Elastic 8.17: Elasticsearch logsdb index mode, Elastic Rerank, and more

Logs are the simplest and most crucial signal for diagnosing issues, especially as AI advancements enable easier analysis of text-based data.

With the general availability of the Elasticsearch specialized logsdb index mode, Elastic has dramatically reduced the storage footprint of log data in Elasticsearch by up to 65%. This allows you to store more observability and security data without exceeding your budget while keeping all data accessible and searchable. Logsdb index mode enables index sorting and advanced compression techniques like ZSTD, delta encoding, and run-length encoding.

Find more details in the logsdb index mode blog or in the 8.17 release notes.

Reranking models provide a semantic boost to any search experience without requiring a change in the schema of your data. This gives you room to explore other relevance tools for semantic relevance on your own time and within your budget.

8.17 provides a semantic boost for full-text search with a highly performant and efficient semantic reranking model. The technical preview of Elastic Rerank model — in addition to the ability to integrate with third-party models for semantic reranking — makes it much easier to get started with relevance tuning.

Find more details in the Elastic Rerank blog or in the 8.17 release notes.

The technical preview of new MATCH and query string (QSTR) functions in ES|QL makes log searches easier and more intuitive. MATCH delivers full-text search functionality in ES|QL using a Lucene match query, while QTSR aids in more advanced filtering of log data by enabling Lucene query string queries. 

Full-text search for ES|QL enables easier and more performant searching in Discover, especially when dealing with multiple terms or conditional logic.

These new search functions in ES|QL offer a substantial performance improvement. Queries can now run 50x–1000x faster than equivalent RLIKE queries, especially on larger data sets. The addition of this feature to ES|QL allows you to take advantage of one of the main benefits of Elastic — the ability to index all data in advance — thereby doing the heavy lifting once and enabling really fast full-text search later.

All of this aligns closely with Elasticsearch DSL functions for better feature parity, intuitiveness, and speed in your search. ES|QL also offers complete geosearch capabilities with significantly improved latency for sorting by distance.

The general availability of query rules with retrievers enables you to now use query rules for hybrid search use cases, making it possible to combine several search methods and pin or exclude certain results. This is especially useful for ecommerce and merchandising use cases for sales promotions or targeted results. 

Simplify enterprise access management with SAML single sign-on (SSO) — now generally available for Elastic Cloud. Otherwise known as Bring Your Own Identity Provider (BYOIdP), our new SSO capability eliminates complex, repetitive authentication and authorization configurations by allowing you to set up a single, centralized identity management solution across your entire Elastic Cloud environment.

Key benefits include:

• Streamlined user onboarding with automatic organizational membership and account provisioning

• Enhanced security through centralized authentication enforcement across your organization

• Granular access control by seamlessly mapping Identity Provider (IdP) groups directly to Elastic Cloud roles

• Reduced administrative overhead by configuring SAML SSO once at the Control Plane level

We are working toward providing a central and even more contextual experience for log analytics in Discover. See the Kibana release notes for a list of changes and deprecations that will enable Discover to be the one stop for all logging workflows.

Ready to get started? Elastic 8.17 is now available on Elastic Cloud — the hosted Elasticsearch service that includes all of the new features in this latest release. 

The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.