Version 7.12 of Kibana is available today and with it comes new capabilities designed to help you uncover insights and drive action with your data in Elasticsearch. Highlights include:
- Managing long-running searches in the background
- Using runtime fields in Discover
- The general availability of location-based alerts
Take these new features (and more) for a test drive today with a free trial of Elasticsearch Service on Elastic Cloud. You can also easily download the latest versions of Kibana and the Elastic Stack to run in a self-managed environment.
For a full list of bug fixes and other changes, check out our Kibana 7.12 release notes.
Stay productive in Kibana by saving long-running searches to the background
One of the most powerful things about the Elastic Stack is the flexibility to decide how to store your data while still keeping it accessible for searching. Hot, warm, and cold (and now even frozen) tiered storage options combined with things like cross-cluster search mean you can retain incredible amounts of data while controlling costs and still allowing users to find insights.
As expected though, hunting for an answer across years of data where the underlying index is living on a frozen asset or spread across remote clusters means the return time on your result likely won’t be sub-second. To aid in handling these sometimes long-running searches, we rolled out async search in 7.9 as a way to let you “set it and forget it” when using the Elasticsearch API directly. With 7.12, we’re introducing a frontend experience in Discover and Dashboard that builds on earlier async search capabilities to let you save a long-running search to run in the background.
Saving a search from Discover or from a Kibana dashboard means capturing that search query as a search session. This allows it to run in the background (meaning you don’t need to keep the page open or even stay logged in) and then you can retrieve the results when it has completed by visiting the new search sessions management page inside of Stack Management in Kibana.
You can also use saved search sessions to “pre-run” a dashboard you might want to present in a meeting without having to worry about opening it and waiting for all the required searches to complete. Likewise, saved search session links can be shared with others to save them time when accessing a dashboard or Discover result that potentially uses long-running searches.
Runtime fields at your fingertips in Discover and Kibana Lens
With the general availability of runtime fields in 7.12, you can now use them from within Discover and Kibana Lens. This means when looking at an index, not only will fields captured at the time of ingest (schema on write) be displayed, but those fields created after ingest with the runtime capability (schema on read) will also be available to use for analyses.
Along with support for runtime fields, we’ve had to make a few changes to Discover. Adding many fields can make the field list itself unwieldy, so we’re grouping them under a root field that can be expanded to access the right field when you need it. Underneath the covers, we’re taking advantage of the fields parameter Elasticsearch introduced in 7.11. Be sure to check out our detailed blog on these changes.
Do more with your location data
Location-based alerts are now generally available
Elasticsearch is a geospatial powerhouse. As a database, you can store and query spatial data at speed and scale. From this you can build beautiful and informative maps, and in 7.12 you can let your data drive awareness and action through notifications.
We are introducing the tracking containment alert type that lets you monitor an entity’s location as it relates to a boundary (entering, leaving, or staying inside of). Commonly known as “geo-fencing,” this new alert type is ideal for situations that call for tracking device movements, vehicles within a fleet, aircraft, and more. The tracking containment alert type in 7.12 combines the capabilities of the previous location-based alerts released in beta with 7.10 and 7.11 and marks the overall general availability of location-based alerts within the Elastic Stack.
Bringing the power of maps to Machine Learning
The Elastic Stack is home to a broad range of capabilities, creating a multiplier effect that allows users to discover new use cases. Machine learning is a great example — you can find ways to use machine learning in so many places outside of the Machine Learning app itself, from calculating anomaly scores for APM transactions to creating new detection rules inside Elastic Security. With 7.12, the tables are turned and Machine Learning is the beneficiary of the Elastic Stack’s robust mapping capabilities with the addition of embedded maps to both anomaly explorer and data visualizer.
New in 7.12, when building anomaly detection jobs based on geographic location using the lat_long function, the anomaly results will display an embedded map in the anomaly explorer view showing actual and typical locations.
When using data visualizer in 7.12 to inspect either an uploaded file or existing index pattern you’ll now find that anything with the geo_point field type will automatically display an embedded map. Having your location data instantly in front of you like this makes it easier to spot geographic outliers or patterns and ultimately helps you make the next analysis decision.
Creating dashboards faster and making panel management simpler
There are now two ways you can save dashboard panels: in the dashboard itself or in the Visualize library. Saving, charts, maps, or Lens visualizations to the Visualize Library will allow for reuse in other dashboards. The new default of saving the panel in the dashboard itself will reduce clutter throughout the rest of your experience in Kibana when searching or managing your content. You can always add a panel to the library by clicking the specific panel’s menu and choosing Save to Library.
Get hands-on with Kibana 7.12 today
- Elastic 7.12 released
- Elasticsearch 7.12 released
- Elastic Enterprise Search 7.12 released
- Elastic Security 7.12 released
- Elastic Observability 7.12 released
- Elastic Cloud 7.12
The release and timing of any features or functionality described in this document remain at Elastic’s sole discretion. Any features or functionality not currently available may not be delivered on time or at all.