Edelweiss - Fotolia
Elastic Inc. expanded its eponymous Elastic Stack with a new release that adds enhanced capabilities to the platform for data analytics and management.
The Elastic Stack integrates multiple elements and was originally known as the ELK stack, which is an acronym for the origin core components, Elasticsearch, Logstash and Kibana. Elasticsearch provides search and analytics capabilities, Logstash helps to inject and collect data, while Kibana provides the visualization elements.
Among the key new additions in Elastic Stack 7.3, unveiled July 31, is a capability known as Data Frames, which provide a different way to manage data in terms of entities such as hosts, which in turn can lead to different types of analysis.
An Elastic Stack user interested in the Data Frames feature is Steve Caruso, director of information technology for the Will County Sheriff's Office in Illinois.
"We are utilizing the Elastic Stack and the Elastic Cloud to create a crime analysis system," Caruso said. "Once the system is ready, we are hoping to enroll all of the local law enforcement agencies within Will County to utilize the system and share data. This collaboration would help facilitate a broader and more detailed view of crime as a whole."
Caruso said his office will look at the new Data Frames features as he sees some value.
"For some time we have desired the ability to pivot our data within Elastic," Caruso said. "I can see multiple potential benefits."
Steve CarusoDirector of information technology for the Will County Sheriff's Office in Illinois
One such benefit that Caruso sees is the ability to pivot across mastername data sources seeking a single name.
"If our investigations unit has a lead and wants to track them across all of the data sources we ingest for masternames, we could do that," he said.
Caruso said that with the Data Frames approach, his office can see which agencies might have had the most contacts, or areas a suspect frequents. He added that another potential benefit would be to track specific types of crimes over the days of the week to seek out trends that could be used for staffing.
"What data frames allow you to do is transform event-based data into entity-centric data," said Steve Kearns, vice president of product management, at the open source data search and analytics vendor. "In some cases, you want to transform data so instead of an index of event-based data, you want an index of entities and host and a set of properties about those hosts."
Another key new feature in the Elastic Stack 7.3 update is the integration of machine learning capabilities into Kibana that provide enhanced analytics capabilities.
Kearns explained that the way a Kibana visualization works is the user chooses what they want to search and then the system creates a visualization from the time series data. Including machine learning now enables a user to benefit from advanced analytics to identify different trends from the data. The machine learning can be used for any number of different use cases, including enabling an unsupervised anomaly detection capability from logs.
Maps in Elastic Stack 7.3
Another key addition in the Elastic Stack 7.3 update is the general availability of the Maps feature. The Maps feature can also be used to help visualize network usage and infrastructure.
"It's a rich way of visualizing and exploring geospatial data," Kearns said. "We realized that users want to be able to display multiple layers of data and want to be able to overlay multiple different views and be able to bring in different kinds of queries."
New data sources
Kearns noted that Elastic Stack 7.3 provides more data sources as well. Among the data sources now supported are Oracle database, Amazon RDS and CockroachDB alongside improved integration with Amazon Kinesis data streams. For application performance monitoring, Elastic Stack 7.3 now gains support for Microsoft's .net framework and its data libraries.
"One of the things that we've been doing to make usage easier over the years has been producing what you can really think of as pre-canned data sources," he said. "We've continued to expand the set of data sources that we support and this release really has quite a few."