What’s new in 7.14edit

Here are the highlights of what’s new and improved in Elasticsearch 7.14!

For detailed information about this release, see the Release notes and Migration guide.

Other versions: 7.13 | 7.12 | 7.11 | 7.10 | 7.9 | 7.8 | 7.7 | 7.6 | 7.5 | 7.4 | 7.3 | 7.2 | 7.1 | 7.0

Cross-cluster EQL searchedit

In 7.14, we added cross-cluster search support to EQL. Cross-cluster search lets you run an EQL search across one or more remote clusters. See Run an EQL search across clusters.

Async SQL searchedit

We’ve added support for async searches to Elasticsearch SQL. Searches across large data sets or frozen data can take longer to return synchronous results. Async SQL search lets you run these searches in the background instead. See Run an async SQL search.

Transforms: support for top metricsedit

Transforms are now able to support the top metrics aggregation. This improves performance when grouping by many fields. If these fields are descriptive and have the same cardinality (for example, customer first and last name describe their customer_id), then using top metrics significantly reduces the work needed to be done by aggregations. It is also a usability improvement if configuring top or last value, which previously would have required a scripted metric.

Anomaly detection: reset job APIedit

The reset job API makes it easier to start anomaly detection jobs again from scratch, to put a job back to the state it was in immediately after creation – equivalent to deleting it and recreating it, but without the need to remember the configuration. It also simplifies support, as users will be able to reset their job by a single click.

New match_only_text field typeedit

match_only_text is a new space-optimized variant of text that disables scoring and performs slower on queries that need positions. It is best suited for indexing log messages.

More memory-efficient composite aggregationsedit

Composite aggregations on keyword fields no longer use global ordinals, which for high cardinality fields could use a lot of heap memory as part of the field data cache.

New migrate to data tiers routing APIedit

7.14 introduces the migrate to data tiers routing API. You can use the API to switch indices and ILM policies that use attribute-based allocation filters to data tiers using node roles. This lets ILM automatically move data stream indices between tiers during phase transitions. Data tiers also give you access to additional ILM features, such as partially mounted indices and the frozen tier.

New terms enum APIedit

The new terms enum API lets you discover index terms that match a partial string. You can use the API for search auto-completion.

Automatic database updates for the GeoIP processoredit

The GeoIP processor uses Maxmind GeoLite2 databases to provide data about the geographical location of IP addresses. This data changes frequently as IP addresses get reused. In 7.14, we introduced a service that automatically updates these databases so their information is as accurate as possible. The service is enabled by default, but its operation can be adjusted. See GeoIP processor