├── LICENSE
└── README.md


/LICENSE:
--------------------------------------------------------------------------------
  1 |                                  Apache License
  2 |                            Version 2.0, January 2004
  3 |                         http://www.apache.org/licenses/
  4 | 
  5 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  6 | 
  7 |    1. Definitions.
  8 | 
  9 |       "License" shall mean the terms and conditions for use, reproduction,
 10 |       and distribution as defined by Sections 1 through 9 of this document.
 11 | 
 12 |       "Licensor" shall mean the copyright owner or entity authorized by
 13 |       the copyright owner that is granting the License.
 14 | 
 15 |       "Legal Entity" shall mean the union of the acting entity and all
 16 |       other entities that control, are controlled by, or are under common
 17 |       control with that entity. For the purposes of this definition,
 18 |       "control" means (i) the power, direct or indirect, to cause the
 19 |       direction or management of such entity, whether by contract or
 20 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 21 |       outstanding shares, or (iii) beneficial ownership of such entity.
 22 | 
 23 |       "You" (or "Your") shall mean an individual or Legal Entity
 24 |       exercising permissions granted by this License.
 25 | 
 26 |       "Source" form shall mean the preferred form for making modifications,
 27 |       including but not limited to software source code, documentation
 28 |       source, and configuration files.
 29 | 
 30 |       "Object" form shall mean any form resulting from mechanical
 31 |       transformation or translation of a Source form, including but
 32 |       not limited to compiled object code, generated documentation,
 33 |       and conversions to other media types.
 34 | 
 35 |       "Work" shall mean the work of authorship, whether in Source or
 36 |       Object form, made available under the License, as indicated by a
 37 |       copyright notice that is included in or attached to the work
 38 |       (an example is provided in the Appendix below).
 39 | 
 40 |       "Derivative Works" shall mean any work, whether in Source or Object
 41 |       form, that is based on (or derived from) the Work and for which the
 42 |       editorial revisions, annotations, elaborations, or other modifications
 43 |       represent, as a whole, an original work of authorship. For the purposes
 44 |       of this License, Derivative Works shall not include works that remain
 45 |       separable from, or merely link (or bind by name) to the interfaces of,
 46 |       the Work and Derivative Works thereof.
 47 | 
 48 |       "Contribution" shall mean any work of authorship, including
 49 |       the original version of the Work and any modifications or additions
 50 |       to that Work or Derivative Works thereof, that is intentionally
 51 |       submitted to Licensor for inclusion in the Work by the copyright owner
 52 |       or by an individual or Legal Entity authorized to submit on behalf of
 53 |       the copyright owner. For the purposes of this definition, "submitted"
 54 |       means any form of electronic, verbal, or written communication sent
 55 |       to the Licensor or its representatives, including but not limited to
 56 |       communication on electronic mailing lists, source code control systems,
 57 |       and issue tracking systems that are managed by, or on behalf of, the
 58 |       Licensor for the purpose of discussing and improving the Work, but
 59 |       excluding communication that is conspicuously marked or otherwise
 60 |       designated in writing by the copyright owner as "Not a Contribution."
 61 | 
 62 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 63 |       on behalf of whom a Contribution has been received by Licensor and
 64 |       subsequently incorporated within the Work.
 65 | 
 66 |    2. Grant of Copyright License. Subject to the terms and conditions of
 67 |       this License, each Contributor hereby grants to You a perpetual,
 68 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 69 |       copyright license to reproduce, prepare Derivative Works of,
 70 |       publicly display, publicly perform, sublicense, and distribute the
 71 |       Work and such Derivative Works in Source or Object form.
 72 | 
 73 |    3. Grant of Patent License. Subject to the terms and conditions of
 74 |       this License, each Contributor hereby grants to You a perpetual,
 75 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 76 |       (except as stated in this section) patent license to make, have made,
 77 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 78 |       where such license applies only to those patent claims licensable
 79 |       by such Contributor that are necessarily infringed by their
 80 |       Contribution(s) alone or by combination of their Contribution(s)
 81 |       with the Work to which such Contribution(s) was submitted. If You
 82 |       institute patent litigation against any entity (including a
 83 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 84 |       or a Contribution incorporated within the Work constitutes direct
 85 |       or contributory patent infringement, then any patent licenses
 86 |       granted to You under this License for that Work shall terminate
 87 |       as of the date such litigation is filed.
 88 | 
 89 |    4. Redistribution. You may reproduce and distribute copies of the
 90 |       Work or Derivative Works thereof in any medium, with or without
 91 |       modifications, and in Source or Object form, provided that You
 92 |       meet the following conditions:
 93 | 
 94 |       (a) You must give any other recipients of the Work or
 95 |           Derivative Works a copy of this License; and
 96 | 
 97 |       (b) You must cause any modified files to carry prominent notices
 98 |           stating that You changed the files; and
 99 | 
100 |       (c) You must retain, in the Source form of any Derivative Works
101 |           that You distribute, all copyright, patent, trademark, and
102 |           attribution notices from the Source form of the Work,
103 |           excluding those notices that do not pertain to any part of
104 |           the Derivative Works; and
105 | 
106 |       (d) If the Work includes a "NOTICE" text file as part of its
107 |           distribution, then any Derivative Works that You distribute must
108 |           include a readable copy of the attribution notices contained
109 |           within such NOTICE file, excluding those notices that do not
110 |           pertain to any part of the Derivative Works, in at least one
111 |           of the following places: within a NOTICE text file distributed
112 |           as part of the Derivative Works; within the Source form or
113 |           documentation, if provided along with the Derivative Works; or,
114 |           within a display generated by the Derivative Works, if and
115 |           wherever such third-party notices normally appear. The contents
116 |           of the NOTICE file are for informational purposes only and
117 |           do not modify the License. You may add Your own attribution
118 |           notices within Derivative Works that You distribute, alongside
119 |           or as an addendum to the NOTICE text from the Work, provided
120 |           that such additional attribution notices cannot be construed
121 |           as modifying the License.
122 | 
123 |       You may add Your own copyright statement to Your modifications and
124 |       may provide additional or different license terms and conditions
125 |       for use, reproduction, or distribution of Your modifications, or
126 |       for any such Derivative Works as a whole, provided Your use,
127 |       reproduction, and distribution of the Work otherwise complies with
128 |       the conditions stated in this License.
129 | 
130 |    5. Submission of Contributions. Unless You explicitly state otherwise,
131 |       any Contribution intentionally submitted for inclusion in the Work
132 |       by You to the Licensor shall be under the terms and conditions of
133 |       this License, without any additional terms or conditions.
134 |       Notwithstanding the above, nothing herein shall supersede or modify
135 |       the terms of any separate license agreement you may have executed
136 |       with Licensor regarding such Contributions.
137 | 
138 |    6. Trademarks. This License does not grant permission to use the trade
139 |       names, trademarks, service marks, or product names of the Licensor,
140 |       except as required for reasonable and customary use in describing the
141 |       origin of the Work and reproducing the content of the NOTICE file.
142 | 
143 |    7. Disclaimer of Warranty. Unless required by applicable law or
144 |       agreed to in writing, Licensor provides the Work (and each
145 |       Contributor provides its Contributions) on an "AS IS" BASIS,
146 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 |       implied, including, without limitation, any warranties or conditions
148 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 |       PARTICULAR PURPOSE. You are solely responsible for determining the
150 |       appropriateness of using or redistributing the Work and assume any
151 |       risks associated with Your exercise of permissions under this License.
152 | 
153 |    8. Limitation of Liability. In no event and under no legal theory,
154 |       whether in tort (including negligence), contract, or otherwise,
155 |       unless required by applicable law (such as deliberate and grossly
156 |       negligent acts) or agreed to in writing, shall any Contributor be
157 |       liable to You for damages, including any direct, indirect, special,
158 |       incidental, or consequential damages of any character arising as a
159 |       result of this License or out of the use or inability to use the
160 |       Work (including but not limited to damages for loss of goodwill,
161 |       work stoppage, computer failure or malfunction, or any and all
162 |       other commercial damages or losses), even if such Contributor
163 |       has been advised of the possibility of such damages.
164 | 
165 |    9. Accepting Warranty or Additional Liability. While redistributing
166 |       the Work or Derivative Works thereof, You may choose to offer,
167 |       and charge a fee for, acceptance of support, warranty, indemnity,
168 |       or other liability obligations and/or rights consistent with this
169 |       License. However, in accepting such obligations, You may act only
170 |       on Your own behalf and on Your sole responsibility, not on behalf
171 |       of any other Contributor, and only if You agree to indemnify,
172 |       defend, and hold each Contributor harmless for any liability
173 |       incurred by, or claims asserted against, such Contributor by reason
174 |       of your accepting any such warranty or additional liability.
175 | 
176 |    END OF TERMS AND CONDITIONS
177 | 
178 |    APPENDIX: How to apply the Apache License to your work.
179 | 
180 |       To apply the Apache License to your work, attach the following
181 |       boilerplate notice, with the fields enclosed by brackets "[]"
182 |       replaced with your own identifying information. (Don't include
183 |       the brackets!)  The text should be enclosed in the appropriate
184 |       comment syntax for the file format. We also recommend that a
185 |       file or class name and description of purpose be included on the
186 |       same "printed page" as the copyright notice for easier
187 |       identification within third-party archives.
188 | 
189 |    Copyright [yyyy] [name of copyright owner]
190 | 
191 |    Licensed under the Apache License, Version 2.0 (the "License");
192 |    you may not use this file except in compliance with the License.
193 |    You may obtain a copy of the License at
194 | 
195 |        http://www.apache.org/licenses/LICENSE-2.0
196 | 
197 |    Unless required by applicable law or agreed to in writing, software
198 |    distributed under the License is distributed on an "AS IS" BASIS,
199 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 |    See the License for the specific language governing permissions and
201 |    limitations under the License.
202 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
   1 | # Elastic releases
   2 | Listing releases of the Elastic stack with new features and references
   3 | 
   4 | Try the official [Elastic Cloud](https://www.elastic.co/cloud/) service, either hosted or serverless!
   5 | 
   6 | _Note_: if you are using Kubernetes, OpenShift, AKS, EKS or GKE, you can have a look at Elastic Cloud for Kubernetes (ECK) through the [guide](https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-overview.html), the [release note](https://www.elastic.co/blog/introducing-elastic-cloud-on-kubernetes-the-elasticsearch-operator-and-beyond) and the blog post ([part 1](https://www.elastic.co/blog/getting-started-with-elastic-cloud-on-kubernetes-deployment) and [part 2](https://www.elastic.co/blog/getting-started-with-elastic-cloud-on-kubernetes-data-ingestion))
   7 | 
   8 | Tip of the day: have a look at our [MCP server](https://www.elastic.co/search-labs/blog/elastic-mcp-server-agent-builder-tools) and the [Elasticsearch CLI](https://github.com/Anaethelion/escli-rs)!
   9 | 
  10 | Products below are: A ([Elastic Agent](https://www.elastic.co/elastic-agent)), B ([Beats](https://www.elastic.co/beats)), APM ([APM agents](https://www.elastic.co/apm/)), L ([Logstash](https://www.elastic.co/logstash)), ES ([Elasticsearch](https://www.elastic.co/elasticsearch)), ML ([Machine Learning](https://www.elastic.co/what-is/elastic-stack-machine-learning)) and K ([Kibana](https://www.elastic.co/kibana)).
  11 | 
  12 | You should also subscribe to our blogs [Obserability Labs](https://www.elastic.co/observability-labs), [Search Labs](https://www.elastic.co/search-labs) and [Security Labs](https://www.elastic.co/security-labs) for more references.
