free
Apache 2.0: Now and always.
Feature highlights include:
- Clustering & high availability
- Powerful search and analysis
- Data visualization and dashboarding
- And more
The forever-free plan.
Everything in Open Source plus:
- Core Elastic Stack security features
- Capabilities such as Elastic APM, SIEM, and Maps
- Canvas & Lens
- And more
More features. Dedicated support.
Everything in Basic plus:
- Alerting
- Reporting
- Ingest management
- Business hours support
- And more
Advanced functionality. Around the clock support.
Everything in Gold plus:
- Advanced Elastic Stack security features
- Machine learning
- Cross-cluster replication
- 24/7/365 support
- And more
Stack orchestration and endpoint protection by default.
Everything in Platinum plus:
- Endpoint prevention
- Endpoint detection and response mapped to MITRE ATT&CK
- Endpoint event collection
- Access to ECE & ECK orchestration features
Elastic Stack Operations & Management
Inverted index (for search)
Document store (for unstructured)
Columnar store (for analytics)
BKD trees (for numeric, dates, & geo)
Flattened field type
Shape field type
Vector field type
Histogram field type
Frozen indices (for long term storage)
Snapshot/restore
Minimal snapshots
Snapshot lifecycle management*
Data rollups
Data transforms
Index management
Index lifecycle management
Data import tutorials
Grok Debugger
Upgrade Assistant
License management
Centralized Beats management
Centralized Logstash pipeline management
Clustering & high availability
Automatic data rebalancing
Cross-cluster search
Voting-only master nodes
Cross-cluster replication*
Encrypted communications
Role-based access control
File and native authentication
Kibana Spaces
Kibana feature controls
API keys management
Audit logging
IP filtering
LDAP, PKI*, Active Directory authentication
Elasticsearch Token Service
Single sign-on (SAML, OpenID Connect, Kerberos)
Attribute-based access control
Field- and document-level security
Custom authentication & authorization realms
Encryption at rest support
FIPS 140-2 mode
Full stack monitoring
Multi-stack monitoring
Configurable retention policy
Automatic stack issue alerts
Highly available, scalable alerting
Notifications via email, Slack, Pagerduty, Jira, or webhooks
Alerting UI
REST APIs
Language clients
Query DSL
Console
ES-Hadoop
Elasticsearch SQL APIs & CLI
JDBC Client
ODBC Client
Search & Analysis
Relevance scoring
Highlighting
Type ahead
Corrections
Suggestions
Percolations
Results pinning
Dynamically updateable synonyms
Query profiler
Similarity functions for vector fields
Data Ingest & Transformation
Filebeat, Metricbeat, Winlogbeat, Packetbeat, Heartbeat, Auditbeat
Functionbeat
Logstash
ES-Hadoop
File import wizard
Elastic Endpoint Security**
Operating systems
Web servers and proxies
Datastores and queues
Cloud services
Containers and orchestration
ActiveMQ
ArcSight CEF
Audit system data
AWS (S3, EC2, ELB, Billing, etc.)
