Elastic Stack subscriptions

The Elastic Stack — Elasticsearch, Kibana, Beats, and Logstash — powers a variety of use cases. And we have flexible plans to help you get the most out of your on-prem subscriptions.

Our resource-based pricing philosophy is simple: You only pay for the data you use, at any scale, for every use case.

free

Open Source

Apache 2.0: Now and always.

Feature highlights include:
  • Clustering & high availability
  • Powerful search and analysis
  • Data visualization and dashboarding
  • And more
Free download

Basic

The forever-free plan.

Everything in Open Source plus:
  • Core Elastic Stack security features
  • Capabilities such as Elastic APM, Security, App Search, Workplace Search, and Maps
  • Canvas & Lens
  • Kibana alerting and in-stack actions3
  • And more
Free download

Gold

More features. Dedicated support.

Everything in Basic plus:
  • Reporting
  • Kibana third-party alerting actions3
  • Watcher
  • Ingest management
  • Business hours support
  • And more
Contact us

Platinum

Advanced functionality. Around the clock support.

Everything in Gold plus:
  • Advanced Elastic Stack security features
  • Machine learning
  • Cross-cluster replication
  • 24/7/365 support
  • And more
Contact us

Enterprise

Stack orchestration and endpoint protection by default.

Everything in Platinum plus:
  • Access to Elastic Endgame2
  • Access to ECE & ECK orchestration features
Contact us
 

Open Source

Basic

Gold

Platinum

Enterprise

Elastic Stack Operations & Management

Storage types

Inverted index (for search)
Document store (for unstructured)
Columnar store (for analytics)
BKD trees (for numeric, dates, & geo)
Flattened field type
Histogram field type
Shape field type
Vector field type
Wildcard field type
Frozen indices (for long term storage)

Data management

Snapshot/restore
Minimal snapshots
Snapshot lifecycle management
Data rollups
Data streams
Data transforms
Index management
Index lifecycle management

Stack management

Data import tutorials
Ingest Node Pipeline Builder UI
Grok Debugger
Upgrade Assistant
License management
Centralized Beats management
Ingest Manager
Centralized Logstash pipeline management

Scalability & resiliency

Clustering & high availability
Automatic data rebalancing
Cross-cluster search
Voting-only master nodes
Cross-cluster replication1

Elastic Stack security

Secure settings
Encrypted communications
Role-based access control
File and native authentication
Kibana Spaces
Kibana feature controls
API keys management
Audit logging
IP filtering
LDAP, PKI1, Active Directory authentication
Elasticsearch Token Service
Single sign-on (SAML, OpenID Connect, Kerberos)
Attribute-based access control
Field- and document-level security
Custom authentication & authorization realms
Encryption at rest support
FIPS 140-2 mode

Stack monitoring

Full stack monitoring
Multi-stack monitoring
Configurable retention policy
Automatic stack issue alerts

Alerting

Watcher
Kibana Alerts
Kibana Actions - Index & Logging
Kibana Actions - email, PagerDuty, ServiceNow®, Slack, webhooks
Atlassian Jira integration
ServiceNow ITSM integration

Clients

REST APIs
Language clients
Query DSL
Console
ES-Hadoop
JDBC Client
ODBC Client
Tableau Connector

Localized UI

English
Chinese (Simplified)
Japanese

Search & Analysis

Full-text search

Relevance scoring
Highlighting
Type ahead
Corrections
Suggestions
Percolations
Async search
Results pinning
Dynamically updateable synonyms
Query profiler
Similarity functions for vector fields

Analytics

Aggregations
Boxplot aggregation
Cumulative cardinality aggregation
Moving percentiles aggregation
Normalize aggregation
String stats aggregation
Top metrics aggregation
T-test aggregation
Geoshape aggregations
Graph exploration

Query languages

Elasticsearch SQL APIs & CLI
Event Query Language (EQL)

Machine learning

Data Visualizer
Anomaly detection on time series
Outlier detection
Regression
Classification
Population/entity analysis
Log message categorization
Root cause indication
Alerting on anomalies
Forecasting on time series
Inference
Feature importance
Model snapshot management
Language identification

Data Ingest & Transformation

Ingest products & features

Filebeat, Metricbeat, Winlogbeat, Packetbeat, Heartbeat, Auditbeat
Functionbeat
Elastic Agent
Logstash
ES-Hadoop
File import wizard
Elastic Endgame2

