The Elastic Stack — Elasticsearch, Kibana, Beats, and Logstash — powers a variety of use cases. And we have flexible plans to help you get the most out of your on-prem subscriptions.
Our resource-based pricing philosophy is simple: You only pay for the data you use, at any scale, for every use case.
Elastic Stack Operations & Management
Inverted index (for search)
Runtime fields
Document store (for unstructured)
Columnar store (for analytics)
BKD trees (for numeric, dates, & geo)
Flattened field type
Histogram field type
Shape field type
Vector field type
Version field type
Wildcard field type
Frozen indices (for long term storage)
Searchable snapshots
Snapshot/restore
Minimal snapshots
Snapshot lifecycle management
Data rollups
Data streams
Data tiers
Data transforms
Index management
Index lifecycle management
Data import tutorials
Ingest Node Pipeline Builder UI
Grok Debugger
Upgrade Assistant
License management
Centralized Beats management
Centralized Logstash pipeline management
Clustering & high availability
Automatic data rebalancing
Cross-cluster search
Voting-only master nodes
Cross-cluster replication
Secure settings
Encrypted communications
Role-based access control
Anonymous access control (public sharing)
File and native authentication
Kibana Spaces
Kibana feature controls
API keys management
Elasticsearch audit logging
Kibana audit logging
IP filtering
LDAP, PKI3, Active Directory authentication
Elasticsearch Token Service
Single sign-on (SAML, OpenID Connect, Kerberos)
Attribute-based access control
Field- and document-level security
Custom authentication & authorization realms
Encryption at rest support
FIPS 140-2 mode
Full stack monitoring
Multi-stack monitoring
Configurable retention policy
Kibana alerting and actions5
Kibana Alerts
Kibana Alerts: tracking containment (geofencing)
Kibana Alerts: Anomaly detection alert (machine learning)
Kibana Actions: Index and Logging
Kibana Actions: email, webhooks, Jira, Microsoft Teams, PagerDuty, Slack
Kibana Actions: IBM Resilient, ServiceNow® ITSM
Watcher
Search & Analysis
Relevance scoring
Highlighting
Type ahead
Corrections
Suggestions
Percolations
Async search
Results pinning
Dynamically updateable synonyms
Query profiler
Similarity functions for vector fields
Aggregations
Boxplot aggregation
Cumulative cardinality aggregation
Geoline aggregation
Geoshape aggregations
Moving percentiles aggregation
Multi terms aggregation
Normalize aggregation
Rate aggregation
String stats aggregation
Top metrics aggregation
T-test aggregation
Graph exploration
Data Ingest & Transformation
Filebeat, Metricbeat, Winlogbeat, Packetbeat, Heartbeat, Auditbeat
Functionbeat
Real browser-based synthetic monitoring agent
Logstash
ES-Hadoop
File import wizard
Elastic Endgame4
Fleet app
Fleet integrations
Elastic Agent
Selective agent binary updates
Selective agent policy reassignment
Selective agent unenrollment
Cloud services
Containers and orchestration
Operating systems
Web servers and proxies
Datastores and queues
MQTT
Prometheus
ActiveMQ
ArcSight (as CEF)
Audit system data
AWS (S3, EC2, ELB, Billing, CloudTrail, etc.)
Azure
Check Point Firewall
Cisco AMP, IOS/ASA, Firepower & Umbrella
CockroachDB
Common Event Format (CEF)
CoreDNS
Crowdstrike Falcon
Docker Logging Plugin
Envoy Proxy
Fortinet Fortigate
Google Cloud (Pub/Sub, VPC, etc.)
