Product release

Kibana 7.7.0 released

Today we are pleased to announce the availability of Kibana 7.7. With this release, we’re delivering the first milestone on our journey towards a more robust and integrated alerting framework as well an exciting new ability to add existing visualizations created in Kibana Lens, Visualize, or TSVB to a Canvas workpad.  Elastic Maps in 7.7 is adding the ability to automatically switch from aggregated data points to individual data points when zooming in, and machine learning is now integrated into every Elastic Observability application (APM, Logs, Uptime, and Metrics).

Want to get your hands on Kibana 7.7 so you can try every new feature you read about in this release update? Kick off a free trial of Elasticsearch and Kibana on Elastic Cloud — the only hosted Elasticsearch offering to include these new capabilities — or simply fire it up on your laptop by downloading the latest versions of Kibana and the Elastic Stack.

For a full list of bug fixes and other changes, don’t miss the Kibana 7.7 release notes.

New alerting framework for Elastic Observability, Elastic Security, and the Elastic Stack

In 2019 we wrote about our belief that alerting is fundamental to Elastic’s use cases and how we have been laying the foundation for a new alerting framework in Kibana.  Our north star in this work has been three forward-looking observations: alerting needs to be everywhere, making sense of alerts is critical, and the end-goal of alerting should be to detect and take action.

With Kibana 7.7 we are delivering a major step forward on this vision with the release of our new alerting framework for alerting we outlined last year with the release of a new alerting framework.

  • Alerting everywhere: In Kibana 7.7 users can now create alerts from within the SIEM, APM, Metrics, and Uptime applications. This integrated experience gives you the power to address your alerting needs in the context of your unique use case.
  • Making sense of alerts: In addition to the application-specific options for creating alerts, Kibana 7.7 provides a single master view for viewing, searching, and managing all alerts from the Management tab. In addition, the new alerting framework supports actions that include writing alerts into an index. In this way, alerts themselves can become a monitorable signal for spotting patterns and triggering escalations.
  • Detection and action: The new alerting framework also focuses on enabling alerts to do more than simply get a human’s attention. With Kibana 7.7 our goal is to make integrating with the systems that matter to you a simple and easy process, which is why you’ll see built-in integrations with third-party solutions like Slack and PagerDuty as well as webhooks for customizing additional integrations.  

We are excited about this milestone in our vision for a reimagined alerting system within the Elastic Stack. For more details about the new alerting framework be sure to check our alerting blog, where we go in-depth on the new capabilities. To learn more about the new partner integrations for alerting be sure to visit our partner pages for PagerDuty and ServiceNow.

Uploading data into the Elastic Stack? Your life just got simpler.

In 7.7 we have added a great new feature that has significant benefits if you are uploading a lot of the same types of files via the uploader. The file upload UI now has the ability to recommend a Filebeat config file that can be used to add more data of the same structure to the same index that was created during an initial upload. If you have ever had a folder full of log outputs or a location storing the automated dump of audit results and wanted to combine all of those separate files into a single index inside of Elasticsearch to mine for insight, this new capability streamlines that process dramatically. Enjoy using this feature to save time and reduce the risk of accidentally mismapping a field.

screenshot-machine-learning-file-upload-config-cropped.png

Add Kibana Lens visuals and more to Canvas

From the moment we offered the first sneak peek of Canvas at Elastic{ON} 2017, people have been enthralled with the idea of being able to take live data from Elasticsearch and use it to power beautiful pixel-perfect reports. Customized background colors, images, shapes — data analysts and designers alike have embraced all the various ways they can craft reports in Canvas. This ability to apply visual creativity alongside data design has produced stunning examples of how companies have evolved past standard dashboards to create branded, visually engaging content - backed by live data.

With Kibana 7.7, you can now combine the power of Canvas with your existing visualizations created in Kibana Lens, Visualize, or TSVB. Branding your dashboard in Canvas for presentation to the executive team, your partners, or even the world has never been simpler. 

Kibana Lens

Kibana 7.7 brings some great new updates for Kibana Lens, including the ability to interact with other charts with a simple click as well as more flexible number formatting. 

Chart interactivity on click

Kibana Lens has been a huge hit with our community since we released it 7.5 due to its easy and intuitive drag-and-drop experience for visually slicing and dicing data. People use it every day to rapidly explore data in Elasticsearch and create informative dashboards or Canvas workpads that help drive insight in their organizations. 

To make dashboards using Lens visuals even more helpfully interactive we’re delighted to add with Kibana 7.7 the ability to select a part of a Lens visual and have that action trigger filtering activity to other Lens visuals on the same dashboard. This allows the people using your visual analyses to quickly dig even deeper into your dashboards and find the answers they’re after.

