We’re excited to announce the release of Elastic Stack version 7.7. As with most releases of the Elastic Stack, there were a number of updates in 7.7. But it’s not the new features we’re most proud of, it’s the team that made them happen. In normal times, launching such a feature-rich version would not be easy. Given the uncertain times we live in, this edition is all the more special. This is a test of our RE as a team, as a company, and highlights our relentless focus on continuing to deliver value to users and customers.
There are a lot of updates in 7.7 that you should be excited about. Workplace Search is now in its official form, providing a modern, unified Search experience for all your work. Elastic Stack also has a completely reimagined alarm framework that gives you a new alarm experience across Kibana. Elastic APM adds service maps to improve system visibility by providing a clear view of how services are interconnected. Elastic SIEM has launched embedded case management workflows, including integration with ServiceNow. And those are just a few of the highlights of this release.
Elastic Stack 7.7 is available in Elasticsearch Service on Elastic Cloud, the only managed Elasticsearch product that offers these new features. Alternatively, you can download Elastic Stack to manage yourself.
Without further ado, here are some highlights of this edition.
Re-imagined Elastic Stack alarm functionality
We believe that alerting is a cornerstone of the countless use cases that Elastic Stack has. Whether you need to track the health of your application, monitor response time SLAs, or find attackers, alarms are a key tool to help you detect problems and take action. We are excited to introduce our new alarm system to you in Kibana 7.7. This framework is a major step forward in our commitment to building a first-class alarm experience across Kibana. We outlined how to do this last year, but the idea is simple: no matter where the user is, every solution (that is, every application in Kibana) should be able to provide an alert workflow for the user’s context and use case. And every application should be able to use any predefined action or notification mechanism. So, with that goal in mind, we built the alarm system from scratch.
We can see the results of this effort everywhere in Kibana 7.7. In the Kibana Management application, we provide a complete alarm Management UI and a powerful collection of new alarm interfaces. However, most users will experience alarms through one of our solutions. The SIEM detection engine in Elastic SIEM now supports sending notifications using the alarm function when a rule-compliant event occurs. Elastic observability brings a tightly integrated alert experience directly into Metrics, APM, and Uptime applications. In Metrics, you can easily create alarms from the Metrics Explorer view to trigger alerts when infrastructure changes. In APM, you can set up rules to collect information such as changes in transaction duration or spikes in the error rate of any service. With Uptime, you can easily create alarms when the status of the monitored service changes.
Elastic Alarm (Indicators, APM, SIEM)
The new alarm framework also focuses on making alarms do more than just call attention to them. We provide a rich set of third party integrations (e.g., email, Slack, PagerDuty) so that you can take action on these alerts through existing incident and case management workflows. For a deeper look at the new alarms feature, be sure to check out our blog on alarms.
Slow down: Asynchronous search opens up new ways for you to better balance cost and latency
Elasticsearch has been optimized to search very fast. However, not all use cases need to implement fast searches all the time, and not all types and amounts of data require it. Elasticsearch has added several features over the years (such as hot architecture and frozen indexes) to give users the flexibility to balance the speed at which a search can be performed, the amount of data that can be searched at a time, and the cost of supporting hardware for these use cases. Building on this work, Elasticsearch 7.7 adds asynchronous search capabilities that allow you to “slow down” while still creating a great user experience when searching massive amounts of data or reducing costs with cheaper storage options.
With asynchronous search, you can run potentially lengthy queries in the background to track progress and retrieve some of the results provided. Kibana 7.7 will use asynchronous search in Dashboard and Discover. For example, if the dashboard query time is approaching Kibana’s timeout limit, the user will see a notification that allows them to ignore the timeout limit and continue running the dashboard until it finishes. In future releases, we will integrate asynchronous search more closely into the Kibana experience, allowing users to run Kibana queries in the background while doing other things in Kibana.
For details on asynchronous search and all the other new features, check out the Elasticsearch 7.7 blog post.
Elastic Enterprise Search
Workplace Search launches official version to allow businesses to enjoy a modern Search experience
We’re excited to announce the official release of Elastic Workplace Search, a product that allows organizations of all sizes and types to create a unified Search experience for their employees because they can find everything about their jobs from one Search bar.