Data sources

Operating systems
Web servers and proxies
Datastores and queues
Cloud services
Containers and orchestration
MQTT
Prometheus
ActiveMQ
ArcSight CEF
Audit system data
AWS (S3, EC2, ELB, Billing, CloudTrail, etc.)
Azure
CheckPoint Firewall
Cisco IOS/ASA & Firepower
CockroachDB
CoreDNS
Crowdstrike Falcon
Docker Logging Plugin
Envoy Proxy
Fortinet Fortigate
Google Cloud (Pub/Sub, VPC, etc.)
Google GSuite
IBM MQ
Iptables
Istio Service Mesh
Microsoft Defender ATP
Microsoft (Office) 365
Microsoft SQL Server
Microsoft Windows Security Events
MISP
NetFlow & IPFIX
Okta
Oracle Database
Palo Alto Firewalls
PowerShell
Pivotal Cloud Foundry (PCF)
Redis Enterprise
SophosXG
Suricata
Sysmon
Zeek (formerly Bro)

Data transformation

Index time enrichment
Processors
Analyzers
Tokenizers
Filters
Grok
Field transformation
External lookup enrichment
Circle ingest processor
Match & Geo-match enrich processor

Elastic Common Schema

Elastic Common Schema

Data Exploration & Visualization

Visualizations

Time series
Geo
Metrics
Tables
Tag cloud
Custom (Vega)
Lens

Data exploration

Dashboards
Drilldown between dashboards
Discover
Console
Kibana query autocomplete
Graph analytics

Canvas

Canvas
Canvas shareables

Share & collaborate

Embeddable dashboards
Object export UI & APIs
CSV exports
PDF and PNG reports
Saved queries

Elastic Observability

Observability overview

Elastic APM

APM Server
Jaeger intake
OpenTelemetry intake
APM app
Distributed tracing
Service maps

APM agents

Java
.NET
Go
Ruby
RUM (Javascript)
Python
Node

Integrations

Elastic Logs, Metrics
Kibana alerting and actions3
Machine learning

Elastic Logs

Log shipper (Filebeat)
Dashboards for common data sources
Logs app

Integrations

Elastic Uptime, APM
Kibana alerting and actions3
Log categorization
Machine learning

Elastic Metrics

Metric shipper (Metricbeat)
Dashboards for common data sources
Metrics app

Integrations

Elastic Logs, APM, Uptime
Kibana alerting and actions3

Elastic Uptime

Uptime monitor (Heartbeat)
Uptime dashboards in Kibana
Uptime app

Integrations

Elastic Logs, Metrics, APM
Kibana alerting and actions3
Machine learning

Elastic Security

Elastic Common Schema
Security information and event management (SIEM)
Host security analysis
Network security analysis
Timeline event explorer
Case management
Detection engine
Prebuilt detection rules
Detection rule alerting
Machine learning anomaly detection
Prebuilt anomaly detection jobs
Malware prevention and data collection

Integrations

Elastic Endgame2
Elastic Agent
Elastic APM
Elastic Maps
Kibana alerting and actions3
Atlassian Jira
IBM Resilient
ServiceNow ITSM
Machine learning

Elastic Endgame2

Endgame Server

Role-based access control
LDAP authentication
Single sign-on (SAML 2.0)
Mutual authentication between the platform and endpoint
RESTful API
Policy-based management

Endgame Sensor

EPP and EDR on Windows, Linux, macOS
Security event collection and storage
Tamper resistant

Protect against

Malware, ransomware, phishing
Memory injection, software exploitation
Adversary, tactics, techniques, and behaviors
In-memory attacks
Unwanted behaviors with customizable protection rules and automated responses

Response actions

Isolate hosts
Kill process
Suspend thread execution
Automated file quarantine
Delete, upload, execute files

Threat hunting

Artemis™ - AI-powered natural-language chat-bot
Search for IoCs and hunt using EQL
Audit system information, applications, file systems, and host firewall
Audit loaded drivers and removable media
Audit running processes, network events, registry hives and discover persistence
Automated memory analysis
Outlier analysis

Event collection

File, Process, Network, DNS, Registry, Security, PowerShell, Windows Management Instrumentation, Common Language Runtime, Windows API
DLL and driver loads

Data exploration and visualizations

Visual attack analysis, enriched with context from MITRE ATT&CK
Alert dashboards
Operations dashboards
Customizable reporting

