Elastic Stack version 7.3 is now available. The Elastic Stack is made up of Elasticsearch, Kibana, Beats and Logstash. The latest release introduces a new data frames feature, anomaly detection, and the general availability of Elastic Maps.
Data frames will enable Elasticsearch users to take their data analysis to the next level with machine learning analysis, ability to create live entity-centric indexes and outlier detection, the team explained.
“As with most powerful concepts, this feature is best described with an example. Imagine you want to look for suspicious IP addresses in your web server logs. You might want to look at how many requests were made, the response codes, and the total data transferred for each IP address. Data frames allows you to create a new entity-centric index with a document per unique IP address that tracks each metric of interest — in this case, total requests, count per response status, and sum of bytes transferred,” Steve Kearns, VP of product management at Elastic, wrote in a post.
Elastic SIEM, which was introduced in version 7.2, was updated to include anomaly detection to advance its threat detection and threat hunting workflows. “Users can now easily enable and run a set of machine learning anomaly detection jobs designed to detect specific cyber attack behaviors, right from the SIEM app. The detected anomalies are conveniently displayed on the Hosts and Network views in the SIEM app,” Kearns wrote.
Elastic Maps was released as a beta feature in version 6.7. In version 7.3, the solution is now generally available and designed to provide an intuitive and interactive way to explore and understand geospatial data in Kibana, the team explained. Features include the ability to update features, shapes and layers into the map, and ability to plot custom icons.
Other features of this release include voting-only master nodes, support for Kerberos in Kibana, support for new data sources in Beats, Logstash now includes JMS support by default and Elastic Uptime has improved its look and full of multi-location monitors.