  13 | 
  14 | 
  15 | 
  16 | ## 9.2
  17 | 
  18 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
  19 | | --- | --- | --- |
  20 | | 23 October 2025 | Max(15/10/2027, v10.0+18m) | EoM+6m |
  21 | 
  22 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-9-2-0)
  23 | 
  24 | | Product | Feature | Description | References |
  25 | | --- | --- | --- | --- |
  26 | | ES | OTLP metrics | New OTLP metrics endpoint boosts ingest throughput by up to 60% |  |
  27 | | ES | DiskBBQ | Vector storage approach that partitions and searches compact clusters directly from disk | [blog post](https://www.elastic.co/search-labs/blog/diskbbq-elasticsearch-introduction), [benchmark](https://www.elastic.co/search-labs/blog/elasticsearch-latency-low-memory-diskbbq-hnswbbq-benchmark) |
  28 | | ES | Vectors optim | By default, vectors excluded from source for newly created indices, reducing storage and improving indexing performance | [blog post](https://www.elastic.co/search-labs/blog/elasticsearch-exclude-vectors-from-source) |
  29 | | ES | Improved Joins | ES\|QL LOOPKUP JOIN supports CCS, matches on multiple fields and expressions, supports CSV upload and performs up to 90x faster when filtered | [blog post](https://www.elastic.co/search-labs/blog/elastic-discover-context-evolution) |
  30 | | ES | ES\|QL for TS | The 'TS' (time series) source command enables TS semantics and adds support for TS agg fungs over time | [blog post](https://www.elastic.co/observability-labs/blog/metrics-explore-analyze-with-esql-discover) |
  31 | | ES | Query history | Store up to 200-300 ES\|QL queries and search them |  |
  32 | | K | Agent Builder | AI-powered capabilities to natively chat with ES data and simplify the development of custom AI agents | [intro post](https://www.elastic.co/search-labs/blog/elastic-ai-agent-builder-context-engineering-introduction), [MCP server](https://www.elastic.co/search-labs/blog/elastic-mcp-server-agent-builder-tools), [agentic](https://www.elastic.co/search-labs/blog/ai-agentic-workflows-elastic-ai-agent-builder), [another post](https://www.elastic.co/search-labs/blog/ai-agent-builder-elasticsearch) |
  33 | | K | Streams | A set of AI-driven capabilities that help parsing, compressing, and surfacing insights | [blog post](https://www.elastic.co/observability-labs/blog/elastic-observability-streams-ai-logs-investigations), [other one](https://www.elastic.co/observability-labs/blog/reimagine-observability-elastic-streams) |
  34 | | K | Discover tabs | Discover Tabs lets you run multiple explorations in one view | [blog post](https://www.elastic.co/search-labs/blog/elastic-discover-context-evolution) |
  35 | | K | Navigation refresh | On-hover menu access, a visible menu in collapsed mode, and icon-driven navigation | [blog post](https://www.elastic.co/search-labs/blog/elastic-kibana-9.2-navigation-refresh) |
  36 | | K | Device Control | define and enforce Elastic Defend policies that govern the use of storage devices |  |
  37 | | K | EDR dashboard | Elastic Defend D&R dashboard provides visibility into endpoint detection activity |  |
  38 | | K | Chat sharing | Share AI Assistant conversations - while ensuring proper attribution and security controls |  |
  39 | | K | Splunk migration | Automatic Migration for Dashboards significantly reduces onboarding time by helping users migrate custom dashboards from Splunk |  |
  40 | | K | Webhook enhanced | The webhook connector now supports OAuth 2.0 authentication and headers encryption |  |
  41 | 
  42 | 
  43 | ## 9.1
  44 | 
  45 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
  46 | | --- | --- | --- |
  47 | | 29 July 2025 | Max(15/10/2027, v10.0+18m) | EoM+6m |
  48 | 
  49 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-9-1-0)
  50 | 
  51 | | Product | Feature | Description | References |
  52 | | --- | --- | --- | --- |
  53 | | A | Vuln context | New integrations for vulnerability management tools (Qualys, Tenable, Rapid7) to add context in threat investigations |  |
  54 | | A | Azure AI Foundry | New integration centralizes observability (logs and metrics) from any AI model on Azure AI Foundry | [blog post](https://www.elastic.co/observability-labs/blog/llm-observability-azure-ai-foundry) |
  55 | | A | Crawler | The Open Web Crawler supports HTML5, new selectors, per-domain auth, and logging | [doc](https://github.com/elastic/crawler), [blog post](https://www.elastic.co/search-labs/blog/elastic-open-crawler-in-windows-with-docker) |
  56 | | ES | LogsDB optim | The logsdb index mode now saves up to 75% of disk storage for only 5% ingestion overhead | [blog post](https://www.elastic.co/search-labs/blog/elastic-logsdb-tsds-enhancements) |
  57 | | ES | Failure store | Data stream option to use a "failure store" to hold documents that fail to be ingested | [blog post](https://www.elastic.co/search-labs/blog/elastic-failure-store), [doc](https://www.elastic.co/docs/manage-data/data-store/data-streams/failure-store) |
  58 | | ES | CSS for ES\|QL | ES\|QL on cross-cluster search (CCS), now with a re-engineered, resilient architecture | [blog post](https://www.elastic.co/search-labs/blog/esql-cross-cluster-search) |
  59 | | ES | ES\|QL addons | Fork operator that allows multiple branches of execution. Sample to reduce data volume | [blog post](https://www.elastic.co/search-labs/blog/esql-elasticsearch-8-19-9-1), [history of improvements](https://www.elastic.co/search-labs/blog/esql-timeline-of-improvements) |
  60 | | ES | BBQ by default | 32x compression for dense vectors without compromising relevance through BBQ |  |
  61 | | ES | ACORN | New algorithm that brings 5x speedup when performing filtered vector queries | [blog post](https://www.elastic.co/search-labs/blog/elasticsearch-9-1-bbq-acorn-vector-search) |
  62 | | K | Fleet mngt | Fleet supports multiple clusters, auto upgrades, integrations bulk upgrades... and space awareness! |  |
  63 | | K | Streams | Easier ingest processing and retention configuration for data streams |  |
  64 | | K | Scheduled exports | Exports scheduling and email notification with export attachment |  |
  65 | | K | Alerting upgrade | Improved related alert grouping, linking dashboards to alert rules, and embedding investigation guides into alerts | [blog post](https://www.elastic.co/observability-labs/blog/elastic-stack-observability-alerting-upgrade) |
  66 | | K | Dashboard sections | Ability to create sections that can be collapsed/expanded |  |
  67 | | K | AI for o11y | The AI Assistant for o11y supports multilingual & anonymization, as well as conversations sharing and archiving |  |
  68 | | K | Synthetics mngt | Many improvements to Synthetics: redesigned overview, maintenance windows, space-awareness and more |  |
  69 | | K | Security rules | Rule management (compare, preview, revert), ES\|QL rule improvements |  |
  70 | 
  71 | 
  72 | ## 9.0
  73 | 
  74 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
  75 | | --- | --- | --- |
  76 | | 15 April 2025 | Max(15/10/2027, v10.0+18m) | EoM+6m |
  77 | 
  78 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-9-0-0)
  79 | 
  80 | | Product | Feature | Description | References |
  81 | | --- | --- | --- | --- |
  82 | | A | Agentless CSPM | New agentless integrations for CrowdStrike, Google Workspace, Microsoft 365 Defender, Okta, Qualys VMDR, SentinelOne | [doc](https://www.elastic.co/guide/en/security/current/agentless-integrations.html) |
  83 | | APM | OpenAI O11y | First GenAI instrumentation capability in the EDOT language SDKs: OpenAI (Python, Node.js and Java support) |  |
  84 | | L | Kafka auth | The Kafka integration now supports OAuth and SASL |  |
  85 | | ES | Lucene 10 | Elasticsearch 9.0 now runs on Lucene 10, bringing significant performance improvements | [blog post](https://www.elastic.co/search-labs/blog/apache-lucene-10-release-highlights) |
  86 | | ES | Joins!! | Joining between two indices is now finally possible with ES\|QL LOOKUP JOIN | [blog post](https://www.elastic.co/search-labs/blog/esql-joins-are-here-yes-joins), [another one](https://www.elastic.co/blog/esql-lookup-join-elasticsearch), [in o11y](https://www.elastic.co/observability-labs/blog/elastic-esql-join-observability), [join for dedup](https://www.elastic.co/blog/log-deduplication-esql-lookup-join) and [a last one](https://www.elastic.co/search-labs/blog/elasticsearch-join-two-indexes) |
  87 | | ES | Logsdb by default | Elasticsearch logsdb index mode is now enabled by default for logs-* data streams |  |
  88 | | ES | Data stream reindex | This API simplifies the process of upgrading backing indices for data streams | [doc](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-migrate-reindex) |
  89 | | ES | KQL filter | Employ the familiar KQL (Kibana Query Language) inside an ES\|QL query |  |
  90 | | ES | ML in ES\|QL | Categorize function: groups logs based on textual similarities, paving the way for log pattern analysis |  |
  91 | | ES | ES\|QL search | Adding support for scoring, semantic search, more configuration options for the match function | [blog post](https://www.elastic.co/search-labs/blog/esql-introducing-scoring-semantic-search) |
  92 | | ES | Hash in ES\|QL | Specific MD5, SHA1, and SHA256 functions to calculate the hash of a field |  |
  93 | | ES | JinaAI & Watsonx | Added integration in our open inference API to use JinaAI (embeddings & reranking) or Watsonx.ai (reranking) | [jina post](https://www.elastic.co/search-labs/blog/jina-ai-embeddings-rerank-model-open-inference-api), [watson post](https://www.elastic.co/search-labs/blog/ibm-watsonx-elasticsearch-inference-api-rerank-models) |
  94 | | ES | Deprecation | App Search and Enterprise Search solutions have been discontinued | [blog post](https://www.elastic.co/blog/app-search-to-elasticsearch), [another post](https://www.elastic.co/search-labs/blog/elastic-app-search-data-elasticsearch-9) |
  95 | | K | AI Assistant for logs | AI-driven insights help surface critical log patterns and troubleshooting recommendations in Discover |  |
  96 | | K | LLM security | Ability to audit LLMs for malicious behavior such as prompt injections | [blog post](https://www.elastic.co/security-labs/embedding-security-in-llm-workflows) |
  97 | | K | Deprecations | Logs Explorer and Logs Stream are removed, in favor of Discover | [blog post](https://www.elastic.co/blog/whats-new-elastic-observability-9-0-0#goodbye-logs-explorer-and-logs-stream-hello-discover) |
  98 | | K | Canvas EOL | Canvas is deprecated, possibly removed in 10.0. Possible replacement is Kibana freeform layout | [github](https://github.com/elastic/kibana/pull/212450) |
  99 | | K | Automatic migration | Provides an AI-driven workflow for migrating legacy SIEM detection rules to Elastic Security |  |
 100 | | K | Rule update | Apply update of detection rules without overwriting any custom changes | [blog post](https://www.elastic.co/blog/security-prebuilt-rules-editing) |
 101 | | K | Endpoint response | Execute third-party (CrowdStrike, Microsoft Defender and SentinelOne) endpoint response actions from Elastic Security |  |
 102 | 
 103 | 
 104 | ## 8.19
 105 | 
 106 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 107 | | --- | --- | --- |
 108 | | 29 July 2025 | 15 Jan 2027 | 15 July 2027 |
 109 | 
 110 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-9-1-0)
 111 | 
 112 | | Product | Feature | Description | References |
 113 | | --- | --- | --- | --- |
 114 | | A | Vuln context | New integrations for vulnerability management tools (Qualys, Tenable, Rapid7) to add context in threat investigations |  |
 115 | | A | Azure AI Foundry | New integration centralizes observability (logs and metrics) from any AI model on Azure AI Foundry | [blog post](https://www.elastic.co/observability-labs/blog/llm-observability-azure-ai-foundry) |
 116 | | A | Crawler | The Open Web Crawler supports HTML5, new selectors, per-domain auth, and logging | [doc](https://github.com/elastic/crawler), [blog post](https://www.elastic.co/search-labs/blog/elastic-open-crawler-in-windows-with-docker) |
 117 | | ES | LogsDB optim | The logsdb index mode now saves up to 75% of disk storage for only 10% ingestion overhead | [blog post](https://www.elastic.co/search-labs/blog/elastic-logsdb-tsds-enhancements) |
 118 | | ES | Failure store | Data stream option to use a "failure store" to hold documents that fail to be ingested | [blog post](https://www.elastic.co/search-labs/blog/elastic-failure-store), [doc](https://www.elastic.co/docs/manage-data/data-store/data-streams/failure-store) |
 119 | | ES | CSS for ES\|QL | ES\|QL on cross-cluster search (CCS), now with a re-engineered, resilient architecture | [blog post](https://www.elastic.co/search-labs/blog/esql-cross-cluster-search) |
 120 | | ES | ES\|QL addons | Fork operator that allows multiple branches of execution. Sample to reduce data volume | [blog post](https://www.elastic.co/search-labs/blog/esql-elasticsearch-8-19-9-1), [history of improvements](https://www.elastic.co/search-labs/blog/esql-timeline-of-improvements) |
 121 | | ES | BBQ by default | 32x compression for dense vectors without compromising relevance through BBQ |  |
 122 | | ES | ACORN | New algorithm that brings 5x speedup when performing filtered vector queries | [blog post](https://www.elastic.co/search-labs/blog/elasticsearch-9-1-bbq-acorn-vector-search) |
 123 | | K | Fleet mngt | Fleet supports multiple clusters, auto upgrades, integrations bulk upgrades... and space awareness! |  |
 124 | | K | Streams | Easier ingest processing and retention configuration for data streams |  |
 125 | | K | Scheduled exports | Exports scheduling and email notification with export attachment |  |
 126 | | K | Alerting upgrade | Improved related alert grouping, linking dashboards to alert rules, and embedding investigation guides into alerts | [blog post](https://www.elastic.co/observability-labs/blog/elastic-stack-observability-alerting-upgrade) |
 127 | | K | Dashboard sections | Ability to create sections that can be collapsed/expanded |  |
 128 | | K | AI for o11y | The AI Assistant for o11y supports multilingual & anonymization, as well as conversations sharing and archiving |  |
 129 | | K | Synthetics mngt | Many improvements to Synthetics: redesigned overview, maintenance windows, space-awareness and more |  |
 130 | | K | Security rules | Rule management (compare, preview, revert), ES\|QL rule improvements |  |
 131 | 
 132 | 
 133 | ## 8.18
 134 | 
 135 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 136 | | --- | --- | --- |
 137 | | 15 April 2025 | 23 October 2025 | 15 July 2027 |
 138 | 
 139 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-9-0-0)
 140 | 
 141 | | Product | Feature | Description | References |
 142 | | --- | --- | --- | --- |
 143 | | A | Agentless CSPM | New agentless integrations for CrowdStrike, Google Workspace, Microsoft 365 Defender, Okta, Qualys VMDR, SentinelOne | [doc](https://www.elastic.co/guide/en/security/current/agentless-integrations.html) |
 144 | | APM | OpenAI O11y | First GenAI instrumentation capability in the EDOT language SDKs: OpenAI (Python, Node.js and Java support) |  |
 145 | | L | Kafka auth | The Kafka integration now supports OAuth and SASL |  |
 146 | | ES | Joins!! | Joining between two indices is now finally possible with ES\|QL LOOKUP JOIN | [blog post](https://www.elastic.co/search-labs/blog/esql-joins-are-here-yes-joins), [another one](https://www.elastic.co/blog/esql-lookup-join-elasticsearch), [in o11y](https://www.elastic.co/observability-labs/blog/elastic-esql-join-observability) and [a last one](https://www.elastic.co/search-labs/blog/elasticsearch-join-two-indexes) |
 147 | | ES | Data stream reindex | This API simplifies the process of upgrading backing indices for data streams | [doc](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-migrate-reindex) |
 148 | | ES | KQL filter | Employ the familiar KQL (Kibana Query Language) inside an ES\|QL query |  |
 149 | | ES | ML in ES\|QL | Categorize function: groups logs based on textual similarities, paving the way for log pattern analysis |  |
 150 | | ES | ES\|QL search | Adding support for scoring, semantic search, more configuration options for the match function | [blog post](https://www.elastic.co/search-labs/blog/esql-introducing-scoring-semantic-search) |