Integrations

Elastic Security
Logstash

Elastic Maps

Elastic Maps Service

Base layer maps
Raster tile zoom level
10
18
18
18
18
Vector tile zoom level for Maps
14
14
14
14

Maps app

GeoJSON upload
Multiple layers
Layer-based filtering
Client-side styling
Individual points and shapes
Geo aggregations
Embed Maps in dashboard
Embed Maps in Canvas
Display up to 24 zoom levels
Custom raster and vector tile service support

Elastic App Search

App Search Server
App Search UI
Search result curation
Search analytics
Custom synonyms
Language-specific relevance
Typo-tolerant relevance model
Relevance model tuning
Index lifecycle management
Meta engines

Security

Encrypted communications
Role-based access control
Single sign-on (SAML)
Encryption at rest support

Elastic Workplace Search

Unified organizational search experience

Workplace Search server
Unified search interface
Natural language query filtering
Search history
Typo-tolerant relevance model
Content source prioritization
Search API

Content sources

First-party cloud source synchronization
First-party on-premise source synchronization
Custom source support
Full-text content indexing for files, documents, and records
Document-level permission support
Private sources

User management & security

Organizational groups
Native user management
SAML user management
Role-based access control
Encrypted communications
Encryption at rest support

Orchestration

Elastic Cloud Enterprise

Deploy anywhere: bare metal, VMs, private or public cloud
Centrally provision, manage, and monitor multiple clusters
Resource tagging, and tag-based deployment configuration
Online same-day version updates
Single-click upgrades & scaling
User and role management
Automated periodic snapshots
Optimized resource utilization
Container-based resource isolation

Elastic Cloud on Kubernetes2

Deploy Elasticsearch, Kibana, and APM Server on Kubernetes
Provision, manage, and monitor multiple clusters
Default Elastic Stack security and authentication for every deployment
Support for hot-warm-cold architectures
Configure backups using snapshots

Support

Support coverage
Business hrs
24/7/365
24/7/365
Response times
Critical: 4 hrs
L2: 1 day
L3: 2 days
Critical: 1 hr
L2: 4 hrs
L3: 1 day
Critical: 1 hr
L2: 4 hrs
L3: 1 day
Unlimited # of incidents
Unlimited # of projects
Support contacts
6
8
8
Web and phone support
Emergency patches

Open Source

Basic

Gold

Platinum

Enterprise

Elastic Stack Operations & Management

Storage types

Inverted index (for search)
Document store (for unstructured)
Columnar store (for analytics)
BKD trees (for numeric, dates, & geo)
Flattened field type
Histogram field type
Shape field type
Vector field type
Wildcard field type
Frozen indices (for long term storage)

Data management

Snapshot/restore
Minimal snapshots
Snapshot lifecycle management
Data rollups
Data streams
Data transforms
Index management
Index lifecycle management

Stack management

Data import tutorials
Ingest Node Pipeline Builder UI
Grok Debugger
Upgrade Assistant
License management
Centralized Beats management
Ingest Manager
Centralized Logstash pipeline management

Scalability & resiliency

Clustering & high availability
Automatic data rebalancing
Cross-cluster search
Voting-only master nodes
Cross-cluster replication1

Elastic Stack security

Secure settings
Encrypted communications
Role-based access control
File and native authentication
Kibana Spaces
Kibana feature controls
API keys management
Audit logging
IP filtering
LDAP, PKI1, Active Directory authentication
Elasticsearch Token Service
Single sign-on (SAML, OpenID Connect, Kerberos)
Attribute-based access control
Field- and document-level security
Custom authentication & authorization realms
Encryption at rest support
FIPS 140-2 mode

Stack monitoring

Full stack monitoring
Multi-stack monitoring
Configurable retention policy
Automatic stack issue alerts

Alerting

Watcher
Kibana Alerts
Kibana Actions - Index & Logging
Kibana Actions - email, PagerDuty, ServiceNow®, Slack, webhooks
Atlassian Jira integration
ServiceNow ITSM integration

Clients

REST APIs
Language clients
Query DSL
Console
ES-Hadoop
JDBC Client
ODBC Client
Tableau Connector

Localized UI

English
Chinese (Simplified)
Japanese

Search & Analysis

Full-text search

Relevance scoring
Highlighting
Type ahead
Corrections
Suggestions
Percolations
Async search
Results pinning
Dynamically updateable synonyms
Query profiler
Similarity functions for vector fields

