Elastic Stack collection is a series of open source products, including Elasticsearch, Kibana, Logstash Beats and so on, can safely and reliably get from any source, in any format of data, and can be real time data search, analysis and visualization.
7.3.0 version has been released, the specific update as follows:
Materialized view? Entity-index center? Introduction of the data frame
With this new feature, you can dynamically perspective Elasticsearch data, create entity-centric activity index, which opened the door to a new analysis of the world, including the new machine learning analysis, such as outlier detection, clustering and classification.
Function by means of a data frame, can create a new entity-centric index for each IP address has a unique document index for each track of interest - in this case, with the total number of requests, each response state and counting the number of bytes transferred. Most importantly, the data frame to support continuous processing, which means that when a new document is added to the input index, which converted to entity-centric index will update automatically.
Elastic SIEM increased anomaly detection - because the only rule is not enough
Users can now easily enable and run applications from SIEM a set of machine learning anomaly detection operation to detect specific dedicated network attacks. Detected anomaly can be easily displayed and managed on a network view SIEM applications.
Users do not want to use pre-configured job using Machine Learning can easily add custom application anomaly detection operations.
Through this integration, now we use machine learning to help detect attacks easier than ever.
Elastic map has been officially released
Location has been a very important part of the search, whether it is investigating the attack source on your network, diagnose a specific area within the application response time reasons slow, real-time tracking delivery trucks, or just want to find the best food of Mexico near the volume cake, are inseparable from the location search.
此外,Elastic 地图还添加了几项新功能,其中最令人兴奋的是能够将特性、形状和图层从 GeoJSON 文件上传到地图中。其他诸如在绘制自定义图标和可视化过去已知位置方面的功能改进,增强了整体的用户体验。有关完整详情,请阅读 Elastic 地图博文
还有非常多的功能:
- Elasticsearch 引入了只支持选举的主节点,添加了期待已久的稀有词汇聚合、新的快照/恢复管理 UI、动态更新的同义词及其他更多内容
- Kibana 提供了对 Kerberos、自动完成和 KQL 的支持来过滤聚合,并提供了画布工作板模板,可以更轻松地构建漂亮的显示内容
- Beats 增加了对一系列新数据源的支持(包括 Oracle 和 Amazon RDS 这样的关系数据库、针对 Kubernetes kube-proxy、kube-scheduler 以及 kube-controller-manager 的指标)、对 GCP VPC 流日志的网络流支持,并改进了对 Amazon Kinesis Data Streams 和带有 Functionbeat 的 Amazon Cloudwatch 的支持。
- Logstash 现在默认包含 JMS 支持
- Elastic APM .NET Agent 现已正式发布。此外,Elastic APM 添加了一种新的方法来查看带有聚合服务分解图的服务、来自 Kibana 的代理采样率配置,以及更多内容
- Elastic Uptime 改进了多位置监测器在监测摘要和详情方面的界面外观
- Elastic Logs 添加了关键字高亮显示,以及基于
trace.id跳转到 APM 痕迹的功能 - Elastic Infrastructure Application Metrics Explorer can now be used in the production system, you can quickly perform polymerization visual timing indicators. In addition, Elastic Infrastructure also improved the monitoring of other core Kubernetes services, and add the RDS indicator set in the AWS module
download link:
https://www.elastic.co/cn/start
For details, see the release notes: