Elastic Introduces New Capabilities to Help Customers Derive Value From All Their Data - Efficiently and At Scale

Announcing the general availability of schema on read, a technical preview of the frozen data tier powered by searchable snapshots, and support for autoscaling
  • Providing unmatched flexibility and speed for customers to get the maximum value out of their data with schema on read
  • Unlocking new value by making object stores fully searchable with the new frozen data tier
  • Adding support for autoscaling on Elastic Cloud to help customers automatically scale deployments as their resource needs grow
23 March 2021

Contact information

Elastic Public Relations

MOUNTAIN VIEW, Calif. - 23 March 2021 -

Elastic (NYSE: ESTC) (“Elastic”), the company behind Elasticsearch and the Elastic Stack, today announced new capabilities and updates across its Elastic Enterprise Search, Observability, and Security solutions, which are built into the Elastic Stack — Elasticsearch and Kibana.

New features empower customers to reduce the time to extract value from their data with schema on read, unlock new value by enabling cost-effective, nearly unlimited storage and search on object stores with a new frozen data tier, and automatically scale deployments on Elastic Cloud.

Elastic Enterprise Search users benefit from a number of architectural enhancements that deliver reduced deployment size, faster indexing, and more relevant results. Elastic Observability now includes correlations to help users to identify top drivers of application performance issues and errors, and Elastic Security introduces analyst-driven correlation to streamline SecOps workflows.

Key updates across the Elastic Stack, Elastic Cloud, and solutions include:

Elastic Stack and Elastic Cloud 7.12

New in Elasticsearch, Kibana and Elastic Cloud 7.12, users can quickly onboard and flexibly explore their data with the general availability of schema on read. Now, users no longer have to choose between the speed and scale of schema on write or the flexibility of schema on read — they can use both at the same time, on the same Elastic Stack. 

Adding to the innovations announced with the general availability of searchable snapshots in Elastic 7.11, the new frozen data tier, now in technical preview, offers the best search experience while unlocking nearly unlimited data lookback with the lowest total cost of ownership. The frozen data tier enables customers to decouple compute from storage, adding the capability to search directly on low-cost object stores such as Amazon S3, Google Cloud Storage, and Microsoft Azure Storage. Customers can search large volumes of data stored on low cost storage with a tradeoff in performance while reducing the ratio of dedicated resources needed for search. In the near future, Elastic will also be offering an enhanced user experience for configuring the frozen data tier in Elastic Cloud.

Additionally, now in 7.12, users can stay in the flow of analyzing data while long-running queries complete on their own with a new “save search to background” feature. Searching across huge amounts of data in pursuit of the proverbial needle in a haystack is core to what Elastic technology helps people do. Long-running search sessions in Discover or on a Kibana dashboard can be set to run in the background and the new search session management interface allows users to check progress on results on demand. 

Elastic is also adding enhanced support for autoscaling to help customers monitor storage utilization and machine learning capacity, adjust resources, and maintain performance automatically. As one of the most requested features by the Elastic community, autoscaling provides a safety net for customers to run their critical business applications while maintaining node performance and preventing unexpected costs.

Customers can now also take advantage of improved flexibility and price/performance with support for new instance types on Elastic Cloud. Elastic has added Ls-Series instances in the Microsoft Azure UK South (London) and Japan East (Tokyo) regions, and D3 instances in the AWS EU (Ireland), US East (N. Virginia), US East (Ohio), and US West (Oregon) regions. These instances offer performance value at significant cost savings.

Elastic Enterprise Search

New in Elastic Enterprise Search 7.12, customers benefit from a reimagined underlying data architecture that drives more value by reducing deployment size, speeding up indexing, and delivering more relevant results. The new architecture optimizes the underlying index management to eliminate data duplication and employs a new mapping configuration that improves search precision while maintaining the typo-tolerance that modern search experiences require. Customers may experience up to 70% improvement in storage efficiency, up to 40% reduction in indexing latency, and significant improvements to relevance across App Search and Workplace Search.