More than ever, companies are working in increasingly distributed virtual environments. Organizational knowledge is spread across a large number of applications and collaboration tools: Microsoft 365, Google G Suite, Salesforce, Zendesk, Google Drive, OneDrive, Dropbox, GitHub, Jira, ServiceNow, SharePoint Online, Confluence, the list goes on and on. The goal of Elastic Workplace Search is simple: to help companies/organizations create a centralized way to effectively leverage this vast and unstructured knowledge.
Workplace Search provides super rich third-party integration with a strong focus on simplicity, which can be deployed in a much shorter time than the deployment time of older tools. Workplace Search is built on the powerful Elasticsearch to help you build a secure, personalized, and highly relevant Search experience for your team, no matter how big it is.
To learn more about this latest addition to the Elastic portfolio, check out the Workplace Search post. For an in-depth look at all the other new features of Enterprise Search, visit enterprise Search 7.7 Publishing blog.
Elastic observability
Service maps in Elastic APM let you see the big picture
Elastic APM 7.7 has added service maps that give you a graphical view of the dependencies between staked applications and the external services they call. Elastic APM uses transaction data to determine which services are talking to each other and automatically creates service maps based on this data. In today’s distributed architectures, which are often full of dynamic change, knowing graphically how the pieces are coordinating in real time is critical to understanding your system.
I’m not just giving you the details. The service map shows you the overall key performance indicators for each staked service, as well as a summary of any external services invoked, allowing you to easily switch between a global view and a fine-grained view.
Service maps allow you to easily extend distributed tracking. While distributed tracing can provide a waterfall view of individual invocations within all services for a particular transaction, a service map can provide a more global bird’s eye view of the impact of interactions between services.
Integrated! Integrated! Integrated!
The Elastic Observability team has been working on a mission to simplify piling by providing more and more out-of-the-box integration across all dimensions of the technology field. This mission was continued in 7.7 with the following new integrations: Prometheus, AWS (Lambda, Virtual Private Cloud, Amazon Aurora, DynamoDB), Google Cloud (Pub/Sub And load balancing), Azure (Database Accounts and Container Metrics), Pivotal Cloud Foundry, MQTT, Redis Enterprise, Istio, and IBM MQ. Oh yeah! That’s a long list.
In order to construct a system with good observability, pile insertion plays an important role. Proper staking ensures that when an event occurs, you have all the data you need to quickly identify the system component causing the failure and resolve the problem. Piling also allows you to create an early warning system to nip things in the bud. No matter what technology your company/organization uses, we want to make it super easy for you to collect logs, events, and metrics at all levels.
Read the Elastic Observability 7.7 blog post to delve deeper into all the new features.
Elastic safety
Embedded case management in Elastic SIEM streamlines incident response processes
Elastic Security 7.7 has introduced embedded case management to give your security operations team greater control over their detection and response workflow. Using the built-in case workflow, analysts can now open and update cases, tag and comment on cases, and close and consolidate cases through external systems. SOC (Security Operations Center) can add rich investigation guidelines based on SIEM detection rules to provide contextual resources (such as repair suggestions and reference information) for security analysts responsible for verifying and investigating potential threats.
Embedded case workflows provide SOC teams with relevant information to track detection times and generate dashboards; Average response time (MTTR) and other security health KPIs can be displayed on the dashboard.
Elastic SIEM adds native integration for ServiceNow ITSM
New case management capabilities added to Elastic SIEM can be directly integrated with ServiceNow ITSM, allowing analysts to forward information directly from Elastic SIEM to the ServiceNow platform, enabling work order tracking and repair processes across organizations. Native connect tools allow analysts to update cases, ensuring that they can always work based on the latest information.
Expand your visibility with more open source integration
Gathering actionable data from the entire environment is a critical step in ensuring organizational security. Elastic Security 7.7 adds data integration with Okta, Microsoft 365, Check Point, and other important technologies to make it easier to get visibility into your entire ecosystem.
Check out the Elastic Security 7.7 release for full details.
There is too little space to enumerate…
There’s a lot of functionality. Check out the product blog posts for details of all the new features we’ve added in version 7.7:
Elastic Stack
- Elasticsearch 7.7.0 hit the market
- Kibana 7.7.0 hit the market
The solution
- Elastic Enterprise Search 7.7.0 blockbuster release
- Elastic observability 7.7.0 blockbuster release
- Elastic Security 7.7.0 blockbuster release