Analytics

Aggregations
Boxplot aggregation
Cumulative cardinality aggregation
Moving percentiles aggregation
Normalize aggregation
String stats aggregation
Top metrics aggregation
T-test aggregation
Geoshape aggregations
Graph exploration

Query languages

Elasticsearch SQL APIs & CLI
Event Query Language (EQL)

Machine learning

Data Visualizer
Anomaly detection on time series
Outlier detection
Regression
Classification
Population/entity analysis
Log message categorization
Root cause indication
Alerting on anomalies
Forecasting on time series
Inference
Feature importance
Model snapshot management
Language identification

Data Ingest & Transformation

Ingest products & features

Filebeat, Metricbeat, Winlogbeat, Packetbeat, Heartbeat, Auditbeat
Functionbeat
Elastic Agent
Logstash
ES-Hadoop
File import wizard
Elastic Endgame2

Data sources

Operating systems
Web servers and proxies
Datastores and queues
Cloud services
Containers and orchestration
MQTT
Prometheus
ActiveMQ
ArcSight CEF
Audit system data
AWS (S3, EC2, ELB, Billing, CloudTrail, etc.)
Azure
CheckPoint Firewall
Cisco IOS/ASA & Firepower
CockroachDB
CoreDNS
Crowdstrike Falcon
Docker Logging Plugin
Envoy Proxy
Fortinet Fortigate
Google Cloud (Pub/Sub, VPC, etc.)
Google GSuite
IBM MQ
Iptables
Istio Service Mesh
Microsoft Defender ATP
Microsoft (Office) 365
Microsoft SQL Server
Microsoft Windows Security Events
MISP
NetFlow & IPFIX
Okta
Oracle Database
Palo Alto Firewalls
PowerShell
Pivotal Cloud Foundry (PCF)
Redis Enterprise
SophosXG
Suricata
Sysmon
Zeek (formerly Bro)

Data transformation

Index time enrichment
Processors
Analyzers
Tokenizers
Filters
Grok
Field transformation
External lookup enrichment
Circle ingest processor
Match & Geo-match enrich processor

Elastic Common Schema

Elastic Common Schema

Data Exploration & Visualization

Visualizations

Time series
Geo
Metrics
Tables
Tag cloud
Custom (Vega)
Lens

Data exploration

Dashboards
Drilldown between dashboards
Discover
Console
Kibana query autocomplete
Graph analytics

Canvas

Canvas
Canvas shareables

Share & collaborate

Embeddable dashboards
Object export UI & APIs
CSV exports
PDF and PNG reports
Saved queries

Elastic Observability

Observability overview

Elastic APM

APM Server
Jaeger intake
OpenTelemetry intake
APM app
Distributed tracing
Service maps

APM agents

Java
.NET
Go
Ruby
RUM (Javascript)
Python
Node

Integrations

Elastic Logs, Metrics
Kibana alerting and actions3
Machine learning

Elastic Logs

Log shipper (Filebeat)
Dashboards for common data sources
Logs app

Integrations

Elastic Uptime, APM
Kibana alerting and actions3
Log categorization
Machine learning

Elastic Metrics

Metric shipper (Metricbeat)
Dashboards for common data sources
Metrics app

Integrations

Elastic Logs, APM, Uptime
Kibana alerting and actions3

Elastic Uptime

Uptime monitor (Heartbeat)
Uptime dashboards in Kibana
Uptime app

Integrations

Elastic Logs, Metrics, APM
Kibana alerting and actions3
Machine learning

Elastic Security

Elastic Common Schema
Security information and event management (SIEM)
Host security analysis
Network security analysis
Timeline event explorer
Case management
Detection engine
Prebuilt detection rules
Detection rule alerting
Machine learning anomaly detection
Prebuilt anomaly detection jobs
Malware prevention and data collection

Integrations

Elastic Endgame2
Elastic Agent
Elastic APM
Elastic Maps
Kibana alerting and actions3
Atlassian Jira
IBM Resilient
ServiceNow ITSM
Machine learning

Elastic Endgame2

Endgame Server

Role-based access control
LDAP authentication
Single sign-on (SAML 2.0)
Mutual authentication between the platform and endpoint
RESTful API
Policy-based management