Elastic Observability

In Elastic Observability 7.12, users can now uncover meaningful patterns in slow application transactions and speed up root cause analysis with a new correlation capability in Elastic APM. Elastic APM introduces a new capability that analyzes application transactions with high latencies and errors and automatically surfaces factors like service version and infrastructure metadata that are highly correlated with those underperforming transactions. With this capability, users can instantly zoom in on the root cause of poor performance during reactive troubleshooting workflows, reducing their mean time to resolution. This capability also drives proactive workflow, helping application owners identify areas of improvement and continually improve the end-user experience.

Elastic Security

Analyst-driven correlation, new in Elastic Security 7.12, is a critical tool for practitioners who need to turn data into information and insight. Security analysts can accelerate threat hunting and investigation to surface meaningful data at the speed of Elasticsearch. The result is more targeted threat hunting and investigation with higher-fidelity detections derived from the findings that analysts uncover during those investigations.

Analyst-driven correlation is driven by Event Query Language (EQL), the technology behind advanced correlation in the Elastic Security detection engine. While slow response times have traditionally hampered attempts to boost threat hunting and investigation with correlation, the ability to now apply correlations across historical data allows analysts to glean key insights from the most patient and sophisticated of adversaries in minutes. Security teams benefit from multiple detection and investigative methods that cover a broad range of security use cases. Combining EQL-based correlations with machine learning-based detections, indicator match type detection rules, and third-party context at cloud scale enables a more comprehensive security strategy.

Elastic Security has now also added a new layer of ransomware prevention with behavioral analysis in the Elastic Agent. Complementing the signatureless anti-malware first introduced in Elastic Security 7.9, behavioral ransomware prevention on the Elastic Agent detects and stops ransomware attacks on Windows systems by analyzing data from low-level system processes, and is effective across an array of widespread ransomware families — including those targeting the system’s master boot record.

Supporting Quotes:

  • “As the scope of observability use cases continues evolving, it's challenging to capture exactly how all users intend on interacting with data upfront,” said Wes Connell, Security Engineering Lead, Uber. “The flexibility of runtime fields provides our users with an enabling solution that's as dynamic as their data-driven questions.”
  • "Schema on read allows us to ask bigger questions of large security datasets asynchronously so we can find more bad guys.," said Robert Cooper, VP of Security, Anitian. "With schema on read and runtime fields, we're able to more quickly respond to changing data from third-party security tools without going through the hassle of reindexing our existing data," added Ian Godfrey, Senior DevOps Engineer, Anitian.
  • "Elastic is all about search-driven data exploration to allow you to gain insights from all your data. Be it threat hunting in Elastic Security, or advanced correlations to diagnose application performance issues in Elastic Observability, Elastic enables users to break through data silos and search, observe, and secure all their data and applications,” said Ash Kulkarni, Chief Product Officer, Elastic. "With 7.12, we are bringing greater flexibility and lower total cost of ownership to this search-powered process."

About Elastic

Elastic is a search company built on a free and open heritage. Anyone can use Elastic products and solutions to get started quickly and frictionlessly. Elastic offers three solutions for enterprise search, observability, and security, built on one technology stack that can be deployed anywhere. From finding documents to monitoring infrastructure to hunting for threats, Elastic makes data usable in real time and at scale. Thousands of organizations worldwide, including Cisco, eBay, Goldman Sachs, Microsoft, The Mayo Clinic, NASA, The New York Times, Wikipedia, and Verizon, use Elastic to power mission-critical systems. Founded in 2012, Elastic is a distributed company with Elasticians around the globe and is publicly traded on the NYSE under the symbol ESTC. Learn more at


The release and timing of any features or functionality described in this document remain at Elastic’s sole discretion. Any features or functionality not currently available may not be delivered on time or at all.

Elastic and associated marks are trademarks or registered trademarks of Elastic N.V. and its subsidiaries. All other company and product names may be trademarks of their respective owners.