Number formatting

Kibana 7.7 also introduces the ability within Lens to format numbers as percentages or bytes and to customize decimal point placement, giving you the power to more accurately display the data you are analyzing. Simply click on your numeric field where it sits in the layer panel inside of Kibana Lens and alongside the options to change its aggregation you’ll find a new dropdown that lets you specify ‘Default,’ ‘Number,’ ‘Percent,’ and ‘Bytes.' Each option will update things like the numeric comma separator, decimal place, trailing zeros, as well as a following symbol (in the case of percent) or abbreviation (in the case of bytes) where appropriate.

Elastic Maps

Show individual points on zoom

Working with large amounts of coordinate data when it comes to mapping can be a challenge. On one hand you want to accurately display the total number of data points represented in an index for the area you are zoomed into. On the other hand, keeping that accuracy as you zoom out can quickly lead to visual confusion as the increasing number of data points being shown can overwhelm your view. 

With Kibana 7.7 we’re thrilled to roll out a new way of addressing this challenge with a default setting that clusters points together on a map until zoomed in. This capability will show an aggregated cluster of data points if at any point your map viewing area (bounding box) has more than 10,000 discrete points. However, as soon as you pan or zoom to a point where the map viewing area has fewer than 10,000 discrete points, the clusters dis-aggregate into individual points. An example of where this can be especially useful is any time you are mapping data points in both dense urban areas as well as more rural locations. It might be the case that in a more sparsely populated region your Elastic Maps view is fine to show every location. However, panning over to a large city might suddenly explode the number of data points that need to be shown. Blended layers help you make that transition smoothly by simply aggregating the visual representation of the points while still conveying their total number. 

Distance filter

Also coming to Elastic Maps as part of Kibana 7.7 is the ability to visually filter points by selecting a center location and then drawing a distance radius with your mouse. It is not uncommon in mapping use cases to want to use the actual map tiles underneath a data layer as a visual reference for what location points to keep. Elastic Maps already provides the ability to approach this problem by drawing a custom shape or rectangular bounds, however with the addition of the distance filter you can now also create perfect circular filter areas based on a selected central point.

Machine learning

Observability now includes one-click access to machine learning

From calculating transaction anomaly scores in APM to running machine learning jobs in Metrics to categorization-led anomaly detection in Logs — using machine learning in the Elastic Stack to help spot issues has never been easier. With the release of 7.7 we are proud to announce that the Elastic Observability application; Uptime, has incorporated machine learning into its ability to highlight anomalous response durations. This addition now means you can leverage the power of the Elastic Stack’s native machine learning capabilities from every part of our observability solution.

Machine learning jobs now available in SIEM detections

New in SIEM for 7.7 is the ability to create signal detection rules based on a machine learning anomaly threshold. This is a significant capability for security practitioners in charge of searching for suspicious activity on networks and host machines since it arms them with an entirely new threat hunting tool right where they need it in the Elastic Stack.

screenshot-machine-learning-SIEM.png

Multiclass classification

7.7 adds a new capability to the classification process inside of data frame analytics with multiclass classification. Previous to 7.7, classification in data frame analytics could evaluate situations like “this discovered executable is a piece of malware” with binary classification outputs like “malware” or “not malware.” Multiclass classification enables a range of outputs so using the same malware example, the results could be “not malware,” “virus,” “trojan,” “worm,” “ransomware,” “spyware,” etc. etc. This unlocks an incredible number of new use cases in both Observability and Security  from helping identify different types of user behavior on sites in  support of real user monitoring (RUM) scenarios to protecting against domain generating algorithm (DGA) techniques used by cyber attackers.

Sign in to Kibana how you want. Multiple SSO options now supported.

A critical goal for us at Elastic is to constantly push ourselves to meet you and your organization wherever you may be in your technology journey. Be that a transition from on-premises deployments to fully managed SaaS, from virtual machines to containers, or — in the security and identity management world — potentially a transition to a single-sign-on (SSO) solution. 

In the spirit of making sure you have the flexibility to choose the path that is right for you, we’re excited with Kibana 7.7 to now give you multiple SSO authentication methods so you can configure the sign-on experience that is best for your organization and your users. 

Let long-running queries time out. Or don’t.

Elasticsearch has added a very exciting new feature with 7.7 called asynchronous search that lets you run potentially lengthy queries in the background. This opens the door to searching potentially truly massive data assets or even limit costs by opting for less expensive storage.

For Kibana, this impacts the Dashboard and Discover apps with a new ability to extend a long-running query past the previous hard stop timeout limit. For example, if you trigger a dashboard query and its run time gets close to hitting the timeout limit, in 7.7 you will see a new notification presenting an option to ignore the timeout altogether and continue to run the dashboard query to completion. Future asynchronous search work will more tightly integrate this capability into the Kibana experience, meaning you will be able to run queries fully in the background while you tackle other Kibana projects and let the long-running request complete.

Get hands-on with Kibana 7.7

Spin up an Elasticsearch cluster on Elastic Cloud and you could be checking out these exciting new Kibana features in less than 3 minutes. Or download the latest builds today and start exploring locally. And be sure to let us know what you think on Twitter (@elastic) or in our forum. You can report any problems on the GitHub issues page.

Related blogs: