How Elastic Stack 7.2.0 will influence your DevOps, Monitoring, Analytics, and Security

In our April 2019 blog, What’s new from Elastic for DevOps and Big Data, Timmanna discussed some of the highlights of the release such as Elasticsearch JS client (RC1); Infrastructure 7.0; and Elasticsearch for Apache Hadoop 7.0.0, Logstash 7.0.0, & Kibana 7.0.0. This time, I will be talking about the Elastic Stack 7.2.0 release that has some amazing upgrades.

Observability is at the core of Elastic Stack 7.2.0 and you will be able to obtain insights into systems, services, and application health details. Observability has been achieved using .NET in APM, Kubernetes monitoring, and Metrics Explorer. This release is focused on automating all operational & cluster management tasks while simultaneously simplifying the Elastic on K8s experience of users.

It comes with extended support for .NET applications and brings the benefits of multi-page applications to single-page applications. It is now developed to collect agent-specific metrics through detection of the programming language used. Additionally, it comes with Metrics Explorer that is now embedded in the Elastic Infrastructure app.

Elastic has launched the Security Information and Event Management (SIEM) solution with this release. Through SIEM, Elastic aims toward the betterment of network and host-based data collection. It has a built-in User Interface (UI) that simplifies the visualization of data and identification of issues that may emerge. This UI is capable of handling host & network security analysis along with timeline event analysis.

And there’s more exciting news… Elastic App Search On-prem which used to be a hosted service is now Generally Available. Yes, you heard it right! So those of you who wish to run it in your data centers or laptops and desktops, Elastic has granted your wish. All you have to do is download and start using it.

Elastic has rolled out five important releases, Elasticsearch 7.2.0, Kibana 7.2.0, Elastic Uptime Monitoring 7.2.0, Beats 7.2.0, and Logstash 7.2.0. Now let’s have a look at these releases one by one.

Elasticsearch 7.2.0

Let us start with Elastic’s favorite release, Elasticsearch. It is very uncommon for Elastic to not release any updates for Elasticsearch and the 7.2.0 release is no exception. This release has key updates to take care of your search requirements.

When it comes to ranking considerations, you can achieve them using the distance feature query. This query is optimized to work with geo & time fields. The search_as_you_go approach is an important aspect of suggestions provided while a user is typing queries and 7.2.0 is well-equipped to leverage typeahead search and achieve better performance. It also comes with improved resiliency and an array of improvements for Elasticsearch SQL, data frames, HTML Strip Processor, and OpenID Connect Realm.

Talking about resiliency, replication of closed indices is now possible for frozen indices. Empowerment of Snapshot Repositories with incremental snapshot mechanism further improves resiliency. The Snapshot Repositories app in Kibana supports both on-prem and cloud environments. Using this app, you can browse repositories and snapshots that you have created. Elastic is looking forward to add more features to it in their next release.

Improvements in geographic queries through SQL statements, medium absolute deviation, and if-else statements are some of the new additions to Elasticsearch SQL. Dataframe plugins are now added so that you can transform indexed data with ease. Similarly, improvements in the HTML strip processor makes the source field more readable and improvements in OpenID Connect Realm comes with new customizations to improve the stack.

Logstash 7.2.0

Now, let us talk about Logstash 7.2.0 that has a bagful of pleasant surprises for Java Developers. Logstash 7.2.0 has extended “support for Java plugins” which is now Generally Available. This will enable developers to write plugins using Java without worrying about Ruby dependencies.

Java plugins run effortlessly for Java execution engines as well as alongside Ruby plugins. The Logstash JMS input plugin supports data consumption from JMS queues into Elastic Stack. The bring-your-own-driver model opens doors to a broad spectrum of technologies that comply with JMS standards.

There’s more good news! Logstash is now integrated with …read more