Elastic Stack 5.4.0 Released

Editor's Note (August 3, 2021): This post uses deprecated features. Please reference the map custom regions with reverse geocoding documentation for current instructions.

May the 4th be with you. 5.4 is, in fact, the release that you have been looking for.

It is, again, a substantive release with features and functionality in nearly all areas of the Elastic Stack. And, as per usual, it is available -- right now -- on Elastic Cloud.

The headlining feature of this release is the addition of machine learning features (in beta) to X-Pack. Machine learning means many things to many people, but in this initial release, we focused on making it easy to detect anomalies in time series data. For many of our users, it has become impractical to spot infrastructure problems, cyber attacks, or business issues by only eyeballing dashboards or creating rules. X-Pack machine learning features automatically model the normal behavior of your time series data to detect what isnt.

Note that machine learning is not yet enabled on Elastic Cloud. Stay tuned for updates!

We cant overstate our excitement about this automated anomaly detection capability in X-Pack..

but wait, theres more.


For more detailed information, and many other features, peruse the Elasticsearch detail post.

  • Searching data across a large number of shards, perhaps through using Cross Cluster search? Youll welcome the improved memory management on coordinating nodes through batched reduction of search results.
  • range queries, nested queries, and large term queries have all shipped with optimizations in this release.


Visualize all the features, and Discover more information in the detail post.

  • So many visualization types, so little time. Weve redesigned the Create Visualization wizard with new categories and icons
  • Time Series combines pipeline aggregations and a new UI for interacting with, and designing visualizations from, time series data.
  • What happened before a log event? What happened after a log event? Youll love Event Context in Discover.

Hear, hear! The Watcher UI is here! Accessible from Kibanas Management app, its now easy to create, manage and track your watches. Easily acknowledge alerting watches or deactivate them during known service periods. You can even test your watches right in the UI.

Use the new cluster alerts feature in X-Pack monitoring to proactively detect issues in your Elastic Stack. Cluster alerts will display in the top-level view of the Monitoring app in Kibana. If your cluster status is red, for example, you will see a prominent notification and information about the error.


For more information, grok the detail post.

  • In 5.1, we said Heya to persistent queues. As of 5.4, they are a fully supported feature in Logstash which can enhance data durability and simplify ingest architectures.


We dont let the beat drop but we drop the updates in a detail post.

  • Have a Java app? Want JMX metrics? Youll love Metricbeat 5.4
  • Filebeat gets another module with the inclusion of the auditd module for parsing Linux auditd logs
  • Parsing authentication logs is now possible by adding the system.auth fileset in the Filebeat system module.


ES-Hadoop 5.4.0 has also been released today.

Get It Now!