 151 | | ES | Hash in ES\|QL | Specific MD5, SHA1, and SHA256 functions to calculate the hash of a field |  |
 152 | | ES | JinaAI & Watsonx | Added integration in our open inference API to use JinaAI (embeddings & reranking) or Watsonx.ai (reranking) | [blog post](https://www.elastic.co/search-labs/blog/jina-ai-embeddings-rerank-model-open-inference-api) |
 153 | | K | AI Assistant for logs | AI-driven insights help surface critical log patterns and troubleshooting recommendations in Discover |  |
 154 | | K | LLM security | Ability to audit LLMs for malicious behavior such as prompt injections | [blog post](https://www.elastic.co/security-labs/embedding-security-in-llm-workflows) |
 155 | | K | Automatic migration | Provides an AI-driven workflow for migrating legacy SIEM detection rules to Elastic Security | [blog post](https://www.elastic.co/blog/automatic-migration-ai-rule-translation) |
 156 | | K | Rule update | Apply update of detection rules without overwriting any custom changes | [blog post](https://www.elastic.co/blog/security-prebuilt-rules-editing) |
 157 | | K | Endpoint response | Execute third-party (CrowdStrike, Microsoft Defender and SentinelOne) endpoint response actions from Elastic Security |  |
 158 | 
 159 | 
 160 | ## 8.17
 161 | 
 162 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 163 | | --- | --- | --- |
 164 | | 12 December 2024 | 29 July 2025 | 15 July 2027 |
 165 | 
 166 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-8-17-0)
 167 | 
 168 | | Product | Feature | Description | References |
 169 | | --- | --- | --- | --- |
 170 | | ES | ES\|QL text search | new MATCH and QSTR (query string) functions in ES\|QL make text searches easier (and a lot faster than RLIKE) |  |
 171 | | ES | Rerank | Reranking models provide a semantic boost to any search experience without requiring a change in the schema | [intro](https://www.elastic.co/search-labs/blog/elastic-semantic-reranker-part-1), [blog post](https://www.elastic.co/search-labs/blog/elastic-rerank-model-introduction), [doc](https://www.elastic.co/guide/en/machine-learning/8.17/ml-nlp-rerank.html) |
 172 | | K | Logs to Discover | Both the Observability Logs Explorer & Logs Stream apps are deprecated (removed in 9.0) in favor of Discover |  |
 173 | 
 174 | 
 175 | ## 8.16
 176 | 
 177 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 178 | | --- | --- | --- |
 179 | | 12 November 2024 | 15 April 2025 | 15 July 2027 |
 180 | 
 181 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-8-16-0)
 182 | 
 183 | | Product | Feature | Description | References |
 184 | | --- | --- | --- | --- |
 185 | | A | OTel for k8s | New flow simplifies the deployment of OpenTelemetry for Kubernetes using Helm, with receivers, processors and dashboards |  |
 186 | | A | EDOT tracing | EDOT Collector eliminates the need for an APM server, allowing trace data to flow directly into Elasticsearch | [blog post](https://www.elastic.co/observability-labs/blog/elastic-distribution-opentelemetry-collector) |
 187 | | A | Bedrock integration | Provides insights into Amazon Bedrock LLM performance and usage, including LangChain tracing data (via OTel) | [bedrock post](https://www.elastic.co/observability-labs/blog/llm-observability-aws-bedrock), [langtrace post](https://www.elastic.co/observability-labs/blog/elastic-opentelemetry-langchain-tracing-langtrace) |
 188 | | A | Atlas & CW metrics | New integrations for MongoDB Atlas and Amazon CloudWatch metrics (through the Amazon Data Firehose integ) | [mongo post](https://www.elastic.co/observability-labs/blog/elastic-mongodb-atlas-integration), [cloudwatch one](https://www.elastic.co/observability-labs/blog/aws-data-firehose-onboarding) |
 189 | | A | Agentless CSPM | Agentless integration for both Cloud Security Posture Management and the new Cloud Asset Inventory |  |
 190 | | ES | Local LLM | Use locally hosted LLMs (that provide an OpenAI compatible service) with Elastic AI Assistant |  |
 191 | | ES | start-local | The start-local script get a local deployment of Elasticsearch & Kibana started in minutes | [github](https://github.com/elastic/start-local) |
 192 | | ES | Open crawler | The Open Web Crawler lets users crawl web content and index it into Elasticsearch | [tech preview](https://www.elastic.co/search-labs/blog/elastic-open-crawler-release), [beta release](https://www.elastic.co/search-labs/blog/elastic-open-crawler-beta-release) |
 193 | | ES | BBQ | Better Binary Quantization (BBQ) is a cutting-edge optimization for vector data that achieves up to 32x compression benefits on vector data | [blog post](https://www.elastic.co/search-labs/blog/better-binary-quantization), [another post](https://www.elastic.co/search-labs/blog/better-binary-quantization-lucene-elasticsearch), [vs OpenSearch](https://www.elastic.co/search-labs/blog/elasticsearch-bbq-vs-opensearch-faiss) |
 194 | | ES | data stream retention | New ability to globally set maximum and default retention periods for all data streams |  |
 195 | | K | Per-solution menu | New solution view in the left-menu navigation (in Elastic Cloud only) | [blog post](http://www.elastic.co/blog/elastic-redesigned-navigation-menu-kibana) |
 196 | | K | ES\|QL advanced | Recommended queries in ES\|QL editor, faster sorting by distance, per-aggregation filtering |  |
 197 | | K | Reusable policies | Integration Policies that can be shared amongst multiple Agent Policies | [doc](https://www.elastic.co/guide/en/fleet/current/agent-policy.html#add-integration) |
 198 | | K | Obs inventory | New "Inventory" app in Observability displays hosts, containers, services and pivots to alerting, discover and services |  |
 199 | | K | Playground++ | Playground enhancements with session persistence, PDF/Word upload, support for follow-up questions | [demo](https://www.elastic.co/demo-gallery/ai-playground) |
 200 | | K | AI for search | Built-in Elastic AI Assistant for Search to build RAG-based conversational apps and get help to accelerate Elastic deployment |  |
 201 | | K | Console to py/js | Export Kibana Dev Console requests to Python and JavaScript Code | [blog post](https://www.elastic.co/search-labs/blog/kibana-dev-console-code-export) |
 202 | | K | Synthetics++ | Synthetic monitoring enhancements on alerting and MFA support |  |
 203 | | K | Custom KB | The Elastic AI Assistant now supports custom knowledge sources to enrich LLM queries with custom context | [blog post](https://www.elastic.co/blog/elastic-ai-assistant-custom-knowledge-sources) |
 204 | | K | Rule test, alert del | Manual rule run (to test detection rules) and full alert suppression |  |
 205 | | K | TheHive connector | New Hive case connector allows for seamless case creation and management directly from Elastic | [doc](https://www.elastic.co/guide/en/kibana/8.16/thehive-action-type.html) |
 206 | 
 207 | 
 208 | ## 8.15
 209 | 
 210 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 211 | | --- | --- | --- |
 212 | | 8 August 2024 | 12 December 2024 | 15 July 2027 |
 213 | 
 214 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-8-15-0)
 215 | 
 216 | | Product | Feature | Description | References |
 217 | | --- | --- | --- | --- |
 218 | | A | EDOT | The Elastic Distribution for OpenTelemetry (EDOT) Collector offers a seamless solution for collecting logs and metrics |  |
 219 | | A | Azure OpenAI | The Azure OpenAI integration provides comprehensive observability into the performance and usage of the Azure OpenAI Service | [blog post](https://www.elastic.co/observability-labs/blog/llm-observability-azure-openai), [openai obs](https://www.elastic.co/observability-labs/blog/monitor-openai-api-gpt-models-opentelemetry) |
 220 | | L | Agent monitoring GA | Agent-based monitoring of Logstash monitors pipelines or plugins and includes advanced metrics like throughput and worker utilization | [doc](https://www.elastic.co/guide/en/logstash/current/monitoring-with-ea.html) |
 221 | | ES | LogsDB | New LogsDB index mode for logs data streams uses smart index sorting, synthetic source and smarter compression to reduce storage | [blog post](https://www.elastic.co/search-labs/blog/elasticsearch-logsdb-index-mode) |
 222 | | ES | ES\|QL improvements | New funcs (repeat, ip_prefix, cbrt, etc), handle mismatched field types, inject named variables (that will soon link to UI elements) | [doc](https://www.elastic.co/guide/en/elasticsearch/reference/master/esql-multi-index.html#esql-multi-index-union-types) |
 223 | | ES | Semantic search | New semantic_text field type and corresponding semantic query that unlocks vector search and semantic reranking for text | [blog post](https://www.elastic.co/search-labs/blog/semantic-search-simplified-semantic-text), [reranking post](https://www.elastic.co/search-labs/blog/semantic-reranking-with-retrievers) |
 224 | | ES | 3rd party inference | The inference API now supports Google AI Studio, Vertex AI, Mistral, Bedrock & Anthropic | [blog post](https://www.elastic.co/search-labs/blog/elasticsearch-retrievers) |
 225 | | ES | AI API | Introducing several APIs to interact with and configure the Elastic AI Assistant for Security |  |
 226 | | ES | Vector improvements | Scalar quantization improvements, new sparse vector query type, hamming distance and bit-encoded vector support | [blog post](https://www.elastic.co/search-labs/blog/int4-scalar-quantization-in-lucene), [another post](https://www.elastic.co/search-labs/blog/bit-vectors-in-elasticsearch) |
 227 | | K | Automatic import | This feature automates the normalization of security events to create custom integrations in minutes | [blog post](https://www.elastic.co/blog/automatic-import-ai-data-integration-builder) |
 228 | | K | ES\|QL updates | See fields statistics in Discover, list integrations in FROM autocompletion |  |
 229 | | K | Timeout investigation | When search timed out, Kibana presents the partial results and a warning (to be investigated in the cClusters and shards tab of the Inspector) |  |
 230 | | K | Data set quality | The new data set quality (under stack management) allows users to identify and isolate any issues related to logs data quality |  |
 231 | | K | Google Vertex AI support | The Elastic AI Assistant can now take advantage of the Google Vertex AI and use the Gemini family of models |  |
 232 | | K | Scanning response | The Elastic Defend integration can now initiate an on-demand scan of files within a directory through our response console workflow |  |
 233 | 
 234 | 
 235 | ## 8.14
 236 | 
 237 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 238 | | --- | --- | --- |
 239 | | 5 June 2024 | 12 November 2024 | 15 July 2027 |
 240 | 
 241 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-8-14-0)
 242 | 
 243 | | Product | Feature | Description | References |
 244 | | --- | --- | --- | --- |
 245 | | ES | ES\|QL GA | Added CASE statement and ENRICH (lookup) operator and geospatial search | [demo](http://esql.demo.elastic.co/), [blog post](https://www.elastic.co/search-labs/blog/esql-piped-query-language-goes-ga), [geosearch post](https://www.elastic.co/search-labs/blog/esql-geospatial-search-part-one) |
 246 | | ES | Paid GeoIP support | Support for the paid geo databases from MaxMind with the GeoIP ingest processor |  |
 247 | | ES | Enrich with data streams | Enrich policies (and therefore the enrich ES\|QL processor) now support data streams |  |
 248 | | ES | Faster vector search | 6x faster binary comparison, 10x faster numpy vectors indexing with [orjson](https://github.com/ijl/orjson) | [blog post](https://www.elastic.co/search-labs/blog/vector-similarity-computations-ludicrous-speed) |
 249 | | ES | Retrievers | Retrievers added to the _search API to build sophisticated multi-stage retrieval, supporting standard, kNN & RRF | [blog post](https://www.elastic.co/search-labs/blog/retro-relevance-balancing-keyword-semantic-search) |
 250 | | ES | Data Extraction Service | Enable extracting text data from large binary documents, built with Elastic connectors in mind | [doc](https://www.elastic.co/guide/en/enterprise-search/current/connectors-content-extraction.html#connectors-content-extraction-local), [github](https://github.com/elastic/data-extraction-service) |
 251 | | ES | GraphQL connector | Ingest data in ES using the declarative data fetching GraphQL | [doc](https://www.elastic.co/guide/en/enterprise-search/current/connectors-graphql.html) |
 252 | | ES | Connector API | Use the new connector API to build your own custom connector (beyond the many connectors ES provides) | [doc](https://www.elastic.co/guide/en/elasticsearch/reference/8.14/connector-apis.html) |
 253 | | ES | Write after shrink | Be able to write to an index after ILM shrink with an option to remove the write block after shrinking |  |
 254 | | ES | User in slow logs | Track the calling user information directly in the slow log | [doc](https://www.elastic.co/guide/en/elasticsearch/reference/8.14/index-modules-slowlog.html#_identifying_search_slow_log_origin) |
 255 | | K | AI assistant upgrades | Elastic AI Assistant for Observability gets a starter prompt, an API and support for Anthropic Claude 3. AI Assistant for Security gets persistent chat, central management and a new UI | [blog post](https://www.elastic.co/blog/ai-assistant-locally-hosted-models), [another post](https://www.elastic.co/blog/ai-security-analytics-integrating-anthropic-claude) |
 256 | | K | SLO improvements | SLOs get CCS support, grouping and SLI on synthetics availability |  |
 257 | | K | Attack discovery | Leveraging genAI and RAG, Attack Discovery transforms a flood of alerts into a clear overview of attack progressions | [demo](https://capture.navattic.com/clvmwn8ce000209la0fssf2eo?g=clvqt3a89001g09jzhdaee3vy&s=0), [blog post](https://www.elastic.co/blog/ai-driven-security-analytics) |
 258 | | K | Playground | Experiment with your indices and refine semantic text queries and export generated code, to help design a conversational search experience | [blog post](https://www.elastic.co/search-labs/blog/rag-playground-introduction) |
 259 | | K | Doc comparison | In Discover and ES\|QL, select and compare documents or fields |  |
 260 | | K | Embeddable Console | The Embeddable Dev Console is available everywhere in Kibana to jumpstart query development with code snippets & Jupyter notebooks |  |
 261 | | K | .NET profiling | Ability to continuously profile .NET-on-Linux without instrumentation or configuration (using eBPF) |  |
 262 | 
 263 | 
 264 | ## 8.13
 265 | 
 266 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 267 | | --- | --- | --- |
 268 | | 26 March 2024 | 8 August 2024 | 15 July 2027 |
 269 | 
 270 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-8-13-0)
 271 | 
 272 | | Product | Feature | Description | References |
 273 | | --- | --- | --- | --- |
 274 | | A | Security integs | New integrations for CrowdStrike Falcon Intelligence, EclecticIQ, Mandiant Advantage, ThreatConnect, ESET Protect, and Imperva Cloud WAF | [security integrations](https://www.elastic.co/integrations/data-integrations?solution=security) |
 275 | | L | Integration Filter | New filter to transfer the execution of integration-specific pipelines from Elasticsearch to Logstash | [blog post](https://www.elastic.co/observability-labs/blog/logstash-integration-filter-plugin) |
 276 | | ES | Redis & Notion | Redis & Notion are added to the catalog of connectors to bring data in. Also added doc-level security for ServiceNow & Salesforce |  |
 277 | | ES | Learning to Rank | Learning to Rank (LTR), ie reranking result sets using a ML model trained with your input | [blog post](https://www.elastic.co/search-labs/blog/elasticsearch-learning-to-rank-introduction), [notebook example](https://github.com/elastic/elasticsearch-labs/blob/main/notebooks/search/08-learning-to-rank.ipynb) |
 278 | | ES | Cohere support | Integrates Cohere embeddings into the ES unified inference API (on top of existing support for OpenAI and HuggingFace) | [tutorial](https://www.elastic.co/guide/en/elasticsearch/reference/master/semantic-search-inference.html) |
 279 | | ES | ES\|QL in Java | Developers can now run ES\|QL queries right from their IDEs when using the Elasticsearch Java client |  |
