The Release Bonanza returns! Today, we're thrilled to announce new versions of the entire Elastic Stack, and the first generally available version of Beats!
If you can't wait to get your hands on the new, shiny goodness…we understand. Get on with downloading the latest and greatest, or spin up a cluster on Found — the only hosted Elasticsearch service built and supported by the people building the software.
As an added bonus, we are also thrilled to announce that Beats, the platform for lightweight Elasticsearch data shippers, is now GA. Here's the full rundown:
Released Beats 1.0 GA
In May of this year, we welcomed Packetbeat, Monica & Tudor, to the Elastic team. If you have been following the product beta blog posts, you will know that Packetbeat has grown and there is now a Beats product team within Elastic.
Since Beats 1.0-beta1 in May 2015, we have enhanced Packetbeat with new protocol support for MongoDB, DNS, Memcache. We have also added two new kinds of data shippers. Topbeat is a lightweight shipper for resource utilization metrics, such as CPU, memory, and disk utilization. Filebeat is the evolution of Logstash Forwarder, that allows you to easily ship log file data to a central location. We have also substantially improved our automated testing infrastructure for Beats and shored up Windows support across the platform.
Lightweight data shippers for Elasticsearch give you the opportunity to change the way you ingest data into the Elastic Stack. Ingesting data at the edge, enriching with Logstash, searching and analyzing with Elasticsearch, and visualizing with Kibana is an experience that has resonated with the community. To date, several new Beats and Packetbeat protocols have either been authored and released by the community or are in the works.
Released Elasticsearch 2.1
Now with new aggregations and important performance and resiliency improvements:
- The geo_centroid metric agg returns the weighted center of all geo-points within a geohash cell, resulting in natural looking heatmaps instead of just a grid.
- Calculate percentiles or extended stats on the results of other aggregations with the percentiles_bucket and extended_stats pipeline aggregations.
- A safeguard to prevent users requesting too many hits in a single request.
- Important improvements to shard allocation when restarting nodes.
Read more about Elasticsearch 2.1.0.
Released Kibana 4.3
Featuring several important customizability and performance improvements:
- Editable filters (#5109). Direct editing of filters via a JSON editor allows you to not only modify values of existing filters, but also to apply arbitrarily complex filters, such as those combining predicates using OR, AND, and NOT. This is an important feature for Kibana 3 users looking to migrate to Kibana 4.
- Global time zone support (#1600). Setting the time zone at the Kibana server level means that all users looking at Kibana data can now see it rendered in the same time, regardless of their local browser settings. This option greatly simplifies collaboration for globally-distributed teams looking at time-series data.
- Color field formatters (#1726). Ever looked at a table with values wondering which of the cells are the outliers? With color field formatters you can now set rules for coloring cells based on thresholds and other conditions, so your eye can more easily spot anomalies.
- Improve performance of wildcard indices (#4342). Previously, querying wildcard-based index patterns over long time intervals was inefficient, because there was no way to determine which indices in the pattern include records between dates X and Y, so every index had to be queried. With addition of the Field Stats API in Elasticsearch, there is now a way to make such a preflight query, and Kibana 4.3 uses this approach to optimize queries regardless of index naming strategy. Since using event times in Elasticsearch index names to create Kibana index patterns no longer results in performance gains, this option is now deprecated and support for it will be removed in the next major release.
Released Logstash 2.1
Logstash 2.1 features many manageability and plugin improvements:
- Filebeat to replace Logstash Forwarder with a new respective Beats input and many improvements (link)
- Better support for offline plugin installation in air-gapped environments plus an "all plugins" download artifact (link)
- Properly handle multiline events across different sources when using the multiline codec. This can be used with file and beats inputs. (link)
- Add flag `--allow-unsafe-shutdown` to force Logstash to terminate when there is a stall during the shutdown sequence. (link)
- Many Twitter input plugin enhancements such as new filtering options and firehose sampling (link)
- Eventlog input plugin is now able to collect Windows event logs robustly (link)
Read more about Logstash 2.1.
Monitoring, Security, and Alerting
Released Marvel 2.1, fixes minor bugs, and makes it even easier to analyze historic data. When looking at historic data, Marvel charts, stats and details now show nodes and indexes that are not currently in the cluster.
Released Watcher 2.1, adding support for chained inputs.
It has always been easy to build watches that load their input from a single source, whether it is searching Elasticsearch, issuing an HTTP request or simply inline data within the watch itself. This release introduces the new chain input type that enables loading the input from multiple sources. In many use cases this enhances and simplifies the work with Watcher. For example, it is now possible to execute multiple search requests and compare numeric values returned by the different results as part of the condition logic... all done in a single watch.
Finally, while we say this often, it's genuine: We couldn't do this without users and contributors like you. It's your feedback, wild use cases, and wonky ideas that continue to drive us to help you do great things with data. There's more goodness coming your way.
So, go ahead, and dive in.