Alongside the 5.0 release of the Elastic Stack, we are excited to introduce the world to X-Pack — a single extension that provides security, alerting, monitoring, reporting and graph capabilities across the Elastic Stack. X-Pack is the evolution of - and replacement for - the standalone plugins Shield, Watcher, Marvel, Reporting, and Graph. While we loved these individual plugins, we were running out of clever names and were beginning to struggle with an increasingly complex, 15+ step installation and configuration process.
As the name literally says, X-Pack is a “pack,” and it is the first of its kind. A pack is a simple, but important concept - it is a single zip that contains extensions for one or more products in the Elastic Stack. And thanks to our aligned version numbers and release train, it’s now easy to build and test extensions that bring UI components to Kibana, new APIs to Elasticsearch, and so much more. We hope you go forth and build interesting packs of your own, but before you do, there’s a lot more to know about X-Pack!
Installation & Configuration
We spent a lot of time thinking about ways we could make it easier to install and configure. The install process is now just two commands, and you are ready to get started with the full range of X-Pack functionality.
bin/elasticsearch-plugin install x-pack bin/kibana-plugin install x-pack
As part of the installation process, we automatically create two native users -
elastic, an admin account, and
kibana which is a service account used by the Kibana backend. These users are created with a default password of
changeme, which the Kibana backend will use by default. This means that there is absolutely no configuration necessary when you’re just getting started.
Of course, before you go into production, you will need to change the default passwords, and configure SSL, but even that is now easier and more consistent across the stack.
Creating and managing security in the Elastic Stack just got a whole lot easier. X-Pack builds on the capabilities introduced in Shield, which include authentication, role-based access control, encrypted communication, audit logging, and login and session support for Kibana.
Newly added with X-Pack 5.0 is a management UI in Kibana for creating and managing both users and roles:
X-Pack alerting features build on the capabilities of Watcher, as a highly-available alerting engine that runs inside Elasticsearch and is configured via APIs.
Creating an alert involves specifying 4 simple parameters - a schedule, query, condition, and one or more notification actions, such as email, Slack, HipChat, PagerDuty, or a webhook.
X-Pack 5.0 adds a number of new options, including the ability to specify a condition per-action, which makes it easier to send different types of notifications at different thresholds. For example, if application response times exceed SLAs for 1 minute, use a webhook to create a ticket for the ops team to look into tomorrow. If the response times exceed SLAs for 30 minutes, it’s time to page someone.
Fun fact - the API still uses the term Watcher, out of respect for the many use-cases beyond alerting that it enables.
X-Pack has a goal of providing monitoring capabilities for the entire Elastic Stack. With Marvel, we introduced the most effective monitoring tool for Elasticsearch, and X-Pack 5.0 expands this to include monitoring for Kibana:
X-Pack makes it easy to create and share PDFs of Kibana visualizations and dashboards. Combine reporting with alerting capabilities to send periodic screenshots of dashboards to users that don’t have direct access to Kibana, or attach supporting information to the notification emails triggered by X-Pack alerts.
X-Pack provides a new way to explore your data with the graph API and UI. Rather than summarizing, slicing, and dicing the properties of your documents, Graph lets you ask questions in terms of the entities (the machines, services, people, bands, etc) and how they are related to one another. In X-Pack 5.0, you can now save and share graph workspaces, and it’s even easier to drill down and see the raw documents that support a given relationship, or link directly to Kibana dashboards or 3rd party systems.
Now that you know what X-Pack is all about, go give it a try! X-Pack features are included in our subscriptions, but we are excited to make the X-Pack monitoring features available for free with a Basic license. Feel free to reach out to us via the contact button in the top-right, or start a discussion on discuss.elastic.co!