 280 | | ES | DSL health | New health indicator on Data Stream Lifecycle that will detect data stream backing indices that cannot make progress |  |
 281 | | K | ES\|QL from AI | From within the AI Assistant, users can now display and visualize the results of a generated ES\|QL query (and continue with Lens) |  |
 282 | | K | SLO management | New ability to group SLOs and apply filters, as well as triage burn rate alerts |  | 
 283 | | K | Automated response | Define automated endpoint actions (kill/suspend process or isolate host) with custom detection rules |  |
 284 | | K | ES\|QL in Data Viz | Run your ES\|QL queries in the Data Visualizer (in the ML section) to explore data sets easily |  |
 285 | 
 286 | 
 287 | ## 8.12
 288 | 
 289 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 290 | | --- | --- | --- |
 291 | | 17 January 2024 | 5 June 2024 | 15 July 2027 |
 292 | 
 293 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-8-12-0)
 294 | 
 295 | | Product | Feature | Description | References |
 296 | | --- | --- | --- | --- |
 297 | | L | Logstash on ECK | Elastic Cloud for Kubernetes (ECK) now supports Logstash | [doc](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash.html) |
 298 | | ES | Lucene 9.9 | Benefit from support for scalar quantization, query parallelization and massive speedups! | [scalar quant post 1](https://www.elastic.co/search-labs/blog/scalar-quantization-101), [scalar quant post 2](https://www.elastic.co/search-labs/blog/articles/scalar-quantization-in-lucene), [speedups post](https://www.elastic.co/search-labs/blog/articles/apache-lucene-9.9-search-speedups) |
 299 | | ES | Geo in ES\|QL | Added support for the geo_point and point data types via ES\|QL |  |
 300 | | ES | Embedding management | Use the single _inference API endpoint that abstracts the complexity of managing embedding models |  |
 301 | | ES | KB for AI | Integrated knowledge base (KB) for organizations to link their context to train the AI Assistant responses |  |
 302 | | ES | Simulate ingest | New _ingest/_simulate API to test multiple pipelines - including possible reroute processors |  |
 303 | | K | Mobile APM | Several enhancements like pre-built dashboards for viewing service interdependencies, end-to-end trace waterfall and geographic distribution | [blog post](https://www.elastic.co/observability-labs/blog/apm-ios-android-native-apps) |
 304 | | K | Alert insights with AI | Get intuitive, real-time alert insights with natural language interactions from the Elastic AI Assistant for Security |  |
 305 | | K | CSPM for Azure | This integration streamlines the cloud security posture management (CSPM) across all three major cloud providers |  |
 306 | | K | Respond with SentinelOne | Orchestrate response with a two-way integration with the leading EDR provider SentinelOne |  |
 307 | | K | Rules comparison | Before updating, preview and compare Elastic prebuilt rules with a simple diff UI |  |
 308 | | K | ES\|QL in dashboards | Added ability to edit ES\|QL queries directly via the dashboard (no need to go back to Discover) |  |
 309 | 
 310 | 
 311 | ## 8.11
 312 | 
 313 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 314 | | --- | --- | --- |
 315 | | 7 November 2023 | 26 March 2024 | 15 July 2027 |
 316 | 
 317 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-8-11-0)
 318 | 
 319 | | Product | Feature | Description | References |
 320 | | --- | --- | --- | --- |
 321 | | A | Wiz & Prisma | New data integrations with two popular cloud security technologies: Wiz and Palo Alto Prisma Cloud | [prisma integ](https://www.elastic.co/guide/en/integrations/current/prisma_cloud.html) |
 322 | | A | Okta & Azure AD | Enhance advanced entity analytics with rich identity context from Okta & Azure AD (Entra ID) | [blog post](https://www.elastic.co/blog/elastic-modernizes-secops-advanced-entity-analytics) |
 323 | | ES | ES\|QL | Elasticsearch Query Language (ES\|QL) is the new pipe query language that can search, enrich, transform & aggregate at query time! | [blog post](https://www.elastic.co/blog/esql-elasticsearch-piped-query-language), [security use cases](https://www.elastic.co/security-labs/embedding-security-in-llm-workflows) |
 324 | | ES | Data stream lifecycle | Data stream lifecycle (DSL) is a built-in mechanism data streams use to manage their lifecycle | [doc](https://www.elastic.co/guide/en/elasticsearch/reference/current/data-stream-lifecycle.html), [migrate from ILM](https://www.elastic.co/guide/en/elasticsearch/reference/current/tutorial-migrate-data-stream-from-ilm-to-dsl.html) |
 325 | | ES | Bedrock support | The AI Assistant adds support for Amazon Bedrock (and Anthropic’s Claude 2 model) | [blog post](https://www.elastic.co/blog/ai-security-analytics-integrating-anthropic-claude) |
 326 | | K | Generated ES\|QL | Use natural language to explain a query and have the AI Assistant for Observability provide the ES\|QL syntax |  |
 327 | | K | UP in APM | Universal Profiling is integrated with APM without needing to switch context |  |
 328 | | K | SLOs in dashboards | Service Level Objectives (SLOs) overviews can be added to dashboards |  |
 329 | 
 330 | 
 331 | ## 8.10
 332 | 
 333 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 334 | | --- | --- | --- |
 335 | | 12 September 2023 | 17 January 2024 | 15 July 2027 |
 336 | 
 337 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-8-10-0)
 338 | 
 339 | | Product | Feature | Description | References |
 340 | | --- | --- | --- | --- |
 341 | | A | Kafka output | Elastic Agent users can stream their data to Kafka for further processing | [blog post](https://www.elastic.co/blog/elastic-agent-output-kafka-data-collection-streaming) |
 342 | | ES | CCx improvements | More info on remote cluster health in search results, exclude remote clusters in async search, and new key-based security |  |
 343 | | ES | Parallel kNN | Start each query by parallelizing kNN vector search saving 50% query time | [blog post](https://www.elastic.co/search-labs/blog/articles/multi-graph-vector-search) |
 344 | | ES | Query rules | Searching with query rules give promotes documents that match defined criteria at the top of the result list | [doc](https://www.elastic.co/guide/en/elasticsearch/reference/8.10/search-using-query-rules.html) |
 345 | | ES | Synonyms | New single API call manage synonyms (replacing the former multi-step process) | [blog post](https://www.elastic.co/search-labs/blog/elasticsearch-synonyms-automate) |
 346 | | ES | Google Drive connector | New Google Drive connector client including doc-level security support | [KB for support](https://www.elastic.co/enterprise-search/customer-support) |
 347 | | ES | Webhook SSL auth | The Webhook connector is enhanced to support client certification |  |
 348 | | ML | Log rate dips | Log rate analysis explains dips and spikes (by identifying statistically significant deviation) |  |
 349 | | K | Universal Profiling | Universal Profiling is a continuous profiling solution (only available on Elastic Cloud) that requires zero-instrumentation, zero-code changes, and zero-restarts | [blog post](https://www.elastic.co/blog/continuous-profiling-is-generally-available) |
 350 | | K | AI assistant chat | Tech preview of a chat capability powered by the Elastic AI Assistant. Share your use cases in the Elastic Community Slack (#observability-ai-assistant) | [community slack](https://ela.st/slack) |
 351 | | K | Alert contextualization | Investigate security alerts faster with rich contextualization including advanced entity analytics | [blog post](https://www.elastic.co/blog/elastic-modernizes-secops-advanced-entity-analytics) |
 352 | | K | MITRE ATT&CK Coverage | The new MITRE ATT&CK Coverage page in Elastic Security shows the coverage provided by prebuilt and custom rules |  |
 353 | | K | CSPM for GCP | The cloud security posture management (CSPM) capabilities now cover Google Cloud too |  |
 354 | 
 355 | 
 356 | ## 8.9
 357 | 
 358 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 359 | | --- | --- | --- |
 360 | | 25 July 2023 | 7 November 2023 | 15 July 2027 |
 361 | 
 362 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-8-9-0)
 363 | 
 364 | | Product | Feature | Description | References |
 365 | | --- | --- | --- | --- |
 366 | | ES | New connectors | Ingest directly into Elasticsearch data from SharePoint, ServiceNow & Dropbox | [connectors list](https://www.elastic.co/guide/en/elasticsearch/reference/8.17/es-connectors.html) |
 367 | | ES | TSDS by default | Time Series Data Stream (TSDS) used by default for metrics integrations for 70% less disk space | [cost savings](https://www.elastic.co/blog/70-percent-storage-savings-for-metrics-with-elastic-observability), [savings again](https://www.elastic.co/search-labs/blog/time-series-data-elasticsearch-storage-wins), [blog post](https://www.elastic.co/blog/elasticsearch-time-series-data-streams-observability-metrics), [guide](https://www.elastic.co/guide/en/elasticsearch/reference/current/tsds.html) |
 368 | | ES | TSDB agg latency | The time series database (TSDB) improved the latency of aggregations that are frequently used with metrics data, reducing time by over 90% |  |
 369 | | ES | Faster CCS | Cross-Cluster Search (CCS) is tens of times faster with fewer network trips in async search and shard skipping in cold & frozen tiers |  |
 370 | | ES | Public search | Users can now create public-facing search endpoints for their Elasticsearch indices |  |
 371 | | ES | ILM Health | Find ILM policies that are stuck with the ILM Health Indicator in the Health Report API |  |
 372 | | K | AI assistant in Observability | The tech preview of Elastic AI Assistant for observability uses genAI to help improve troubleshooting | [k8s errors](https://www.elastic.co/blog/kubernetes-errors-elastic-observability-logs-openai), [APM perf & cost](https://www.elastic.co/blog/chatgpt-elasticsearch-apm-instrumentation-performance-cost-analysis), [video](https://www.youtube.com/watch?v=hQTdErlYepk&list=PLhLSfisesZIvjzLIJ3wPDkueFeo5oJP7X) |
 373 | | K | AI token usage | Avoid surprise generative AI bills by trackking token usage of your LLM (new dashboard in the security app) | [openai tokens](https://help.openai.com/en/articles/4936856-what-are-tokens-and-how-to-count-them) |
 374 | | K | Lateral movement | The Lateral Movement Detection package identifies network and file based threats | [blog post](https://www.elastic.co/guide/en/integrations/current/lmd.html) |
 375 | | K | Detection rule monitoring | New dashboard on the execution of security detection rules |  |
 376 | | K | Upload response | The upload action enables security analysts and administrators to upload files to their hosts |  |
 377 | 
 378 | 
 379 | ## 8.8
 380 | 
 381 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 382 | | --- | --- | --- |
 383 | | 25 May 2023 | 12 September 2023 | 15 July 2027 |
 384 | 
 385 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-8-8-0)
 386 | 
 387 | | Product | Feature | Description | References |
 388 | | --- | --- | --- | --- |
 389 | | A | New integ | Addition of AWS Kinesis Data Firehose integration | [blog post](https://elastic.co/blog/aws-kinesis-data-firehose-elastic-observability-analytics), [aws blog post](https://aws.amazon.com/blogs/big-data/accelerate-data-insights-with-elastic-and-amazon-kinesis-data-firehose/) |
 390 | | A | Vulnerability scanner | The Cloud Native Vulnerability Management (CNVM) integration uses Cloud Formation & Trivy | [trivy scanner](https://github.com/aquasecurity/trivy) |
 391 | | A | CWP | Container Workload Protection (CWP) brings protection for container runtime environments | [blog post](https://www.elastic.co/blog/march-2023-launch-runtime-security-container-protection) |
 392 | | ES | ELSER | new Elastic Learned Sparse EncodeR (ELSER), Elastic's proprietary transformer for semantic search | [launch post](https://www.elastic.co/blog/may-2023-launch-sparse-encoder-ai-model), [blog post](https://www.elastic.co/search-labs/blog/introducing-elastic-learned-sparse-encoder-elser), [doc](https://www.elastic.co/guide/en/machine-learning/current/ml-nlp-elser.html) |
 393 | | ES | RRF | Simplified hybrid search with Reciprocal Rank Fusion to combine results from keyword-based & vector-based searches |  |
 394 | | ES | Vector similarity | Filter efficiently by reducing false positives with facets in vector search |  |
 395 | | ES | 2048 dimensions | kNN vector search using the HNSW algorithm with vector up to 2048 dimensions |  |
 396 | | ES | TSDB optim | time_series indices optimized with new encodings for great size reduction |  |
 397 | | ES | Shard capacity | Shard capacity indicator added to the health API to prevent getting close to its maximum capacity | [doc](https://www.elastic.co/guide/en/elasticsearch/reference/master/health-api.html#health-api-response-details-shards-capacity) |
 398 | | ES | Reroute | New ingest processor to route documents to the right destination or data stream | [blog post](https://www.elastic.co/blog/simplifying-log-data-management-flexible-routing-elastic), [doc](https://www.elastic.co/guide/en/elasticsearch/reference/master/reroute-processor.html) |
 399 | | K | AI assistant in Security | The tech preview of Elastic AI Assistant for Security relies on [ESRE](https://www.elastic.co/search-labs/blog/introducing-elasticsearch-relevance-engine-esre) and LLMs to help guide analyst investigation | [blog post](https://www.elastic.co/blog/introducing-elastic-ai-assistant) |
 400 | | K | Testing with CI/CD & GitOps | Use synthetic monitoring for unit tests with CI/CD and GitOps optimization | [how to](https://www.elastic.co/blog/uniting-testing-and-monitoring-with-synthetic-monitoring), [npm package](https://www.npmjs.com/package/@elastic/synthetics) |
 401 | | K | SLOs | With Service Level Objectives (SLOs) in Kibana, you can measure and monitor your service quality over time |  |
 402 | | K | Vulnerability findings | All security findings from the new CNVM integration are displayed in the Security solution page |  |
 403 | | K | Execute response | New Endpoint response capability to remotely execute terminal commands on hosts |  |
 404 | | K | Data Quality | Elastic Security brings a dashboard to assess data quality (ECS mapping and storage usage) |  |
 405 | | K | Custom logo | No css hack! You can add your logo on Kibana! |  |
 406 | | K | Dark mode | Dark mode can now be set per user |  |
 407 | | K | ML in Discover | You can now run a pattern analysis directly from Discover |  |
 408 | | K | Maintenance window | Schedule maintenance windows to reduce alert noise and suppress notifications |  |
 409 | 
 410 | 
 411 | ## 8.7
 412 | 
 413 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 414 | | --- | --- | --- |
 415 | | 30 March 2023 | 25 July 2023 | 15 July 2027 |
 416 | 
 417 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-8-7-0)
 418 | 
 419 | | Product | Feature | Description | References |
 420 | | --- | --- | --- | --- |
 421 | | A | Android agent | New APM Android agent automatically instruments your application and its dependencies | [blog post](https://www.elastic.co/observability-labs/blog/monitoring-android-applications-apm), [demo app](https://github.com/elastic/sample-app-android-apm), [other post](https://www.elastic.co/observability-labs/blog/apm-ios-android-native-apps) |
 422 | | A | Agent metrics | Display agent metrics (CPU,RAM) in the agent list table & details page |  |
 423 | | ES | Health Reporting | The new health report API is now GA and helps you understand your cluster state at a glance for faster troubleshooting | [doc](https://www.elastic.co/guide/en/elasticsearch/reference/8.7/health-api.html), [blog post](https://www.elastic.co/blog/cluster-health-diagnosis-elasticsearch-health-api) |
 424 | | ES | Time Series Data Streams & Downsampling | While time series was a tech preview in 8.6 it is now GA! Uses on average 70% less disk space for metrics & supports downsampling for longer retention | [blog post](https://www.elastic.co/observability-labs/blog/time-series-data-streams-observability-metrics), [doc](https://www.elastic.co/guide/en/elasticsearch/reference/8.7/tsds.html)  |