Azure
Cisco ASA & Firepower
CockroachDB
CoreDNS
Docker Logging Plugin
Envoy Proxy
Google Cloud Pub/Sub
Google Cloud VPC flows
IBM MQ
Iptables
Microsoft SQL Server
MISP
NetFlow & IPFIX
Oracle Database
Palo Alto PAN-OSl
Suricata
Zeek (formerly Bro)
Index time enrichment
Processors
Analyzers
Tokenizers
Filters
Grok
Field transformation
External lookup enrichment
Circle ingest processor
Match & Geo-match enrich processor
Data Exploration & Visualization
Elastic APM
APM Server
Jaeger intake
APM app
Distributed tracing
Elastic Logs
Log shipper (Filebeat)
Dashboards for common data sources
Logs app
Elastic Metrics
Metric shipper (Metricbeat)
Dashboards for common data sources
Metrics app
Elastic Uptime
Uptime monitor (Heartbeat)
Uptime dashboards in Kibana
Uptime app
Elastic SIEM
Elastic Common Schema
Host security analysis
Network security analysis
Timeline event explorer
SIEM detection engine
Prebuilt detection rules
Prebuilt anomaly detection jobs
Elastic Endpoint Security**
Role-based access control
LDAP authentication
Single sign-on (SAML 2.0)
Mutual authentication between the platform and endpoint
RESTful API
Policy-based management
EPP and EDR on Windows, Linux, macOS
Security event collection and storage
Tamper resistant
Malware, ransomware, phishing
Memory injection, software exploitation
Adversary, tactics, techniques, and behaviors
In-memory attacks
Unwanted behaviors with customizable protection rules and automated responses
Isolate hosts
Kill process
Suspend thread execution
Automated file quarantine
Delete, upload, execute files
Artemis™ - AI-powered natural-language chat-bot
Search for IoCs and hunt using EQL
Audit system information, applications, file systems, and host firewall
Audit loaded drivers and removable media
Audit running processes, network events, registry hives and discover persistence
Automated memory analysis
Outlier analysis
File, Process, Network, DNS, Registry, Security, PowerShell, Windows Management Instrumentation, Common Language Runtime, Windows API
DLL and driver loads
Visual attack analysis, enriched with context from MITRE ATT&CK
Alert dashboards
Operations dashboards
Customizable reporting
Elastic Maps
Elastic App Search
App Search Server
App Search UI
Search result curation
Search analytics
Custom synonyms
Language-specific relevance
Typo-tolerant relevance model
Relevance model tuning
Meta engines
Orchestration
Deploy anywhere: bare metal, VMs, private or public cloud
Centrally provision, manage, and monitor multiple clusters
Resource tagging, and tag-based deployment configuration
Online same-day version updates
Single-click upgrades & scaling
User and role management
Automated periodic snapshots
Optimized resource utilization
Container-based resource isolation
Support
Elastic Stack Monitoring Service
Support coverage
Business hrs
24/7/365
24/7/365
Response times
Critical: 4 hrs
L2: 1 day
L3: 2 days
L2: 1 day
L3: 2 days
Critical: 1 hr
L2: 4 hrs
L3: 1 day
L2: 4 hrs
L3: 1 day
Critical: 1 hr
L2: 4 hrs
L3: 1 day
L2: 4 hrs
L3: 1 day
Unlimited # of incidents
Unlimited # of projects
Support contacts
6
8
8
Web and phone support
Emergency patches
Elastic Stack Operations & Management
Inverted index (for search)
Document store (for unstructured)
Columnar store (for analytics)
BKD trees (for numeric, dates, & geo)
Flattened field type
Shape field type
Vector field type
Histogram field type
Frozen indices (for long term storage)
Snapshot/restore
Minimal snapshots
Snapshot lifecycle management*
Data rollups
Data transforms
Index management
Index lifecycle management
Data import tutorials
Grok Debugger
Upgrade Assistant
License management
Centralized Beats management
Centralized Logstash pipeline management
Clustering & high availability
Automatic data rebalancing
Cross-cluster search
Voting-only master nodes
Cross-cluster replication*
Encrypted communications
Role-based access control
File and native authentication
Kibana Spaces
Kibana feature controls
API keys management
Audit logging
IP filtering
LDAP, PKI*, Active Directory authentication
Elasticsearch Token Service
Single sign-on (SAML, OpenID Connect, Kerberos)
Attribute-based access control
Field- and document-level security
Custom authentication & authorization realms
Encryption at rest support
FIPS 140-2 mode
Full stack monitoring
Multi-stack monitoring
Configurable retention policy
Automatic stack issue alerts
Highly available, scalable alerting
Notifications via email, Slack, Pagerduty, Jira, or webhooks
Alerting UI
REST APIs
Language clients
Query DSL
Console
ES-Hadoop
Elasticsearch SQL APIs & CLI
JDBC Client
ODBC Client
Search & Analysis
Relevance scoring
Highlighting
Type ahead
Corrections
Suggestions
Percolations
Results pinning
Dynamically updateable synonyms
Query profiler
Similarity functions for vector fields
Data Ingest & Transformation
Filebeat, Metricbeat, Winlogbeat, Packetbeat, Heartbeat, Auditbeat
Functionbeat
Logstash
ES-Hadoop
File import wizard
Elastic Endpoint Security**
Operating systems
Web servers and proxies
Datastores and queues
Cloud services
Containers and orchestration
ActiveMQ
ArcSight CEF
Audit system data
AWS (S3, EC2, ELB, Billing, etc.)