Google Workspace
IBM MQ
Iptables
Istio Service Mesh
Juniper SRX
Microsoft 365 Defender & Defender for Endpoint
Microsoft (Office) 365
Microsoft SQL Server
Microsoft Windows Security Events
MISP
MySQL Enterprise Audit Logs
NetFlow & IPFIX
Okta
osquery
Oracle Database
Palo Alto Firewalls
PowerShell
Pivotal Cloud Foundry (PCF)
Redis Enterprise
Session initiation protocol (SIP)
Legacy SIEM connector
Snyk
Sophos XG
Suricata
Sysmon
Zeek (formerly Bro)
Zoom
Index time enrichment
Processors
Analyzers
Tokenizers
Filters
Grok
Field transformation
External lookup enrichment
Circle ingest processor
Match & Geo-match enrich processor
Data Exploration & Visualization
Dashboards
Drilldown between dashboards
Drilldown to URL
Discover
Console
Kibana query autocomplete
Run search sessions in background
Graph analytics
Embeddable dashboards
Anonymous access control (public sharing)
CSV exports
PDF and PNG reports
Saved queries
Elastic Observability
Observability overview
User Experience overview
Elastic APM
APM Server
Jaeger intake
OpenTelemetry intake for traces and metrics
APM app
Distributed tracing
Service maps
Correlations
Elastic Logs
Log shipper (Filebeat)
Dashboards for common data sources
Logs app
Elastic Metrics
Metric shipper (Metricbeat)
Dashboards for common data sources
Metrics app
Elastic Uptime
Uptime monitor (Heartbeat)
Uptime dashboards in Kibana
Uptime app
Elastic Security
Elastic Common Schema
Security information and event management (SIEM)
Host security analysis
Network security analysis
Timeline event explorer
Case management
Detection engine (e.g., correlation, indicator match, threshold)
Prebuilt detection rules
Detection rule external actions
Machine learning anomaly detection
Prebuilt anomaly detection jobs
Malware prevention and data collection
Behavioral ransomware prevention
Customizable on-endpoint protection notifications
Elastic Endgame3
Role-based access control
LDAP authentication
Single sign-on (SAML 2.0)
Mutual authentication between the platform and endpoint
RESTful API
Policy-based management
EPP and EDR on Windows, Linux, macOS
Security event collection and storage
Tamper resistance
Malware, ransomware, phishing
Memory injection, software exploitation
Adversary, tactics, techniques, and behaviors
In-memory attacks
Unwanted behaviors with customizable protection rules and automated responses
Isolate hosts
Kill process
Suspend thread execution
Automated file quarantine
Delete, upload, execute files
Artemis™ - AI-powered natural-language chat-bot
Search for IoCs and hunt using EQL
Audit system information, applications, file systems, and host firewall
Audit loaded drivers and removable media
Audit running processes, network events, registry hives and discover persistence
Automated memory analysis
Outlier analysis
File, Process, Network, DNS, Registry, Security, PowerShell, Windows Management Instrumentation, Common Language Runtime, Windows API
DLL and driver loads
Visual attack analysis, enriched with context from MITRE ATT&CK
Alert dashboards
Operations dashboards
Customizable reporting
Elastic Maps
Base layer maps
Raster tile zoom level
10
18
18
18
18
Vector tile zoom level for Maps
14
14
14
14
GeoJSON upload
Multiple layers
Layer-based filtering
Client-side styling
Individual points and shapes
Geo aggregations
Embed Maps in dashboard
Embed Maps in Canvas
Tracking alerts
Containment alerts
Geo-threshold alerts
Display up to 24 zoom levels
Custom raster and vector tile service support
Kibana Alerts: tracking containment (geofencing)
Elastic App Search
App Search Server
App Search UI
Search result curation
Search analytics
Custom synonyms
Language-specific relevance
Typo-tolerant relevance model
Relevance model tuning
Index lifecycle management
Meta engines
Web crawler (beta)
Elastic Workplace Search
Workplace Search server
Unified search interface
Natural language query filtering
Search history
Typo-tolerant relevance model
Content source prioritization
Search analytics
Search API
First-party cloud source synchronization
First-party on-premise source synchronization
Custom source support
Full-text content indexing for files, documents, and records
Document-level permission support
Private sources
Orchestration
Deploy anywhere: bare metal, VMs, private or public cloud
Centrally provision, manage, and monitor multiple clusters
Resource tagging, and tag-based deployment configuration
Online same-day version updates
Single-click upgrades & scaling
User and role management
Automated periodic snapshots
Optimized resource utilization
Container-based resource isolation
Cross-cluster search and replication across ECE installations
Deployment autoscaling
Deploy Elasticsearch, Kibana, and APM Server, Beats, Enterprise Search, and Elastic Agent on Kubernetes
Provision, manage, and monitor multiple clusters
Default Elastic Stack security and authentication for every deployment
Single command upgrades and scaling
Cross-cluster replication and search within or outside of a Kubernetes cluster