 425 | | ES | Cloud Security Posture Management | You can now easily audit your AWS configurations against security guidelines defined by the Center for Internet Security (CIS)  | [doc](https://www.elastic.co/guide/en/security/8.7/cspm.html) |
 426 | | ES | Ingest pipelines improvements | GeoIP, set and append ingest processors are now significantly faster. Running a document through multiple ingest pipelines is faster too.  |  |
 427 | | K | Alert Flapping & Summarization| Enable alert flapping detection to prevent being repeteadly alerted for rapidly changing status on rules. Summarize alerts to reduce number of notifications | [doc](https://www.elastic.co/guide/en/kibana/8.7/whats-new.html#_alerting) |
 428 | | K | Concurrent sessions management | An administrator can now set the maximum number of sessions allowed for a user, disconnecting the oldest session when the limit is reached | [doc](https://www.elastic.co/guide/en/kibana/8.7/whats-new.html#_control_concurrent_user_sessions) |
 429 | | K | Anomaly detection on geo data | You can now create an anomaly detection job on geo data directly from a dashboard or follow a link to get to the advanced ML job wizard | [doc](https://www.elastic.co/guide/en/kibana/8.7/whats-new.html#_control_concurrent_user_sessions) |
 430 | 
 431 | 
 432 | ## 8.6
 433 | 
 434 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 435 | | --- | --- | --- |
 436 | | 10 Jan 2023 | 25 May 2023 | 15 July 2027 |
 437 | 
 438 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-8-6-0)
 439 | 
 440 | | Product | Feature | Description | References |
 441 | | --- | --- | --- | --- |
 442 | | A | Security integ | New integrations for Box, Darktrace, F5 BIG-IP, InfoBlox, Microsoft 365 Defender, Trend Micro and others... |  |
 443 | | ES | time_series index | It's a new type of index that is optimized for time series of metrics data  |  |
 444 | | ES | field_caps improved | The field_caps API - that provides information about a field - is 10x faster! |  |
 445 | | ES | Shard balancing | Introducing "desired balance" allocator (used by default in 8.6+) and two additional variables into the balancing computation | [github issue](https://github.com/elastic/elasticsearch/pull/91343) |
 446 | | ES | ES\|QL | New query language coming soon... :-) | [blog post](https://www.elastic.co/blog/introduction-to-esql-new-query-language-flexible-iterative-analytics), [doc](https://www.elastic.co/guide/en/elasticsearch/reference/master/esql.html) |
 447 | | K | Host observability | Get a comprehensive and customizable view of all your hosts (inc. health & performance) |  |
 448 | | K | Ad hoc data views | Create temporary data views on the fly to explore data, and permanently persist when ready |  |
 449 | | K | APM Dependencies | New tab in the dependencies view showing operations, latency distrib & trace waterfalls | |
 450 | | K | Enhanced case mngt | New bulk actions, unassigned cases, unlinking of alerts, ticket linking back to Elastic |  |
 451 | | K | SIEM alert correlation | Prebuilt rules now detect complex attack behaviors by correlating groups/sequences of alerts |  |
 452 | | K | Opsgenie connector | New OOTB integration with Opsgenie for Kibana Alerting | [blog post](https://www.elastic.co/blog/streamline-incident-management-elastic-observability-atlassian-opsgenie) |
 453 | | K | Universal profiling | coming soon... :-) | [home page](https://www.elastic.co/observability/universal-profiling), [blog post](https://www.elastic.co/blog/universal-profiling-frame-pointers-symbols-ebpf), [eBPF blog post](https://www.elastic.co/blog/ebpf-observability-security-workload-profiling) |
 454 | 
 455 | 
 456 | ## 8.5
 457 | 
 458 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 459 | | --- | --- | --- |
 460 | | 1 Nov 2022 | 30 March 2023 | 15 July 2027 |
 461 | 
 462 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-8-5-0)
 463 | 
 464 | | Product | Feature | Description | References |
 465 | | --- | --- | --- | --- |
 466 | | ES | 10 to 30% faster | When using explicit _id, GET and indexing are way faster! |  |
 467 | | K | Synthetics service | Ability to enable synthetic tests (from a recorded script) using our Cloud service | [blog post](https://www.elastic.co/blog/oct-2022-launch-elastic-observability), [news blog post](https://www.elastic.co/blog/new-synthetic-monitoring-observability) |
 468 | | K | Universal profiling | Provides visibility into how application code and infrastructure are performing | [blog post](https://www.elastic.co/blog/oct-2022-launch-elastic-profiling), [general on observability](https://www.elastic.co/blog/oct-2022-launch-elastic-observability) and [press release](https://ir.elastic.co/news-events/press-releases/press-releases-details/2022/Elastic-Announces-the-Beta-of-New-Universal-Profiling-and-Additional-Synthetic-Monitoring-Capabilities-to-Enhance-Cloud-Native-Observability/default.aspx) |
 469 | | K | Lens to ML | Anomaly detection jobs can now be created directly from the flyout of a Lens viz |  |
 470 | | K | KSPM on EKS | Kubernetes Security Posture Management is now supported on AWS EKS |  |
 471 | | K | ML notifications | In ML UI, dedicated notifications page to display all ML-related messages | [image](https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/bltd1d056868604a044/634827e0bbff0b3fd98de80c/blog-elastic-platform85-7.png) |
 472 | | K | Case assignment | Assign a case to users (via searching through user profiles) |  |
 473 | | K | Log pattern analysis | In ML AIOps UI, take the "log rate spikes" (from 8.4) further by grouping results that co-occur | [image](https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt80c697ee6558628c/634827a5b0662c1e9a6717ce/blog-elastic-platform85-5.png) |
 474 | 
 475 | 
 476 | ## 8.4
 477 | 
 478 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 479 | | --- | --- | --- |
 480 | | 24 Aug 2022 | 10 Jan 2023 | 15 July 2027 |
 481 | 
 482 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-8-4-0)
 483 | 
 484 | | Product | Feature | Description | References |
 485 | | --- | --- | --- | --- |
 486 | | A | Added integrations | Support for Azure Firewall, Cisco Identity Service Engine, Cisco Secure Email Gateway, Citrix WAF, Mimecast, Proofpoint TAP and SentinelOne |  |
 487 | | A | New remediations | New cross-OS responses to enumerate, suspend and kill processes |  |
 488 | | A | Self healing | Automated remediation feature that erases attack artifacts to return to pre-attack state |  |
 489 | | APM | AWS instrumentation | APM agents adds auto-instrumentation for calls to native AWS services (inc S3, SNS, SQS, and DynamoDB) |  |
 490 | | ES | synthetic _source | Reduce the index size and speed up analysis for specific time-series use cases | [doc](https://www.elastic.co/guide/en/elasticsearch/reference/master/mapping-source-field.html#synthetic-source) |
 491 | | K | Responser | New UI that enables viewing and invoking response actions quickly |  |
 492 | | K | SOAR partners | New SOAR partnerships with D3 and Torq for customizable orchestration capabilities |  |
 493 | | K | Custom connectors | An open community-based list of webhook actions that can be added to rules within Elastic Security | [blog post](https://www.elastic.co/blog/webhook-for-case-management), [github repo](https://github.com/elastic/security-action-examples) |
 494 | | K | Log rate spikes | Identify deviations from the baseline log rate and which fields contribute the most to the deviation |  |
 495 | | K | Scheduled snooze | Snooze option added to alert rules, allowing you to temporarily suppress notifications |  |
 496 | | K | Transforms retries | Transforms recover after a failure without any user intervention |  |
 497 | | K | k8s dashboards | OOTB Kubernetes dashboards have been revamped using Lens for enhanced drill-down and navigation |  |
 498 | | K | Ops alerting | Easily access and manage all observability rules and alerts from within the Observability UI |  |
 499 | | K | APM errors | APM error screens add transaction details to facilitate root cause analysis workflows |  |
 500 | | K | DevTools improvement | Performance improvements, ability to leave comments and more! | [blog post](https://www.elastic.co/blog/big-console-improvements-in-kibana) |
 501 | 
 502 | 
 503 | ## 8.3
 504 | 
 505 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 506 | | --- | --- | --- |
 507 | | 28 June 2022 | 1 Nov 2022 | 15 July 2027 |
 508 | 
 509 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-8-3-0)
 510 | 
 511 | | Product | Feature | Description | References |
 512 | | --- | --- | --- | --- |
 513 | | A | New integrations | AWS Fargate (monitor ECS containers), Nagios, Spark, Spring Boot, Salesforce and Hadoop | [AWS integration](https://www.elastic.co/blog/aws-service-metrics-monitor-observability-easy) |
 514 | | A | Rolling upgrades | Rolling upgrades during scheduled maintenance windows  |  |
 515 | | A | Tagging | Attach tags to agents during installation to have greater control over agents management at scale |  |
 516 | | ES | Hybrid deployments | CCS and CCR now support searching and replicating data across Elastic Cloud, self-managed clusters, ECE and ECK. | [blog post](https://www.elastic.co/blog/search-and-replicate-data-between-your-elastic-cloud-and-on-prem-deployments), [another one](https://www.elastic.co/blog/whats-new-elasticsearch-kibana-cloud-8-3-0) |
 517 | | ES | Search in v5 snapshots | Use searchable snapshots to access 6-year-old data with no restore or reindex! | [blog post](https://www.elastic.co/blog/whats-new-elasticsearch-8-3-0) |
 518 | | ES | Sharding guidance | Updated sharding guidance (starting v8.3+) on master & data nodes | [blog post](https://www.elastic.co/blog/whats-new-elasticsearch-8-3-0), [blog update](https://www.elastic.co/blog/how-many-shards-should-i-have-in-my-elasticsearch-cluster) |
 519 | | ES | Geo grid query | Natively return all the documents that overlap a specific geo tile |  |
 520 | | ES | dot naming | Now supporting dots in field names | [blog post](https://www.elastic.co/blog/whats-new-elasticsearch-8-3-0) and [doc](https://www.elastic.co/guide/en/elasticsearch/reference/8.3/release-highlights.html?elektra=elasticsearch-8-3-blog#add_support_for_dots_in_field_names_for_metrics_usecases) |
 521 | | K | Cloud Security | New cloud posture management and workload protection capabilities, starting with [CIS k8s benchmark](https://www.cisecurity.org/benchmark/kubernetes) | [blog post](https://www.elastic.co/blog/secure-your-cloud-with-elastic-security) and [GA](https://www.elastic.co/fr/blog/whats-new-elastic-security-8-5-0) |
 522 | | K | SOAR | Elastic and Tines are partnering to help detect security threats and reduce mean time to respond | [blog post](https://www.elastic.co/blog/elastic-and-tines-partner-to-detect-security-threats-and-reduce-mean-time-to-respond) and [SOAR & TI](https://www.elastic.co/blog/oct-2022-launch-elastic-security) |
 523 | | K | Alerting in Discover | Create alerts for documents matching your query with a custom threshold and time interval | [history of Kibana](https://www.elastic.co/blog/the-evolution-of-discover-in-kibana) |
 524 | | K | Viz to ML | Transform a visualization (from a dashboard) into a machine learning anomaly detection job | [doc](https://www.elastic.co/guide/en/machine-learning/8.3/ml-jobs-from-lens.html) |
 525 | | K | D&D controls | In your dashboard, add controls with simple drag & drop | [doc](https://www.elastic.co/guide/en/kibana/8.3/add-controls.html) |
 526 | 
 527 | 
 528 | ## 8.2
 529 | 
 530 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 531 | | --- | --- | --- |
 532 | | 3 May 2022 | 24 Aug 2022 | 15 July 2027 |
 533 | 
 534 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-8-2-0)
 535 | 
 536 | | Product | Feature | Description | References |
 537 | | --- | --- | --- | --- |
 538 | | A | Added integ | Added support for Microsoft 365 Defender, VMware Carbon Black or Cisco Secure Email & ISE |  |
 539 | | A | Logstash output | The Elastic Agent (deployed with Fleet) now supports Logstash output | [comparison table](https://www.elastic.co/guide/en/fleet/current/beats-agent-comparison.html) |
 540 | | A | Custom blocklists | Protect high-risk systems (PoS, MS...) by blocking the execution of specific app at the edge |  |
 541 | | A | Uptime & Cloud | New cloud-based synthetic testing initiated from Elastic Cloud Uptime solution |  |
 542 | | APM | Sampling++ | Tail-based sampling (added to existing head-based) for high volumes of transactions | [blog post](https://www.elastic.co/fr/blog/whats-new-elastic-observability-8-2-0), [image](https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt10f97ccce64381b2/626185a0b87c7b4bf91c552a/Elastic-Observability-Head-tail-based-sampling.png) |
 543 | | ES | Lookup runtime fields | Enrich at query time from another index - Can I call it outer join?! | [blog post](https://www.elastic.co/blog/getting-started-with-elasticsearch-runtime-fields), [doc](https://www.elastic.co/guide/en/elasticsearch/reference/8.2/runtime-retrieving-fields.html#lookup-runtime-fields) |
 544 | | ES | Random sampler agg | Exponentially accelerate aggregations (with a slight trade off in accuracy) by randomly sampling docs | [blog post](https://www.elastic.co/blog/aggregate-data-faster-with-new-the-random-sampler-aggregation), [doc](https://www.elastic.co/guide/en/elasticsearch/reference/master/search-aggregations-random-sampler-aggregation.html) |
 545 | | ES | JWT support | Authorize and authenticate Elasticsearch's API calls using JSON Web Tokens (JWT) |  |
 546 | | ES | Search UI | New UI (actually a React lib) to quickly implement search experiences | [blog post](https://www.elastic.co/blog/search-ui-1-1-0-makes-building-search-experiences-for-elasticsearch-even-easier), [doc](https://docs.elastic.co/search-ui/overview) |
 547 | | K | French Kibana! | Sorry, I couldn't miss that one ;) | [doc](https://www.elastic.co/guide/en/kibana/8.2/i18n-settings-kb.html) |
 548 | | K | Document explorer | Enhanced doc explorer with column selection, sorting, highlighting, comparing, etc |  |
 549 | | K | Users view | The new Users View supports security monitoring by presenting environment-wide user context | [visual](https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt0b805d2aae96e9b9/6259cb853531aa4a9d831bfd/1-security-user-detail.png) |
 550 | |K | Session View | New interface that provides a forensic view for examining process executions on Linux | [visual](https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt7574a35e3d374371/625c7c98102a0b4e934e1f81/screenshot-security-session-manager-clean.png) |
 551 | | K | Investigation guide | Detailed (expert) investigation guides for a large set of prebuilt detection rules |  |
 552 | | K | Osquery from alerts | Inspect hosts directly from an alert using the Osquery Manager integration for Elastic Agent | [visual](https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt1e1b77a6667cd7fe/6259da9c38818f4df2a2c1fe/4-security-rule-run_osquery_button.png) |
 553 | | K | xMatters connector | Create associated incidents in the xMatters’s automated incident management platform |  |
 554 | 
 555 | 
 556 | ## 8.1
 557 | 
 558 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 559 | | --- | --- | --- |
 560 | | 8 Mar 2022 | 28 June 2022 | 15 July 2027 |
 561 | 
 562 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-8-1-0)
 563 | 
 564 | | Product | Feature | Description | References |
 565 | | --- | --- | --- | --- |
 566 | | A | Security integrations | Added integs for Akamai, Symantec, Zscaler ZIA & ZPA, Tenable, modsecurity, auth0 and much more! | [new integrations picture](https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt284359ffbafcf373/621e7d376f0333490a0e7315/security-8-1-integrations.png) |
 567 | | A | network packet capture | Npcap integration to ingest host-based network activity | [integration](https://docs.elastic.co/en/integrations/network_traffic) |
 568 | | A | Threat intel | Added threat intelligence feeds from Recorded Future, ThreatQuotient and Cybersixgill | [SOAR & TI](https://www.elastic.co/blog/oct-2022-launch-elastic-security) |
 569 | | APM | OpenTelemetry logs | Ingest OpenTelemetry logs | [blog post](https://www.elastic.co/blog/tracing-aws-lambdas-with-opentelemetry-and-elastic-observability) and [illustration](https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt7a563316b21adb86/621facd068865368951c6443/image_(4).png) |
