Elasticsearch highlights
editElasticsearch highlights
editThis list summarizes the most important enhancements in Elasticsearch 7.14. For the complete list, go to Elasticsearch release highlights.
Cross-cluster EQL search
editIn 7.14, we added cross-cluster search support to EQL. Cross-cluster search lets you run an EQL search across one or more remote clusters. See Run an EQL search across clusters.
Async SQL search
editWe’ve added support for async searches to Elasticsearch SQL. Searches across large data sets or frozen data can take longer to return synchronous results. Async SQL search lets you run these searches in the background instead. See Run an async SQL search.
Transforms: support for top metrics
editTransforms are now able to support the top metrics aggregation. This improves performance when grouping by many fields. If these fields are descriptive and have the same cardinality (for example, customer first and last name describe their customer_id), then using top metrics significantly reduces the work needed to be done by aggregations. It is also a usability improvement if configuring top or last value, which previously would have required a scripted metric.
Anomaly detection: reset job API
editThe reset job API makes it easier to start anomaly detection jobs again from scratch, to put a job back to the state it was in immediately after creation – equivalent to deleting it and recreating it, but without the need to remember the configuration. It also simplifies support, as users will be able to reset their job by a single click.
New match_only_text
field type
editmatch_only_text
is a new
space-optimized variant of text
that disables scoring and performs slower
on queries that need positions. It is best suited for indexing log messages.
More memory-efficient composite aggregations
editComposite aggregations on keyword
fields no longer use
global ordinals, which for high cardinality
fields could use a lot of heap memory as part of the
field data cache.
New migrate to data tiers routing API
edit7.14 introduces the migrate to data tiers routing API. You can use the API to switch indices and ILM policies that use attribute-based allocation filters to data tiers using node roles. This lets ILM automatically move data stream indices between tiers during phase transitions. Data tiers also give you access to additional ILM features, such as partially mounted indices and the frozen tier.
New terms enum API
editThe new terms enum API lets you discover index terms that match a partial string. You can use the API for search auto-completion.
Automatic database updates for the GeoIP processor
editThe GeoIP processor uses Maxmind GeoLite2 databases to provide data about the geographical location of IP addresses. This data changes frequently as IP addresses get reused. In 7.14, we introduced a service that automatically updates these databases so their information is as accurate as possible. The service is enabled by default, but its operation can be adjusted. See GeoIP processor