Support
Support coverage
Business hrs
24/7/365
24/7/365
Response times
Critical: 4 hrs
L2: 1 day
L3: 2 days
L2: 1 day
L3: 2 days
Critical: 1 hr
L2: 4 hrs
L3: 1 day
L2: 4 hrs
L3: 1 day
Critical: 1 hr
L2: 4 hrs
L3: 1 day
L2: 4 hrs
L3: 1 day
Unlimited # of incidents
Unlimited # of projects
Support contacts7
6
8
8
Web and phone support
Emergency patches
Elastic Stack Operations & Management
Inverted index (for search)
Runtime fields
Document store (for unstructured)
Columnar store (for analytics)
BKD trees (for numeric, dates, & geo)
Flattened field type
Histogram field type
Shape field type
Vector field type
Version field type
Wildcard field type
Frozen indices (for long term storage)
Searchable snapshots
Snapshot/restore
Minimal snapshots
Snapshot lifecycle management
Data rollups
Data streams
Data tiers
Data transforms
Index management
Index lifecycle management
Data import tutorials
Ingest Node Pipeline Builder UI
Grok Debugger
Upgrade Assistant
License management
Centralized Beats management
Centralized Logstash pipeline management
Clustering & high availability
Automatic data rebalancing
Cross-cluster search
Voting-only master nodes
Cross-cluster replication
Secure settings
Encrypted communications
Role-based access control
Anonymous access control (public sharing)
File and native authentication
Kibana Spaces
Kibana feature controls
API keys management
Elasticsearch audit logging
Kibana audit logging
IP filtering
LDAP, PKI3, Active Directory authentication
Elasticsearch Token Service
Single sign-on (SAML, OpenID Connect, Kerberos)
Attribute-based access control
Field- and document-level security
Custom authentication & authorization realms
Encryption at rest support
FIPS 140-2 mode
Full stack monitoring
Multi-stack monitoring
Configurable retention policy
Kibana alerting and actions5
Kibana Alerts
Kibana Alerts: tracking containment (geofencing)
Kibana Alerts: Anomaly detection alert (machine learning)
Kibana Actions: Index and Logging
Kibana Actions: email, webhooks, Jira, Microsoft Teams, PagerDuty, Slack
Kibana Actions: IBM Resilient, ServiceNow® ITSM
Watcher
Search & Analysis
Relevance scoring
Highlighting
Type ahead
Corrections
Suggestions
Percolations
Async search
Results pinning
Dynamically updateable synonyms
Query profiler
Similarity functions for vector fields
Aggregations
Boxplot aggregation
Cumulative cardinality aggregation
Geoline aggregation
Geoshape aggregations
Moving percentiles aggregation
Multi terms aggregation
Normalize aggregation
Rate aggregation
String stats aggregation
Top metrics aggregation
T-test aggregation
Graph exploration
Data Ingest & Transformation
Filebeat, Metricbeat, Winlogbeat, Packetbeat, Heartbeat, Auditbeat
Functionbeat
Real browser-based synthetic monitoring agent
Logstash
ES-Hadoop
File import wizard
Elastic Endgame4
Fleet app
Fleet integrations
Elastic Agent
Selective agent binary updates
Selective agent policy reassignment
Selective agent unenrollment
Cloud services
Containers and orchestration
Operating systems
Web servers and proxies
Datastores and queues
MQTT
Prometheus
ActiveMQ
ArcSight (as CEF)
Audit system data
AWS (S3, EC2, ELB, Billing, CloudTrail, etc.)
Azure
Check Point Firewall
Cisco AMP, IOS/ASA, Firepower & Umbrella
CockroachDB
Common Event Format (CEF)
CoreDNS
Crowdstrike Falcon
Docker Logging Plugin
Envoy Proxy
Fortinet Fortigate
Google Cloud (Pub/Sub, VPC, etc.)
Google Workspace
IBM MQ
Iptables
Istio Service Mesh
Juniper SRX
Microsoft 365 Defender & Defender for Endpoint
Microsoft (Office) 365
Microsoft SQL Server
Microsoft Windows Security Events
MISP
MySQL Enterprise Audit Logs
NetFlow & IPFIX
Okta
osquery
Oracle Database
Palo Alto Firewalls
PowerShell
Pivotal Cloud Foundry (PCF)
Redis Enterprise
Session initiation protocol (SIP)
Legacy SIEM connector
Snyk
Sophos XG
Suricata
Sysmon
Zeek (formerly Bro)
Zoom
Index time enrichment
Processors
Analyzers
Tokenizers
Filters
Grok
Field transformation
External lookup enrichment
Circle ingest processor
Match & Geo-match enrich processor
Data Exploration & Visualization
Dashboards
Drilldown between dashboards
Drilldown to URL
Discover
Console
Kibana query autocomplete
Run search sessions in background
Graph analytics
Embeddable dashboards
Anonymous access control (public sharing)
CSV exports
PDF and PNG reports
Saved queries
Elastic Observability
Observability overview
User Experience overview
Elastic APM
APM Server
Jaeger intake
OpenTelemetry intake for traces and metrics
APM app
Distributed tracing
Service maps
Correlations
Elastic Logs
Log shipper (Filebeat)
Dashboards for common data sources
Logs app
Elastic Metrics
Metric shipper (Metricbeat)
Dashboards for common data sources
Metrics app
Elastic Uptime
Uptime monitor (Heartbeat)
Uptime dashboards in Kibana
Uptime app
Elastic Security
Elastic Common Schema
Security information and event management (SIEM)
Host security analysis
Network security analysis
Timeline event explorer
Case management