 570 | | APM | Jenkins logs | Collect detailed Jenkins logs (inc. errors and build execution details) with OT collector | [jenkins ot collector](https://plugins.jenkins.io/opentelemetry/) |
 571 | | APM | AWS Lambda tracing | Collect application traces from AWS Lambda functions written in Node.js, Python, and Java | [blog post](https://www.elastic.co/fr/blog/observability-apm-aws-lambda-serverless-functions),  [doc](https://www.elastic.co/guide/en/apm/guide/current/aws-lambda-extension.html) |
 572 | | ES | 20% better! | 20% faster indexing speeds and 20% lower data storage requirements with doc-value-only fields | [doc](https://www.elastic.co/guide/en/elasticsearch/reference/8.1/doc-values.html#doc-value-only-fields) |
 573 | | ES | Hex tile agg | Geospatial data can be partitioned into hexagonally shaped tiles. After all, hexagons are the bestagons - and I (frenchy) can't agree more! |  |
 574 | | ES | painless getting simpler | New field API helps writing shorter painless | [doc](https://www.elastic.co/guide/en/elasticsearch/reference/8.1/script-fields-api.html) |
 575 | | K | Gauge, waffle & mosaic | Use gauges for metrics, waffles to see the smallest proportions and mosaics to better compare data with multiple variables | [video](https://www.youtube.com/watch?v=58itzaqz6xE) |
 576 | | K | Lens combined fields | Combine multi-field top values with a simple drag & drop |  |
 577 | | K | Lens metric color | Color by value range in Lens metrics | [example](https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/bltcca1469ca37c8398/62278916737c7822c2880ff7/lens-color-metrics-8.1.png) |
 578 | | K | Document Explorer | In Discover, try out the new Document Explorer, a whole new way to examine your data | [history of Kibana](https://www.elastic.co/blog/the-evolution-of-discover-in-kibana) |
 579 | | K | SIEM UI enhancements | Many UI improvements on [alerts](https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdf79ac68b5501e7e/6228ce50b17dc223f2f2a5fd/screenshot-security-alert-detail-context-1000.png), [rules](https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte72be23d400662a9/6227bc87a7fee30be331ef93/recording-security-rule-management-width-1000.gif), [exceptions](https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd872e9ba9a015399/6227bb22eda9a1043584a46f/screenshot-security-exception-width.jpeg) and [filters](https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltea730a8f80b28401/6227bfeb638e1304348421ac/screenshot-security-event-filters-policy-8-1-width-1000.png) |  |
 580 | 
 581 | 
 582 | ## 8.0
 583 | 
 584 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 585 | | --- | --- | --- |
 586 | | 8 Feb 2022 | 3 May 2022 | 15 July 2027 |
 587 | 
 588 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-8-0-0) and [beta post](https://www.elastic.co/blog/preview-elastic-8-0-beta-stack-security-by-default-natural-language-processing-and-more)
 589 | 
 590 | | Product | Feature | Description | References |
 591 | | --- | --- | --- | --- |
 592 | | A | AWS SAR | Ingest logs from AWS S3 using Elastic serverless forwarder (AWS Lambda app) | [blog post](https://www.elastic.co/blog/elastic-and-aws-serverless-application-repository-speed-time-to-actionable-insights-with-frictionless-log-ingestion-from-amazon-s3) and [security workloads](https://www.elastic.co/blog/protect-your-aws-workloads-using-elastic-security) |
 593 | | A | AWS Storage Lens | Ingest Storage Lens metrics to optimize S3 usage costs, ensure data protection and monitor user activity trends | [blog post](https://www.elastic.co/blog/new-elastic-and-amazon-s3-storage-lens-integration-simplify-management-control-costs-and-reduce-risk) |
 594 | | ES | Security by default | Elastic Stack security is on by default for self-managed clusters | [blog post](https://www.elastic.co/blog/introducing-simplified-elastic-stack-security) |
 595 | | ES | NLP | Native support for PyTorch ML models into Elasticsearch to do natural language processing (NLP) for named entity recognition (NER) and sentiment analysis | [blog post](https://www.elastic.co/blog/introduction-to-nlp-with-pytorch-models), [another one](https://www.elastic.co/blog/how-to-deploy-natural-language-processing-nlp-getting-started), [custom model & Maps](https://www.elastic.co/blog/introduction-to-custom-machine-learning-models-and-maps), [sentiment analysis](https://www.elastic.co/blog/how-to-deploy-nlp-sentiment-analysis-example), [NER](https://www.elastic.co/blog/how-to-deploy-nlp-named-entity-recognition-ner-example), [text embeddings](https://www.elastic.co/blog/how-to-deploy-nlp-text-embeddings-and-vector-search),   [webinar](https://www.youtube.com/watch?v=SvvbMCwyOnU) and [another webinar](https://www.elastic.co/virtual-events/introduction-to-nlp-models-and-vector-search) |
 596 | | ES | ANN search | Native support for approximate nearest neighbor (ANN) search to compare vector-based queries with a vector-based document corpus | [blog post](https://www.elastic.co/blog/embracing-the-future-of-search-relevance) |
 597 | | K | Field statistics | In Discover, new tab to explore the fields in your data | [history of Kibana](https://www.elastic.co/blog/the-evolution-of-discover-in-kibana) |
 598 | 
 599 | 
 600 | ## 7.17
 601 | 
 602 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 603 | | --- | --- | --- |
 604 | | 1 Feb 2022 | 15 Apr 2025 | 15 Jan 2026 |
 605 | 
 606 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-7-17-0)
 607 | 
 608 | | Product | Feature | Description | References |
 609 | | --- | --- | --- | --- |
 610 | | ES | Deduplicated settings | All identical index mapping or settings are reduced to just one, saving a lot of heap |  |
 611 | | K | Upgrade assistant | Upgrade to 7.17 to learn about deprecations, remediation options (inc setting changes) | [webinar](https://www.youtube.com/watch?v=BOS0weyi-HY) |
 612 | 
 613 | 
 614 | ## 7.16
 615 | 
 616 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 617 | | --- | --- | --- |
 618 | | 7 Dec 2021 | 8 Feb 2022 | 10 Feb 2023 |
 619 | 
 620 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-7-16-0)
 621 | 
 622 | | Product | Feature | Description | References |
 623 | | --- | --- | --- | --- |
 624 | | A | Added integrations | Added AWS WAF, Cisco Duo, CrowdStrike, GitHub and 1Password integrations |  |
 625 | | A | AWS Firelens | Added integration for AWS FireLens to use ECS and Fargate logs in Observability & Security | [blog post](https://www.elastic.co/blog/elastic-cloud-with-aws-firelens-accelerate-time-to-insight-with-agentless-data-ingestion) |
 626 | | A | Enhanced protection | Extended malicious behavior protection & memory threat protection | [blog post](https://www.elastic.co/blog/linux-malware-protection-in-elastic-security) |
 627 | | APM | CI/CD | Integrations for Ansible and Maven offering deeper visibility into job execution and deployment errors |  |
 628 | | APM | .Net auto-instrumentation | Auto-instrumentation of .NET applications with no code changes required | [blog post](https://www.elastic.co/blog/auto-instrumentation-elastic-apm-net-agent) and [other one](https://www.elastic.co/blog/whats-new-elastic-observability-8-5-0) |
 629 | | L | ECS compliance | The grok processor now supports ECS! in the path of getting LS fully ECS compliant... |  |
 630 | | ES | categorize_text | New multi-bucket aggregation that groups semi-structured text into buckets | [blog post](https://www.elastic.co/blog/categorize-your-logs-with-the-new-elasticsearch-categorize-text-search-aggregation) |
 631 | | ES | Heap reduction | Greatly reduced heap consumption and improved search speed | [blog post](https://www.elastic.co/blog/three-ways-improved-elasticsearch-scalability) |
 632 | | ES | EQL perf | Performance increase of 830x (by removing the use of null values as join keys in sequences) |  |
 633 | | ES | Sort queries perf | Performance improvement (up to 4x) for time-sorted data retrieval | [blog post](https://www.elastic.co/blog/optimizing-sort-queries-in-elasticsearch-for-faster-results) |
 634 | | ES | Prebuilt ILM policies | ILM now includes five built-in policies |  |
 635 | | K | Compressed spans | In the APM UI, displaying a compressed view of spans | [visual](https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt171d62ee7d3df42e/619e56e62dc01977975bbdfc/blog-7-16-observability-spans-view.png) |
 636 | | K | Integrations UI | Search for all integrations - with a few clicks to deploy with Elastic Agent |  |
 637 | | K | Reference lines | Horizontal reference lines in Kibana Lens to identify important values |  |
 638 | | K | ServiceNow integrations | Certified integrations of ServiceNow SIR, ITSM and ITOM to accelerate | [blog post](https://www.elastic.co/blog/elastic-integrations-with-servicenow-itsm-sir-itom) |
 639 | | K | Osquery manager | Now GA with addition of custom config, ECS mapping, query testing & query pack scheduling | [blog post](https://www.elastic.co/blog/gain-upper-hand-over-adversaries-with-osquery-and-elastic) and [a guide on threat hunting with osquery](https://www.elastic.co/blog/comprehensive-guide-on-threat-hunting-for-persistence-with-osquery) |
 640 | | K | Upgrade assistant | Get prepared for 8.0 and beyond! | [webinar](https://www.elastic.co/elasticon/archive/2021/global/upgrade-assistant-to-the-rescue) |
 641 | | K | OAuth 2 for emails | Authenticate the email connector with OAuth 2.0 Client Credentials |  |
 642 | 
 643 | ## 7.15
 644 | 
 645 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 646 | | --- | --- | --- |
 647 | | 22 Sep 2021 | 15 Apr 2025 | 10 Feb 2023 |
 648 | 
 649 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-7-15-0)
 650 | 
 651 | | Product | Feature | Description | References |
 652 | | --- | --- | --- | --- |
 653 | | A | GCP integration | Agentless ingestion of logs from GCP using Dataflow integration | blog post for [GCS](https://www.elastic.co/blog/ingest-data-directly-from-google-cloud-storage-into-elastic-using-google-dataflow), [BigQuery](https://www.elastic.co/blog/ingest-data-directly-from-google-bigquery-into-elastic-using-google-dataflow) and [Pub/Sub](https://www.elastic.co/blog/ingest-data-directly-from-google-pub-sub-into-elastic-using-google-dataflow) |
 654 | | A | Added integrations | New integrations for EDRs (Carbon Black, CrowdStrike, Palo Alto Cortex) and more |  |
 655 | | A | Scheduled queries | Schedule queries to inspect hosts with osquery and get results in the Stack |  |
 656 | | A | Private EPR | Self-managed version of Elastic Package Registry (EPR) as a Docker image | [doc](https://www.elastic.co/guide/en/integrations-developer/current/air-gapped.html) |
 657 | | A | In-memory attacks | Prevent memory manipulation (used for process injection via shellcode) | [blog post](https://www.elastic.co/blog/process-ghosting-a-new-executable-image-tampering-attack) |
 658 | | A | Linux quarantine | Use [eBPF](https://ebpf.io/) to isolate a Linux host from the network | [Cmd](https://www.elastic.co/blog/elastic-and-cmd-join-forces-to-help-you-take-command-of-your-cloud-workloads) and [eBPF blog post](https://www.elastic.co/blog/code-coverage-for-ebpf-programs) |
 659 | | APM | iOS agent | new APM agent for iOS (Swift only) based on OpenTelemetry | [blog post](https://www.elastic.co/blog/elastic-apm-ios-agent-technical-preview-released), [other post](https://www.elastic.co/observability-labs/blog/apm-ios-android-native-apps) |
 660 | | ES | Vector tiles | The vector tiles provides a huge performance improvement when searching geo_points and geo_shapes drawn to a map | [blog post](https://www.elastic.co/blog/introducing-elasticsearch-vector-tile-search-api-for-geospatial) |
 661 | | ES | Field usage | Grab field usage information and statistics |  |
 662 | | ES | Disk usage | Grab disk usage information of each field of an index or data stream | [blog post](https://www.elastic.co/blog/how-to-analyze-and-optimize-the-storage-footprint-of-your-elastic-deployment-disk-usage-api) |
 663 | | ML | Import/Export | Import and export jobs in Stack Management > Machine Learning Jobs |  |
 664 | | K | ML monitoring | Use anomaly detection on jobs health and alert on issue | [blog post](https://www.elastic.co/blog/accelerate-actions-on-anomaly-detection-jobs-with-the-kibana-alerting-framework) |
 665 | | K | Runtime field editor | Create runtime fields on the fly in Kibana |  |
 666 | | K | Cursor hover | In dashboards, cursor hover is synced across viz |  |
 667 | 
 668 | ## 7.14
 669 | 
 670 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 671 | | --- | --- | --- |
 672 | | 3 Aug 2021 | 7 Dec 2021 | 10 Feb 2023 |
 673 | 
 674 | Version-level references: [Blog post](https://www.elastic.co/blog/whats-new-elastic-7-14-0)
 675 | 
 676 | | Product | Feature | Description | References |
 677 | | --- | --- | --- | --- |
 678 | | A | Quarantine | Ability to isolate a host from a network with a simple Kibana clic |  |
 679 | | A | Live queries | Run a live query at anytime on osquery using the sql commands |  |
 680 | | ES | Match_only_text | Replacement for the text field type that leads to a 10% reduction of storage | [blog post](https://elastic.co/blog/save-10-percent-disk-space-on-your-logging-datasets-with-match-only-text) |
 681 | | ES | EQL supports CCS | EQL (and the whole Kibana Security app) supports Cross Cluster Search | [blog post](https://www.elastic.co/blog/elastic-on-elastic-configuring-the-security-app-to-use-cross-cluster-search) |
 682 | | ML | APM RCA | Reduce MTTR with automated root cause analysis of application issues | |
 683 | | ML | Spoofed URLs | Detect spoofed URLs by monitoring DGA domains | [blog post](https://www.elastic.co/blog/supervised-and-unsupervised-machine-learning-for-dga-detection) |
 684 | | K | Swimlane SOAR | New connector with the Swimlane SOAR platform  | [blog post](https://www.elastic.co/blog/elastic-swimlane-partnership) |
 685 | | K | Rule updates | In Kibana Security, rules update are faster and easier |  |
 686 | | K | Lens updates | Use [time shift](https://www.elastic.co/guide/en/kibana/7.14/whats-new.html#_time_shifts) and [color by value](https://www.elastic.co/guide/en/kibana/7.14/whats-new.html#_table_enhancements) and [custom formulas](https://www.elastic.co/guide/en/kibana/7.14/lens.html#lens-formulas) in Lens | [blog post](https://www.elastic.co/blog/kibana-10-common-questions-formulas-time-series-maps) |
 687 | | K | Maps updates | Highlight POI, mapping anomalies, a time slider and more | [blog post](https://www.elastic.co/blog/whats-new-elastic-maps-geo-annotations-choropleth-maps-integrations) and [volcano example](https://www.elastic.co/blog/understanding-evolution-volcano-eruption-elastic-maps) |
 688 | 
 689 | ## 7.13
 690 | 
 691 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 692 | | --- | --- | --- |
 693 | | 25 May 2021 | 22 Sep 2021 | 10 Feb 2023 |
 694 | 
 695 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-7-13-0-released)
 696 | 
 697 | _Note_: Elastic has changed the licensing options for Elasticsearch and Kibana. Here is an [update post](https://www.elastic.co/blog/elastic-license-update)
 698 | 
 699 | | Product | Feature | Description | References |
 700 | | --- | --- | --- | --- |
 701 | | A | Fleet server | Dedicated component for managing agents and administering agent integrations |  |
 702 | | A | k8s auto-discover | Improve ease of deployment in highly dynamic orchestrated environments |  |
 703 | | A | Heartbeat support | Integration of uptime monitoring in Elastic Agent |  |
 704 | | A | osquery deployment | Elastic Agent can install osquery on any host |  |
 705 | | B | Threat intel | Seamlessly ingest freely available threat intelligence sources (Abuse.ch, AlienVault OTX, etc) | [blog post](https://www.elastic.co/blog/ingesting-threat-data-with-threat-intel-filebeat-module) and [other post](https://www.elastic.co/blog/establish-robust-threat-intelligence-with-elastic-security) and [on Mozi](https://www.elastic.co/blog/collecting-and-operationalizing-threat-data-from-the-mozi-botnet) and [SOAR & TI](https://www.elastic.co/blog/oct-2022-launch-elastic-security) |