Endgame Sensor

EPP and EDR on Windows, Linux, macOS
Security event collection and storage
Tamper resistant

Protect against

Malware, ransomware, phishing
Memory injection, software exploitation
Adversary, tactics, techniques, and behaviors
In-memory attacks
Unwanted behaviors with customizable protection rules and automated responses

Response actions

Isolate hosts
Kill process
Suspend thread execution
Automated file quarantine
Delete, upload, execute files

Threat hunting

Artemis™ - AI-powered natural-language chat-bot
Search for IoCs and hunt using EQL
Audit system information, applications, file systems, and host firewall
Audit loaded drivers and removable media
Audit running processes, network events, registry hives and discover persistence
Automated memory analysis
Outlier analysis

Event collection

File, Process, Network, DNS, Registry, Security, PowerShell, Windows Management Instrumentation, Common Language Runtime, Windows API
DLL and driver loads

Data exploration and visualizations

Visual attack analysis, enriched with context from MITRE ATT&CK
Alert dashboards
Operations dashboards
Customizable reporting

Integrations

Elastic Security
Logstash

Elastic Maps

Elastic Maps Service

Base layer maps
Raster tile zoom level
Vector tile zoom level for Maps

Maps app

GeoJSON upload
Multiple layers
Layer-based filtering
Client-side styling
Individual points and shapes
Geo aggregations
Embed Maps in dashboard
Embed Maps in Canvas
Display up to 24 zoom levels
Custom raster and vector tile service support

Elastic App Search

App Search Server
App Search UI
Search result curation
Search analytics
Custom synonyms
Language-specific relevance
Typo-tolerant relevance model
Relevance model tuning
Index lifecycle management
Meta engines

Security

Encrypted communications
Role-based access control
Single sign-on (SAML)
Encryption at rest support

Elastic Workplace Search

Unified organizational search experience

Workplace Search server
Unified search interface
Natural language query filtering
Search history
Typo-tolerant relevance model
Content source prioritization
Search API

Content sources

First-party cloud source synchronization
First-party on-premise source synchronization
Custom source support
Full-text content indexing for files, documents, and records
Document-level permission support
Private sources

User management & security

Organizational groups
Native user management
SAML user management
Role-based access control
Encrypted communications
Encryption at rest support

Orchestration

Elastic Cloud Enterprise

Deploy anywhere: bare metal, VMs, private or public cloud
Centrally provision, manage, and monitor multiple clusters
Resource tagging, and tag-based deployment configuration
Online same-day version updates
Single-click upgrades & scaling
User and role management
Automated periodic snapshots
Optimized resource utilization
Container-based resource isolation

Elastic Cloud on Kubernetes2

Deploy Elasticsearch, Kibana, and APM Server on Kubernetes
Provision, manage, and monitor multiple clusters
Default Elastic Stack security and authentication for every deployment
Support for hot-warm-cold architectures
Configure backups using snapshots

Support

Support coverage
Response times
Unlimited # of incidents
Unlimited # of projects
Support contacts
Web and phone support
Emergency patches
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
10
18
18
18
18
14
14
14
14
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Business hrs
24/7/365
24/7/365
Critical: 4 hrs
L2: 1 day
L3: 2 days
Critical: 1 hr
L2: 4 hrs
L3: 1 day
Critical: 1 hr
L2: 4 hrs
L3: 1 day
6
8
8

1 Feature is currently not available in deployments on Elastic Cloud Enterprise.

2 Customers whose Enterprise subscriptions use ECE/ECE Instances as the billing metric must agree to additional terms before they can access the Enterprise-level features listed in this section. Please contact us.

3 Refer to the Alerting section (Kibana Alerting and Kibana Actions items) for further details.

The list above reflects the features available in the latest version of the Elastic Stack. Any features or functions of services or products referenced on this page or other pages, or in any presentations, press releases or public statements, which are not currently available or not currently available as a GA release, may not be delivered on time or at all. The development, release, and timing of any features or functionality described for our products remains at our sole discretion. Customers who purchase our products and services should make the purchase decisions based upon services and product features and functions that are currently available.

We're with you every step of the way: from starting up to development to production.

We know what it's like to start small and launch something big. Have access to our products, features, and support right from the beginning from project conception to production.

Want to learn more?
We love a good query.

Get details. Request a quote. Explore your options. Anything you like, really.

MarketoFEForm

Supported platforms

View platform and software configurations eligible for support.