Here are the highlights of what’s new and improved in Skedler Reports 4.16.0 & Alerts 4.8.0. For detailed information about this release, check the release notes.
EQL (Event Query Language) is a declarative language dedicated to identifying patterns and relationships between events. Consider using EQL if you use Elasticsearch for threat hunting or other security use cases. Search time-series data or logs, such as network or system logs
A data stream is a convenient, scalable way to ingest, search, and manage continuously generated time-series data. They provide a simpler way to split data across multiple indices and still query it via a single named resource.
Enable fully concurrent snapshot operations
Snapshot operations can now execute in a fully concurrent manner.
Indexing metrics and backpressure
ELK 7.9 now tracks metrics about the number of indexing request bytes that are outstanding at each point in the indexing process (coordinating, primary, and replication) which is supported by Skedler. These metrics are exposed in the node stats API. Additionally, the new setting indexing_pressure.memory.limit controls the maximum number of bytes that can be outstanding, which is 10% of the heap by default. Once this number of bytes from a node’s heap is consumed by outstanding indexing bytes, Elasticsearch will start rejecting new coordinating and primary requests.
Inference in pipeline aggregations
In this release, the inference is even more flexible! You can reference a pre-trained data frame analytics model in aggregation to infer on the result field of the parent bucket aggregation. The aggregation uses the model on the results to provide a prediction. This addition enables you to run classification or regression analysis at search time. If you want to perform analysis on a small set of data, you can generate predictions without the need to set up a processor in the ingest pipeline.