BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Elastic 8.6 Released with Improvements to Observability, Security, and Search

Elastic 8.6 Released with Improvements to Observability, Security, and Search

Bookmarks

Elastic has released Elastic 8.6 with improvements across the entire Elastic Search Platform including Elastic Enterprise Search, Elastic Observability, Elastic Security, and Kibana. The release includes additional connector clients, better observability of dependencies, improvements to alerts generated from prebuilt security rules, and temporary data views.

Elastic Enterprise Search is Elastic's tool for implementing search and discovery within ElasticSearch. This release sees new tools to implement and manage natural language processing (NLP) across search indices. Building upon the 8.5 release of ingestion pipelines that enable plugging in of defined inference pipelines, this release enables testing via the UI. This allows for testing the outcome without reindexing or syncing the searchable corpus.

Testing an inference pipeline in Elastic Enterprise Search

Testing an inference pipeline in Elastic Enterprise Search (credit: Elastic)

 

This release also, in technical preview, adds two new connector clients: network drives and Amazon S3. The clients support defining ingestion pipelines with PDF extraction support as well as work with the improved NLP tooling. The 8.6 release also improves the MongoDB connector that was added in 8.5 by adding support for sync rules.

Elastic Observability is Elastic's tool for using metrics, logs, and traces to identify issues and gain insights into systems. This release sees the addition of an application performance monitoring (APM) dependency operations view. With this view, all operations related to a dependency can be seen, including aggregate views for latency, throughput, failed transaction rate, and impact. There are also interactive latency graphs to help with isolating long-running operations.

APM dependency operations view

APM dependency operations view (credit: Elastic)

 

There is now support for analyzing EC2, GCP Compute, and Azure Compute latencies and performance via the new host observability. Filtering the hosts list via Elastic's Kibana Query Language (KQL) allows for autocomplete and search chaining. The feature supports the creation of host groups that enable organizing hosts by various properties, such as region or service. Elastic indicates they plan to augment host observability with security capabilities in a future release. This might include adding security posture scores for hosts that link out to the cloud security posture dashboard.

This release also adds an Opsgenie connector. This allows for alerts generated in Elastic to be sent over to Opsgenie. Alerts will be automatically closed in Opsgenie upon recovery in Elastic. Configuring the create alert action is supported through either a form view or a JSON editor.

Elastic Security provides SIEM, cloud security, and endpoint security tooling. This release improves upon the prebuilt detection rules by better correlating groups and sequences of previous attacks. This reduces multiple alerts into a single alert simplifying response. As well, prebuilt rules can now include interactive OS-query searches in their investigation guides. There is also a new machine learning-based data exfiltration use case that works to identify attempts to steal data.

Kibana now has temporary data views that allow for creating ad-hoc reports. The view can be saved and promoted into a sharable view. This release also sees the introduction of read-only versions of the Users and Roles management views for users with the read_security cluster privilege in Elasticsearch.

More details about the various features added in Elastic 8.6 can be found on the Elastic blog. All features are available within Elastic Cloud.

About the Author

Rate this Article

Adoption
Style

BT