across multiple indexes and data streams to help you identify patterns and investigate relationships between different systems in your monitored infrastructure. As always, experimental features are only recommended to be used outside of production environments.
Improve the usability of ML models
Experimental machine learning (ML) frameworks receive updates in this release, including a new auto-reload mechanism for ML models . You can now set up your search cluster to automatically reload deployed models when the cluster restarts after a shutdown or when a node rejoins the cluster, minimizing recovery time and bringing ML models back into production faster.
Explore Open Search 2.7.0
The latest version of OpenSearch is available for download . You can learn more about these features and more in the Release Notes, Documentation Release Notes , and Documentation , and the OpenSearch Playground is a great place to explore the tools before downloading them. Find upcoming blog posts that provide a deeper look at the new features included in OpenSearch 2.7.0.