Detection engine (e.g., correlation, indicator match, threshold)
Prebuilt detection rules
Detection rule external actions
Machine learning anomaly detection
Prebuilt anomaly detection jobs
Malware prevention and data collection
Behavioral ransomware prevention
Customizable on-endpoint protection notifications
Elastic Endgame3
Role-based access control
LDAP authentication
Single sign-on (SAML 2.0)
Mutual authentication between the platform and endpoint
RESTful API
Policy-based management
EPP and EDR on Windows, Linux, macOS
Security event collection and storage
Tamper resistance
Malware, ransomware, phishing
Memory injection, software exploitation
Adversary, tactics, techniques, and behaviors
In-memory attacks
Unwanted behaviors with customizable protection rules and automated responses
Isolate hosts
Kill process
Suspend thread execution
Automated file quarantine
Delete, upload, execute files
Artemis™ - AI-powered natural-language chat-bot
Search for IoCs and hunt using EQL
Audit system information, applications, file systems, and host firewall
Audit loaded drivers and removable media
Audit running processes, network events, registry hives and discover persistence
Automated memory analysis
Outlier analysis
File, Process, Network, DNS, Registry, Security, PowerShell, Windows Management Instrumentation, Common Language Runtime, Windows API
DLL and driver loads
Visual attack analysis, enriched with context from MITRE ATT&CK
Alert dashboards
Operations dashboards
Customizable reporting
Elastic Maps
GeoJSON upload
Multiple layers
Layer-based filtering
Client-side styling
Individual points and shapes
Geo aggregations
Embed Maps in dashboard
Embed Maps in Canvas
Tracking alerts
Containment alerts
Geo-threshold alerts
Display up to 24 zoom levels
Custom raster and vector tile service support
Kibana Alerts: tracking containment (geofencing)
Elastic App Search
App Search Server
App Search UI
Search result curation
Search analytics
Custom synonyms
Language-specific relevance
Typo-tolerant relevance model
Relevance model tuning
Index lifecycle management
Meta engines
Web crawler (beta)
Elastic Workplace Search
Workplace Search server
Unified search interface
Natural language query filtering
Search history
Typo-tolerant relevance model
Content source prioritization
Search analytics
Search API
First-party cloud source synchronization
First-party on-premise source synchronization
Custom source support
Full-text content indexing for files, documents, and records
Document-level permission support
Private sources
Orchestration
Deploy anywhere: bare metal, VMs, private or public cloud
Centrally provision, manage, and monitor multiple clusters
Resource tagging, and tag-based deployment configuration
Online same-day version updates
Single-click upgrades & scaling
User and role management
Automated periodic snapshots
Optimized resource utilization
Container-based resource isolation
Cross-cluster search and replication across ECE installations
Deployment autoscaling
Deploy Elasticsearch, Kibana, and APM Server, Beats, Enterprise Search, and Elastic Agent on Kubernetes
Provision, manage, and monitor multiple clusters
Default Elastic Stack security and authentication for every deployment
Single command upgrades and scaling
Cross-cluster replication and search within or outside of a Kubernetes cluster
Support
Support coverage
Response times
Unlimited # of incidents
Unlimited # of projects
Support contacts7
Web and phone support
Emergency patches
10
18
18
18
18
14
14
14
14
Business hrs
24/7/365
24/7/365
Critical: 4 hrs
L2: 1 day
L3: 2 days
L2: 1 day
L3: 2 days
Critical: 1 hr
L2: 4 hrs
L3: 1 day
L2: 4 hrs
L3: 1 day
Critical: 1 hr
L2: 4 hrs
L3: 1 day
L2: 4 hrs
L3: 1 day
6
8
8
1 SSPL or Elastic License
2 Elastic License
3 Feature is currently not available in deployments on Elastic Cloud Enterprise.
4 Customers whose Enterprise subscriptions use ECE/ECE Instances as the billing metric must agree to additional terms before they can access the Enterprise-level features listed in this section. Please contact us.
5 Refer to the Alerting section (Kibana Alerting and Kibana Actions items) for further details.
6 Elastic Maps Service - Terms of Service
7 Elastic Certified Professionals can be added as additional Support contacts on paid subscriptions at no additional charge.
The list above reflects the features available in the latest version of the Elastic Stack. Any features or functions of services or products referenced on this page or other pages, or in any presentations, press releases or public statements, which are not currently available or not currently available as a GA release, may not be delivered on time or at all. The development, release, and timing of any features or functionality described for our products remains at our sole discretion. Customers who purchase our products and services should make the purchase decisions based upon services and product features and functions that are currently available.
