Elastic has delivered Elastic Stack 7.3, which includes some very cool new features such as data frames, anomaly detection, elastic maps, and more. Check out all the highlights of the latest release below.
Elastic Stack 7.3 highlights
- Data frames: a new feature that allows users to pivot their Elasticsearch data on the fly to create live entity-centric indexes. It’s an exciting feature that opens the door to a new world of analysis, including new machine learning analysis — like outlier detection (which was added as an experimental feature in 7.3), clustering, classification, and more. For example, imagine you want to look for suspicious IP addresses in your web server logs. You might want to look at how many requests were made, the response codes, and the total data transferred for each IP address. Data frames allow you to create a new entity-centric index with a document per unique IP address that tracks each metric of interest — in this case, total requests, count per response status, and the sum of bytes transferred. The icing on top is that data frames support continuous processing, which means that this transformed entity-centric index is automatically updated as new documents are added to the input Index. These live pivots are just the first set of transformations enabled by data frames, and Elastic plans to introduce more in the future that extend the data frames concept to even more use cases.
- Anomaly Detection added to Elastic SIEM: Elastic is delivering on its promise to add more capabilities to the Elastic SIEM app, starting with anomaly detection. Elastic enhanced its threat detection and threat hunting workflows in Elastic SIEM by integrating its machine learning capabilities right into the SIEM app. Users can now easily enable and run a set of machine learning anomaly detection jobs designed to detect specific cyber attack behaviors, right from the SIEM app. The detected anomalies are conveniently displayed on the Hosts and Network views in the SIEM app.
- Elastic Maps is GA: Earlier this year, Elastic released a beta version of the Elastic Maps to address location or geotagged data that’s grown with the rise of sensor and telemetry tech, especially as all sorts of organizations are storing that data in Elasticsearch already. Elastic Maps is a more intuitive and interactive new way to visualize, explore and understand geospatial data. Users can layer data from different sources in a single map, for example, overlaying weather patterns and flight traffic in the same view to see the impact of weather conditions on flight paths in real-time. Or users can embed promotions and sales data on the same map to analyze the impact of promotion across retail locations. With the 7.3 release, Elastic Maps also adds several new features, the most exciting of which is the ability to upload features, shapes, and layers into maps from GeoJSON files. Other improvements include the ability to plot custom icons and visualizing last known location enhance the overall user experience.