 706 | | L | Data stream support | Extends the Elasticsearch output plugin to write data streams |  |
 707 | | L | ECS compliance | In the way to get Logstash ECS compliant | [github issue](https://github.com/elastic/logstash/issues/11623) |
 708 | | ES | Runtime to indexed | To create an indexed field based on a runtime field, simply "move" it in the index template |  |
 709 | | ES | Faster aggs | Additional performance increase in terms and filter aggregations | [blog post](https://www.elastic.co/blog/new-in-elasticsearch-7-13-even-faster-aggregations) |
 710 | | ES | Audit ignore policy | Reduce the noise and remove unnecessary response from actions in ES audit logs |  |
 711 | | ML | SIEM ML jobs | New ML jobs added in Kibana SIEM | [LOLBins ML](https://www.elastic.co/blog/problemchild-detecting-living-off-the-land-attacks) or [ML for AWS Cloudtrail](https://www.elastic.co/blog/detecting-threats-in-aws-cloudtrail-logs-using-machine-learning) or [rare anomalies examples](https://www.elastic.co/blog/using-elastic-machine-learning-rare-analysis-to-hunt-for-the-unusual) or [unusual network activity](https://www.elastic.co/blog/detecting-unusual-network-activity-with-elastic-security-and-machine-learning) |
 712 | | ML | model alias | To simplify the deployment and upgrading of trained models |  |
 713 | | K | Custom banner | Banner (showing at the top) that visually differentiates Kibana Spaces |  |
 714 | | K | Runtime fields editor | Create your own fields in a Kibana index pattern on the fly |  |
 715 | | K | Frozen in ILM | Configure the frozen tier and also choose the object store repository to use |  |
 716 | | K | APM time compare | Allows users to quickly compare current and historical behavior |  |
 717 | | K | APM scatterplot | Scatterplot view visually shows transactions by latency and load distribution |  |
 718 | | K | osquery integration | osquery management and unified analysis integrated in Kibana |  |
 719 | 
 720 | ## 7.12
 721 | 
 722 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 723 | | --- | --- | --- |
 724 | | 23 Mar 2021 | 3 Aug 2021 | 23 Sep 2022 |
 725 | 
 726 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-7-12-0-released)
 727 | 
 728 | | Product | Feature | Description | References |
 729 | | --- | --- | --- | --- |
 730 | | A | Ransomware prevention | New layer of ransomware prevention based on behavioral analysis |  |
 731 | | APM | Native OpenTelemetry support | Users can now directly send data from OpenTelemetry agents to APM server | [blog post](https://www.elastic.co/blog/implementing-kubernetes-observability-security-opentelemetry) |
 732 | | ES | Frozen tier | Makes object stores (S3) searchable by fetching needed data from the store and caching locally | [blog post](https://www.elastic.co/blog/introducing-elasticsearch-frozen-tier-searchbox-on-s3), [query 1PB](https://www.elastic.co/blog/querying-a-petabyte-of-cloud-storage-in-10-minutes) |
 733 | | K | APM correlation | Automatically surface factors that are highly correlated with underperforming transactions | [blog post](https://www.elastic.co/blog/apm-correlations-elastic-observability-root-cause-transactions) |
 734 | | K | Dashboard-first | Dashboard-first approach makes it simple to create and add viz without leaving the dashboard-building flow | [blog post](https://www.elastic.co/blog/building-kibana-dashboards-more-efficiently) and [other post](https://www.elastic.co/blog/new-in-kibana-how-we-made-it-easier-manage-visualizations-and-build-dashboards) |
 735 | | K | Save session | In Discover and Dashboard, you can save a long-running search to run in the background |  |
 736 | | K | Runtime fields | You can now use runtime fields from within Discover and Kibana Lens | [new fields api](https://www.elastic.co/blog/discover-uses-fields-api-in-7-12) |
 737 | | K | Transform retention | Data Transforms adds data retention policy | [blog post](https://www.elastic.co/blog/how-to-use-transforms-to-track-your-most-recent-customer-orders) |
 738 | | K | ServiceNow SIR connector | Adding in SIEM the ServiceNow Security Incident Response (SIR) action |  |
 739 | 
 740 | ## 7.11
 741 | 
 742 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 743 | | --- | --- | --- |
 744 | | 10 Feb 2021 | 25 May 2021 | 10 Aug 2022 |
 745 | 
 746 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-7-11-0-released)
 747 | 
 748 | _Note_: Elastic is changing the licensing options for Elasticsearch and Kibana, moving from the Apache 2 licensed code to be dual licensed under both the Elastic License and SSPL. See [blog post](https://www.elastic.co/blog/elastic-license-v2)
 749 | 
 750 | | Product | Feature | Description | References |
 751 | | --- | --- | --- | --- |
 752 | | A | Added sources | Catching up on Beats modules, Elastic Agent added auditd, CEF, iptables, osquery and other sources | |
 753 | | A | Registered AV in Windows | Windows now recognizes Elastic as an official antivirus solution |  |
 754 | | A | Trusted signer | Trusted applications (on Windows) can now be defined by the software signer, path, and/or hash |  |
 755 | | B | Iotsio module | Added monitoring for iostio | [blog post](https://www.elastic.co/blog/istio-monitoring-with-elastic-observability) |
 756 | | APM | ECS logging libs | ECS logging libraries are plugins (for most languages & frameworks) to link app logs & traces | [blog post](https://www.elastic.co/blog/monitoring-java-applications-and-multiservice-traces-and-correlated-logs) |
 757 | | ES | Date hist speed++ | The speed of date histograms has been increased by 85% | [blog post](https://www.elastic.co/blog/how-we-made-date-histogram-aggregations-faster-than-ever-in-elasticsearch-7-11) |
 758 | | ES | Runtime fields | Give ability to define the schema at query time | [intro post](https://www.elastic.co/blog/introducing-elasticsearch-runtime-fields) and [tech post](https://elastic.co/blog/getting-started-with-elasticsearch-runtime-fields) |
 759 | | ML | Latest Transform | In Data Transforms, new "latest" agg creating an index updated with the most recent document |  |
 760 | | ML | Space aware | ML jobs are now space aware |  |
 761 | | K | Anonymous access | Any saved object can be accessed with no credentials using specialized links |  |
 762 | | K | Service health view | New service overview page summarizes all the information about the health of a service |  |
 763 | | K | Alerting GA | Kibana Alerting is now generally available! | [blog post](https://www.elastic.co/blog/elastic-stack-alerting-now-generally-available) |
 764 | | K | Host details | New view to the Metrics app to zoom out for historical key metrics for individual hosts |  |
 765 | | K | Page load | New page load waterfall chart that displays the connection stats in the synthetic monitoring |  |
 766 | | K | Tags | Set tags to better manage and access content in Kibana (nav bar) |  |
 767 | | K | Lens updates | New color palette picking, custom chart labels and... CSV export! | [blog post](https://www.elastic.co/blog/kibana-lens-now-generally-available) |
 768 | | K | Maps server | Elastic Maps Server, a downloadable docker image to use Maps offline |  |
 769 | | K | Timeline updates | In SIEM, Timeline got tabbed info, fullscreen, multicolumn sorting, event details, etc | [import/export](https://www.elastic.co/blog/how-to-export-import-share-timelines-and-templates-from-elastic-security) |
 770 | | K | SS in ILM | Searchable snapshots in index lifecycle management UI |  |
 771 | | K | Audit log | This new audit log records authentication and authorization, CRUD operations, HTTP requests etc |  |
 772 | | K | Data viz redesign | The Machine Learning data visualizer gets redesigned |  |
 773 | 
 774 | ## 7.10
 775 | 
 776 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 777 | | --- | --- | --- |
 778 | | 11 Nov 2020 | 23 Mar 2021 | 11 May 2022 |
 779 | 
 780 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-7-10-0-released)
 781 | 
 782 | | Product | Feature | Description | References |
 783 | | --- | --- | --- | --- |
 784 | | A | Trusted apps | Users can provide a list of trusted (whitelisted) apps in malware prevention |  |
 785 | | APM | PHP agent | New PHP agent | [blog post](https://www.elastic.co/blog/elastic-apm-php-agent-1-0-released), [in v8](https://www.elastic.co/blog/introducing-the-new-php-client-for-elasticsearch-8) |
 786 | | ES | Searchable snapshots | Elasticsearch can now search in snapshots stored in low-cost object stores like S3 | [blog post](https://www.elastic.co/blog/introducing-elasticsearch-searchable-snapshots) and [vs AWS ultrawarm](https://www.elastic.co/blog/elastic-searchable-snapshots-or-aws-ultrawarm-making-the-right-choice-elasticsearch) |
 787 | | ES | Improved compression | 10% storage savings in indices created in v7.10+ | [blog post](https://www.elastic.co/blog/save-space-and-money-with-improved-storage-efficiency-in-elasticsearch-7-10) |
 788 | | ES | Cold tier | By replacing the index replica by a searchable snapshot, cluster storage can be reduced by up to 50% | [3-tier setup](https://www.elastic.co/blog/elasticsearch-data-lifecycle-management-with-data-tiers) and [cold tier testing](https://www.elastic.co/blog/testing-the-new-elasticsearch-cold-tier-of-searchable-snapshots-at-scale) |
 789 | | K | UX monitoring | New User Experience app allows you to monitor key user experience metrics, inc [Web Vitals](https://web.dev/vitals/) | [blog post](https://www.elastic.co/blog/introducing-user-experience-monitoring-app-synthetic-capabilities) |
 790 | | K | Synthetic monitoring | Multistep checks to simulate complex user flows and measure performance from Uptime UI | [blog post](https://www.elastic.co/blog/introducing-user-experience-monitoring-app-synthetic-capabilities), [Synthetic monitoring service](https://www.elastic.co/blog/new-synthetic-monitoring-observability) and [ynthetics on Kibana](https://www.elastic.co/blog/what-can-elastic-synthetics-tell-us-about-kibana-dashboards) |
 791 | | K | Nav bar | Move faster in Kibana with new navigational search (at the top of Kibana) |  |
 792 | | K | ML in metrics | Detect common infrastructure issues with new one-click ML jobs |  |
 793 | | K | URL drilldown | Create navigation paths to web apps using URLs that can even include data parameters | [blog post](https://www.elastic.co/blog/driving-dashboard-actions-in-kibana-with-url-drilldowns) |
 794 | | K | Chart description | In dashboards, a description can be added to a chart (displayed as tooltip) |  |
 795 | | K | APM canvas | Pre-made Canvas workpad displaying APM data | [blog post](https://www.elastic.co/blog/application-performance-monitoring-apm-with-canvas-in-kibana) |
 796 | | K | Jira action | New Jira connector for Kibana alerting |  |
 797 | | K | Correlation rules | Leverages EQL to automate detection of multi-stage attacks | [blog post](https://www.elastic.co/blog/whats-new-elastic-security-7-10-0-correlation-cloud-visibility-detection) |
 798 | | K | RBAC for alerting | Feature control for stack-level alerts, actions and connectors |  |
 799 | | K | Detection rules repo | All detection rules (including newest Azure/GCP) are shared and contributed in github | [blog post](https://www.elastic.co/blog/elastic-security-opens-public-detection-rules-repo) and [github repo](https://github.com/elastic/detection-rules) |
 800 | | K | Feature importance | In ML Data Frame Analytics, displaying the feature importance |  |
 801 | | K | Maps alerting | Added location-based "geo-fencing" alerts in Maps | [blog post](https://www.elastic.co/blog/pushing-boundaries-with-elastic-maps-7-10) |
 802 | 
 803 | ## 7.9
 804 | 
 805 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 806 | | --- | --- | --- |
 807 | | 19 Aug 2020 | 10 Feb 2021 | 18 Feb 2022 |
 808 | 
 809 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-7-9-0-released)
 810 | 
 811 | | Product | Feature | Description | References |
 812 | | --- | --- | --- | --- |
 813 | | A | Elastic Agent | Single agent to collect all kinds of data from a host, including logs, metrics, and endpoint security data | [blog post](https://www.elastic.co/blog/elastic-agent-and-fleet-make-it-easier-to-integrate-your-systems-with-elastic) |
 814 | | A | Ingest Manager | Central place to control all integrations (formerly called modules) for Elastic Agent |  |
 815 | | A | Fleet | Centrally manage all Elastic Agents from Kibana |  |
 816 | | A | Anti-malware | Signatureless malware prevention now built into Elastic Agent | [blog post](https://www.elastic.co/blog/detecting-cobalt-strike-with-memory-signatures) and [sandbox setup](https://www.elastic.co/blog/how-to-build-a-malware-analysis-sandbox-with-elastic-security) and [Sunburst protection](https://www.elastic.co/blog/elastic-security-provides-free-and-open-protections-for-sunburst) |
 817 | | B | Security integrations | Added Microsoft Defender ATP, PowerShell, Gsuite and tens of others leveraging [RSA2ELK](https://github.com/blookot/rsa2elk) |  |
 818 | | APM | OpenTelemetry | Elastic APM exporter takes data from OpenTelemetry collector  and sends them to Elastic APM server | [blog post](https://www.elastic.co/blog/elastic-apm-opentelemetry-integration) |
 819 | | L | Faster startup | Faster pipeline startups and restarts |  |
 820 | | L | App Search output | Added Elastic App Search output pluging |  |
 821 | | ES | EQL | New Event Query Language facilitating correlation designed for security use cases | [blog post](https://www.elastic.co/blog/hunting-for-lateral-movement-using-event-query-language) |
 822 | | ES | Wildcard type | New data type splitting strings into 3-letter tokens to introduce wildcard and regex search | [blog post](https://www.elastic.co/blog/find-strings-within-strings-faster-with-the-new-elasticsearch-wildcard-field) |
 823 | | ES | Data streams | Single named resource to ingest & manage time series data | [intro post](https://www.elastic.co/blog/an-introduction-to-the-elastic-data-stream-naming-scheme) and [beyond](https://www.elastic.co/blog/how-to-manage-elasticsearch-data-multiple-indices-filebeat-ilm-data-streams) |
 824 | | ES | Tableau Connector | Provides direct, real-time access to Elasticsearch data from Tableau Server and Tableau Desktop | [Tableau connector](https://extensiongallery.tableau.com/connectors/180) |
 825 | | ML | Added SIEM jobs | Adding new ML jobs to detect threats, integrated in the SIEM app |  |
 826 | | ML | Model snapshot | Lets you quickly revert back to an earlier snapshot or even just skip the problem events |  |
 827 | | K | New Kibana platform | New platform enabling instant page loads | [Kibana platform](https://www.elastic.co/blog/introducing-a-new-architecture-for-kibana) |
 828 | | K | Explore viz data | In a dashboard, click 'explore underlying data' to see the documents in Discover |  |
 829 | | K | Lens improvements | Multiple Y axes, custom color selection, handling sparse data
 830 | | K | Observability homepage | Curated view presenting key information across all your observability data (logs, metrics, APM, uptime) |  |
 831 | | K | Uptime ML alerting | Addition of alerting on anomaly detection (from ML) in Uptime | [blog post](https://www.elastic.co/blog/alerting-and-anomaly-detection-for-uptime-and-reliability) |
 832 | | K | Threshold-based rules | In SIEM, new rules detecting number of matches exceeding a threshold |  |
 833 | | K | Process-tree viz | In SIEM, new interactive visualization of endpoint-based activity |  |
 834 | | K | Alert exception | Create rule exceptions in SIEM (indivisually or with a list) |  |
 835 | | K | ServiceNow action | Trigger ServiceNow incidents with alerts |  |
 836 | | K | IBM Resilient action | Open or update a case within IBM Security Resilient from Kibana alerting |  |
 837 | | K | Enterprise search | App Search and Workplace Search have their UI integrated in Kibana |  |
 838 | 
 839 | ## 7.8
 840 | 
 841 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 842 | | --- | --- | --- |
 843 | | 18 June 2020 | 11 Nov 2020 | 18 Dec 2021 |
 844 | 
 845 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-7-8-0-released)
 846 | 
 847 | | Product | Feature | Description | References |
 848 | | --- | --- | --- | --- |
