Our Blog

What’s new in Skedler Reports 4.16.0 & Alerts 4.8.0

Here are the highlights of what’s new and improved in Skedler Reports 4.16.0 & Alerts 4.8.0. For detailed information about this release, check the release notes.

EQL

EQL (Event Query Language) is a declarative language dedicated to identifying patterns and relationships between events. Consider using EQL if you use Elasticsearch for threat hunting or other security use cases. Search time-series data or logs, such as network or system logs

Data streams

A data stream is a convenient, scalable way to ingest, search, and manage continuously generated time-series data. They provide a simpler way to split data across multiple indices and still query it via a single named resource.

Enable fully concurrent snapshot operations

Snapshot operations can now execute in a fully concurrent manner.

Create and delete operations can be started in any order
Delete operations wait for snapshot finalization to finish and are batched as much as possible to improve efficiency.
Snapshot creation is completely concurrent across shards, but per shard, snapshots are linearized for each repository, as are snapshot finalizations

Indexing metrics and backpressure

ELK 7.9 now tracks metrics about the number of indexing request bytes that are outstanding at each point in the indexing process (coordinating, primary, and replication) which is supported by Skedler. These metrics are exposed in the node stats API. Additionally, the new setting indexing_pressure.memory.limit controls the maximum number of bytes that can be outstanding, which is 10% of the heap by default. Once this number of bytes from a node’s heap is consumed by outstanding indexing bytes, Elasticsearch will start rejecting new coordinating and primary requests.

Inference in pipeline aggregations

In this release, the inference is even more flexible! You can reference a pre-trained data frame analytics model in aggregation to infer on the result field of the parent bucket aggregation. The aggregation uses the model on the results to provide a prediction. This addition enables you to run classification or regression analysis at search time. If you want to perform analysis on a small set of data, you can generate predictions without the need to set up a processor in the ingest pipeline.