6.4.0 release highlights

edit

See also Elasticsearch 6.4.0 release notes.

Analysis

edit
  • Option to index phrases on text fields - A new index_phrases option has been added to text fields. When enabled this option will index 2-shingles of the field in a separate Lucene field to allow faster, more efficient, phrase searches on that field with the trade-off of consuming more disk space in the index. For more information, see text field type.
  • Korean analysis tools - A new plugin has been added which provides analysis tools for the Korean language. The new nori analyzer can be used to analyze Korean text "out of the box" and custom analyzers can use a tokenizer, part of speech token filter and a Hanja reading form token filter. For more information, see Nori Plugin.
  • Add multiplexing token filter - This new token filter allows you to run tokens through multiple different tokenfilters and stack the results. For example, you can now easily index the original form of a token, its lowercase form and a stemmed form all at the same position, allowing you to search for stemmed and unstemmed tokens in the same field. For more information, see Multiplexer token filter.

Machine learning

edit
  • Improve your machine learning results with custom rules. If you want to fine tune your machine learning results (for example, to skip anomalies related to certain servers), you can now create custom rules in Kibana and by using machine learning APIs. Custom rules instruct anomaly detectors to change their behavior based on domain-specific knowledge that you provide. See Customizing detectors with custom rules
  • The machine learning analytics can now detect specific change points in a time series, such as step changes, linear scaling, and time shifts (for example, related to daylight savings). There is also a new probability model that can predict when step changes might occur. As a result, the machine learning results are more robust and can make more accurate predictions when these types of changes are present in your data.

Mappings

edit
  • alias field type - A new field type can now be added in the mappings. An alias field allows a field to be defined in the mappings which is an alias of another field meaning that the alias name can be used when referring to the field. For example the mapping in an index may have a hostname field and the mapping might define a alias field host_name so that when a user searches using thee field host_name it actually searches the hostname field. This can be useful for helping migrate between schemas where field names have been changed an for searching across multiple indexes which may have different field names for the same information. For more information, see Alias field type
  • _ignored meta field - A new meta field has been added to documents. The _ignored field will contain the field names of any fields that were ignored at index time due to the ignore_malformed option. This means that malformed documents can be more easily discovered by using exists or term queries on this new meta field. For more information, see _ignored field.

Rank Eval API

edit
  • Expected Reciprocal Rank metric for Rank Eval API - The Expected Reciprocal Rank has been added to the available metrics in the Rank Eval API. ERR is an extension of the classical reciprocal rank which in order to determine the usefulness of a document at position K in the results, it uses the degree of relevance of the document at positions less than K as well. For more information see Rank Evaluation API

Search

edit
  • Cross-cluster search will no longer use dedicated master nodes as gateway nodes - Previously the gateway node on a remote cluster used by cross-cluster search was selected based only on the node’s version and node attributes set in the search.remote.node.attr setting. This meant that unless carefully configured any node in the cluster could potentially be used as a gateway node for a cross-cluster search. This may cause problems when running with dedicated master nodes as it is undesirable for master eligible nodes to be used for any search activity. Starting from 6.4.0 cross-cluster search will no longer consider dedicated master eligible nodes as potential gateway nodes providing a better out of the box default for running cross cluster searches.
  • Format option for doc_value fields - doc_value fields in the Search API can now specify a format field to control the format of the value in the response. For more information, see doc_value fields.
  • Support second level of field collapse - This extends the field collapsing feature to allow the top item for two fields to be retrieved. For example retrieving top scored tweets by country, and for each country, top scored tweets for each user. This can be an alternative to using multiple levels of terms aggregations along with top hits. For more information, see Field Collapsing.

Security

edit

Snapshot and Restore

edit

6.4.0 has seen a great amount of small improvements to the Snapshot and Restore. No less than 53 S&R related changes went into this release. The changes ranges include improving testing infra structure, tightening up calls to Cloud providers API and upgrading underlying 3rd party libraries.

Specifically we want to highlight the added support for AWS session tokens to both the EC2 discovery plugin and the S3 repository plugins. This allows Elasticsearch to use AWS devices protected by multi factor authentication.