Azure
Cisco ASA & Firepower
CockroachDB
CoreDNS
Docker Logging Plugin
Envoy Proxy
Google Cloud Pub/Sub
Google Cloud VPC flows
IBM MQ
Iptables
Microsoft SQL Server
MISP
NetFlow & IPFIX
Oracle Database
Palo Alto PAN-OSl
Suricata
Zeek (formerly Bro)
Index time enrichment
Processors
Analyzers
Tokenizers
Filters
Grok
Field transformation
External lookup enrichment
Circle ingest processor
Match & Geo-match enrich processor
Data Exploration & Visualization
Elastic APM
APM Server
Jaeger intake
APM app
Distributed tracing
Elastic Logs
Log shipper (Filebeat)
Dashboards for common data sources
Logs app
Elastic Metrics
Metric shipper (Metricbeat)
Dashboards for common data sources
Metrics app
Elastic Uptime
Uptime monitor (Heartbeat)
Uptime dashboards in Kibana
Uptime app
Elastic SIEM
Elastic Common Schema
Host security analysis
Network security analysis
Timeline event explorer
SIEM detection engine
Prebuilt detection rules
Prebuilt anomaly detection jobs
Elastic Endpoint Security**
Role-based access control
LDAP authentication
Single sign-on (SAML 2.0)
Mutual authentication between the platform and endpoint
RESTful API
Policy-based management
EPP and EDR on Windows, Linux, macOS
Security event collection and storage
Tamper resistant
Malware, ransomware, phishing
Memory injection, software exploitation
Adversary, tactics, techniques, and behaviors
In-memory attacks
Unwanted behaviors with customizable protection rules and automated responses
Isolate hosts
Kill process
Suspend thread execution
Automated file quarantine
Delete, upload, execute files
Artemis™ - AI-powered natural-language chat-bot
Search for IoCs and hunt using EQL
Audit system information, applications, file systems, and host firewall
Audit loaded drivers and removable media
Audit running processes, network events, registry hives and discover persistence
Automated memory analysis
Outlier analysis
File, Process, Network, DNS, Registry, Security, PowerShell, Windows Management Instrumentation, Common Language Runtime, Windows API
DLL and driver loads
Visual attack analysis, enriched with context from MITRE ATT&CK
Alert dashboards
Operations dashboards
Customizable reporting
Elastic Maps
Elastic App Search
App Search Server
App Search UI
Search result curation
Search analytics
Custom synonyms
Language-specific relevance
Typo-tolerant relevance model
Relevance model tuning
Meta engines
Orchestration
Deploy anywhere: bare metal, VMs, private or public cloud
Centrally provision, manage, and monitor multiple clusters
Resource tagging, and tag-based deployment configuration
Online same-day version updates
Single-click upgrades & scaling
User and role management
Automated periodic snapshots
Optimized resource utilization
Container-based resource isolation
Support
Elastic Stack Monitoring Service
Support coverage
Response times
Unlimited # of incidents
Unlimited # of projects
Support contacts
Web and phone support
Emergency patches
10
18
18
18
18
Business hrs
24/7/365
24/7/365
Critical: 4 hrs
L2: 1 day
L3: 2 days
L2: 1 day
L3: 2 days
Critical: 1 hr
L2: 4 hrs
L3: 1 day
L2: 4 hrs
L3: 1 day
Critical: 1 hr
L2: 4 hrs
L3: 1 day
L2: 4 hrs
L3: 1 day
6
8
8
* Feature is currently not available in deployments on Elastic Cloud Enterprise.
** Customers whose Enterprise Subscriptions use ECE/ECE Instances as the billing metric must agree to additional terms before they can access the Enterprise-level features listed in this section. Please contact us.
The list above reflects the features available in the latest version of the Elastic Stack. Any features or functions of services or products referenced on this page or other pages, or in any presentations, press releases or public statements, which are not currently available or not currently available as a GA release, may not be delivered on time or at all. The development, release, and timing of any features or functionality described for our products remains at our sole discretion. Customers who purchase our products and services should make the purchase decisions based upon services and product features and functions that are currently available.
View platform and software configurations eligible for support.