 849 | | B | Added integrations | Main additions are Google Cloud operations suite (formerly Stackdriver), Fortinet, Check Point and CrowdStrike Falcon | [all integrations](https://www.elastic.co/integrations) |
 850 | | B | Certificate validity | Elastic Uptime adds TLS/SSL monitoring to automatically track certificate validity and expiration dates | [blog post](https://www.elastic.co/blog/elastic-uptime-monitoring-7-8-0-released) and [another](https://www.elastic.co/blog/service-monitoring-and-availability-made-simple-with-elastic-uptime-and-heartbeat) |
 851 | | APM | OpenTelemetry support | Added an Elastic APM exporter to integrate the OpenTelemetry trace data into Elastic APM | [blog post](https://www.elastic.co/blog/elastic-apm-opentelemetry-integration)
 852 | | ES | Geo aggs | Aggregations now support BKD-backed geo_shapes (geo bounds, grids and centroids) |  |
 853 | | ES | Histogram aggs | New aggregations (sum, value count & avg) on the histogram field |  |
 854 | | ES | t-test | Metric aggregation used in A/B testing |  |
 855 | | ES | ARM support | ES now runs on ARM | [blog post](https://www.elastic.co/blog/elasticsearch-on-arm) |
 856 | | K | New navigation menu! | with simple organization and grouping |  |
 857 | | K | Dashboard upgrades | Cloning a viz, drilldown links between dashboards and including ML anomaly swimlanes |  |
 858 | | K | Anomaly explorer in dahsboards | embed visuals from ML Anomaly Explorer inside dashboards |  |
 859 | | K | 1GB File upload | The file data visualizer upload supports 1GB files |  |
 860 | | K | Alerting connectors | Connectors are globally available, easy to configure with Kibana keystore support |  |
 861 | | K | Jira integration | New integration with Jira Core, Jira Service Desk and Jira Software to quickly open or update a Jira incident or issue to take action |  |
 862 | | K | Maps for APM RUM | Real User Monitoring data can now be added as a layer in a Map |  |
 863 | | K | ML in service maps | APM service maps automatically pull data from ML and color service nodes to show the anomalies |  |
 864 | | K | Treemap | Lens adds treemap viz type |  |
 865 | | K | Pipeline builder | The new ingest node pipeline builder makes it easy to configure custom ingest pipelines |  |
 866 | | K | Pre-access screen | Shown before a user is allowed to authenticate into Kibana, with custom text and completion button |  |
 867 | | K | Custom sign-on | Configurable sign-on experience for anyone using SSO (password hints, custom icons) |  |
 868 | 
 869 | ## 7.7
 870 | 
 871 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 872 | | --- | --- | --- |
 873 | | 13 May 2020 | 19 Aug 2020 | 23 Nov 2021 |
 874 | 
 875 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-7-7-0-released)
 876 | 
 877 | | Product | Feature | Description | References |
 878 | | --- | --- | --- | --- |
 879 | | B | Added integrations | Main additions are Prometheus/OpenMetrics, AWS (Lambda, VPC, Aurora, DynamoDB), Google Cloud (Pub/Sub and LB), Azure (db account, AKS and container metrics), Pivotal Cloud Foundry, MQTT, Redis, and IBM MQ | [Prometheus blog post](https://www.elastic.co/blog/how-to-implement-prometheus-long-term-storage-using-elasticsearch), [all integrations](https://www.elastic.co/integrations) |
 880 | | B | Security sources | Adding Okta, Microsoft 365 and Check Point security sources | [blog post on Okta](https://www.elastic.co/blog/okta-and-lapsus-what-you-need-to-know) |
 881 | | APM | Inferred spans | Surface additional spans that show you granular method-level info powered by a low overhead async profiler | [blog post](https://www.elastic.co/blog/from-distributed-tracing-to-distributed-profiling-with-elastic-apm) and [okta security](https://www.elastic.co/blog/testing-okta-visibility-and-detection-dorothy) |
 882 | | ES | async search | Run potentially long-running queries in the background, allowing you to track their progress and retrieve partial results as they become available. |  |
 883 | | ES | Heap reduction | Moved the terms index of the _id off heap for time-series | [blog post](https://www.elastic.co/blog/significantly-decrease-your-elasticsearch-heap-memory-usage) |
 884 | | ES | Faster sort | Improved performance on time sorted queries (note that this does not help when aggregations are requested) |  |
 885 | | ES | Platform support | ES now supports RHEL/CentOS 8, Windows 2019 and OpenJDK 14 | [support matrix](https://www.elastic.co/support/matrix) |
 886 | | ML | Multiclass classification | Data frame analytics can classify a range of outputs, not only right or wrong (binary classif introduced in 7.5) | [example on DGA detection](https://www.elastic.co/blog/machine-learning-in-cybersecurity-training-supervised-models-to-detect-dga-activity) and [part 2 on inference](https://www.elastic.co/blog/machine-learning-in-cybersecurity-detecting-dga-activity-in-network-data) |
 887 | | K | Lazy loading | Kibana uses asynchronous search in Dashboard and Discover to optionally ignore timeout until completion |  |
 888 | | K | Alerting in apps | Full new Kibana alerting tightly integrated into the SIEM, Metrics, APM and Uptime apps, managed from the UI | [blog post](https://www.elastic.co/blog/introducing-the-new-alerting-framework-for-observability-security-and-the-elastic-stack), [genesis](https://www.elastic.co/blog/alerting-in-the-elastic-stack) |
 889 | | K | APM Service map | Shows a graphical view of the dependencies between applications and external services with high level KPIs |  |
 890 | | K | APM agent config | Ability to configure the APM agent properties in the APM app |  |
 891 | | K | APM custom links | Create dynamic custom links (populate GitHub/Jira issues or link to a Kibana dashboard) based on your specific APM data |  |
 892 | | K | ML in Uptime | Uptime has incorporated machine learning into its ability to highlight anomalous response durations |  |
 893 | | K | Viz in Canvas | Add existing visualizations created in Kibana Lens, Visualize, or TSVB inside a Canvas |  |
 894 | | K | File upload | The file upload UI (in ML > Data Visualizer) now has the ability to recommend a Filebeat config file |  |
 895 | | K | Cases | Embedded case management in Elastic SIEM |  |
 896 | | K | ServiceNow integ | Cases directly integrates with ServiceNow ITSM, allowing analysts to forward info from Elastic SIEM to ServiceNow |  |
 897 | | K | Maps additions | Show individual points when zooming in, and filter on distance (radial) |  |
 898 | | K | Painless Lab | Added in "Dev Tools", painless lab allows to run and debug Painless (simple, fast and secure scripting language for Elasticsearch) scripts |  |
 899 | 
 900 | ## 7.6
 901 | 
 902 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 903 | | --- | --- | --- |
 904 | | 11 Feb 2020 | 18 June 2020 | 11 Aug 2021 |
 905 | 
 906 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-7-6-0-released)
 907 | 
 908 | | Product | Feature | Description | References |
 909 | | --- | --- | --- | --- |
 910 | | B | Cloud modules | New beat modules to capture AWS billing, AWS VPC flow logs, any GCP service monitored by Stackdriver and Azure Storage (blobs, files, etc) |  |
 911 | | L | Monitor to Cloud | Easy configuration to send Logstash stack monitoring data to a cluster in Elastic Cloud |  |
 912 | | APM | Jaeger bridge | Provide a direct bridge between Elastic APM and Jaeger with Jaeger intake support | [blog post](https://www.elastic.co/blog/exploring-jaeger-traces-with-elastic-apm), [APM, free and open](https://www.elastic.co/blog/elastic-apm-free-open-source-apm) |
 913 | | APM | .Net logger | Full C# representation of ECS using .NET types with integrations for Elastic APM Logging with Serilog and NLog, vanilla Serilog, and for BenchmarkDotnet | [blog post](https://www.elastic.co/blog/elastic-common-schema-dotnet-library-and-integrations-released-for-elasticsearch) |
 914 | | ES | Faster sort | Improve (like 35x!) the performance of queries that are sorted by date or other long values |  |
 915 | | ES | Faster composite agg | Faster composite aggregations on sorted indices |  |
 916 | | ES | Faster geo_shape | The geo_shape query has been enhanced to use a BKD tree | [blog post](https://www.elastic.co/blog/bkd-backed-geo-shapes-in-elasticsearch-precision-efficiency-speed) |
 917 | | ES | CCx proxy | A proxy can now be used between clusters for both CCR and CCS |  |
 918 | | ES | Histogram | New histogram data type as a more efficient way to handle data that can be represented in a histogram |  |
 919 | | ES | String stats | New string stats aggregation calculates the count, Shannon entropy and the min/max and average length of the strings |  |
 920 | | ML | Inference | Supervised ML models can be used for inference at ingest time | [blog post](https://www.elastic.co/blog/add-flexibility-to-your-data-science-with-inference-pipeline-aggregations) and [end to end example](https://www.elastic.co/blog/train-evaluate-monitor-infer-end-to-end-machine-learning-in-elastic) |
 921 | | ML | Language detection | Language identification model used to label the language on documents at ingest time | [blog post](https://www.elastic.co/blog/multilingual-search-using-language-identification-in-elasticsearch) |
 922 | | ML | Py Panda | Python Elasticsearch client called eland to analyse, explore and manipulate data that resides in Elasticsearch | [github](https://github.com/elastic/eland) and [jupyter viz in kibana](https://www.elastic.co/blog/how-to-jupyter-notebook-visualizations-kibana-dashboards-vega-data-science)|
 923 | | K | SIEM detection engine | Automate threat detection and minimize MTTD with nearly 100 OOTB rules aligned with the ATT&CK framework | [blog post](https://www.elastic.co/blog/elastic-siem-detections), [detection rules repo](https://www.elastic.co/blog/elastic-security-opens-public-detection-rules-repo), [copy-paste attack detection](https://www.elastic.co/blog/preventing-copy-paste-compromises-acsc-2020-008-with-elastic-security) |
 924 | | K | APM in SIEM | Elastic SIEM added curated visibility into HTTP data (coming from Elastic APM) with adequate rules |  |
 925 | | K | AWS/GCP in SIEM | Support for AWS CloudTrail and GCP events in the SIEM app |  |
 926 | | K | SIEM overview | New Elastic SIEM app overview page with timelines, news, signals, sources, etc  |  |
 927 | | K | Logs categorization | New categories tab in the Logs UI uses ML categorization to find anomalies on unstructured logs | [blog post](https://www.elastic.co/blog/elastic-logs-7-6-0-released) and a [quick start post](https://www.elastic.co/blog/searching-logs-free-open-logs-app-kibana)  |
 928 | | K | Uptime | Addition of a world map to the Uptime UI enables visualization of user-perceived performance on a global scale |  |
 929 | | K | Lens additions | Added a quick "reset layer" action and support for scripted fields in Kibana Lens |  |
 930 | | K | Nested search | Ability to search and filter on nested fields. More to come soon ;) |  |
 931 | | K | ILM&SLM | ILM users now have the ability to utilize a `wait_for_snapshot` action |  |
 932 | | K | Template UI | New visual mapping editor for index templates |  |
 933 | | K | Maps style | Categorical styling and customize labels within the layer style panel |  |
 934 | | K | Maps in Canvas | Ability to embed map elements directly into Canvas workpads |  |
 935 | 
 936 | ## 7.5
 937 | 
 938 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 939 | | --- | --- | --- |
 940 | | 2 Dec 2019 | 13 May 2020 | 2 Jun 2021 |
 941 | 
 942 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-7-5-0-released)
 943 | 
 944 | | Product | Feature | Description | References |
 945 | | --- | --- | --- | --- |
 946 | | B | Stack monitoring | External collection for Elastic Stack Monitoring is now available via Metricbeat | [blog post](https://www.elastic.co/blog/external-collection-for-elastic-stack-monitoring-is-now-available-via-metricbeat) |
 947 | | B | Azure modules | Addition of Metricbeat and Filebeat modules to monitor logs and metrics from Azure Event Hub and Azure Monitor  | [blog post](https://www.elastic.co/blog/elasticsearch-service-on-elastic-cloud-now-available-on-microsoft-azure), [Azure module](https://www.elastic.co/blog/monitoring-azure-activity-logs-reports-and-metrics-with-new-beats-modules) |
 948 | | B | Heartbeat for k8s | Enhancing Uptime (heartbeat) to include hint-based auto-discovery for Kubernetes monitoring |  |
 949 | | ES | Snapshot retention | Added in SLM (snapshot lifecycle management) the retention configuration |  |
 950 | | ES | API keys | Kibana app to easily view/manage API keys |  |
 951 | | ES | Enrichment proc | Added an enrich processor (in ingest pipeline) to lookup in an Elasticsearch index and add the results to your document at indexing time | [blog post](https://www.elastic.co/blog/introducing-the-enrich-processor-for-elasticsearch-ingest-nodes), [other one](https://www.elastic.co/blog/how-to-enrich-logs-and-metrics-using-an-elasticsearch-ingest-node) and [ip enrichment](https://www.elastic.co/blog/enriching-elasticsearch-data-geo-ips-internal-private-ip-addresses) |
 952 | | ES | Pause CCR | Pause & resume flows in CCR, useful for upgrades |  |
 953 | | ES | Geotile grid agg | This enhancement enables users to aggregate all docs within a given tile on a geographical map |  |
 954 | | ML | Classification | Binary classification predicts the class or category of a given data point in a dataset | [intro post](https://www.elastic.co/blog/using-elastic-supervised-machine-learning-for-binary-classification) and [bench post](https://www.elastic.co/blog/benchmarking-binary-classification-results-in-elastic-machine-learning), [feature importance](https://www.elastic.co/blog/feature-importance-for-data-frame-analytics-with-elastic-machine-learning) |
 955 | | K | Lens | New way to rapidly draw meaningful visualization without needing any technical experience of Elasticsearch | [blog post](https://www.elastic.co/blog/introducing-kibana-lens) |
 956 | | K | Sharing Canvas | Share static Canvas workpads in HTML format using a JavaScript snippet |  |
 957 | | K | News feed | Introducing a newsfeed that highlights what's new at Elastic (blogs, webinars, security vulnerabilities...) |  |
 958 | | K | SIEM & EES | Elastic SIEM now supports data from EES (Elastic Endpoint Security, previously Endgame) |  |
 959 | | K | SIEM widgets | The SIEM app adds event histogram, TLS widget and source/dest countries |  |
 960 | | K | Log rate | The logs app now has a dataset-based log rate anomaly detection based on ML |  |
 961 | | K | ILM age | Control the index age math that’s used by index lifecycle management (ILM) for phase timings calculations | [blog post](https://www.elastic.co/blog/control-ilm-phase-transition-timings-using-origination-date) |
 962 | | K | Query cancellation | If a user navigates away or updates a query before getting the results, Kibana now cancels the Elasticsearch query |  |
 963 | | K | Landing page | Configure the landing page on a per-space basis |  |
 964 | | K | Custom avatar | Configure a custom avatar per space |  |
 965 | 
 966 | ## 7.4
 967 | 
 968 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
 969 | | --- | --- | --- |
 970 | | 1 Oct 2019 | 11 Feb 2020 | 1 Apr 2021 |
 971 | 
 972 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-7-4-0-released)
 973 | 
 974 | | Product | Feature | Description | References |
 975 | | --- | --- | --- | --- |
 976 | | B | New modules | Beats modules capturing metrics from StatD, AWS ELB, EBS and CloudWatch, logs from IBM MQ & AWS S3 (access logs) and a CEF decoder in Filebeat | [blog post](https://www.elastic.co/blog/monitoring-aws-services-using-the-cloudwatch-metricset), [another on S3](https://www.elastic.co/blog/getting-aws-logs-from-s3-using-filebeat-and-the-elastic-stack) |
 977 | | B | SQS & Kafka input | Filebeat now supports AWS SQS (used to read from S3) and Kafka inputs |  |
 978 | | B | Java logging | Send (ECS compliant!) logs from Java apps using native integration in log4j & logback | [github project](https://github.com/elastic/ecs-logging-java) |
 979 | | APM | Angular & .Net frameworks | Added support for Angular (RUM agent) and .Net framework (.Net agent) |  |
 980 | | APM | Geolocation | Geolocation added in RUM to display "performance by geographic region" breakdown |  |
 981 | | APM | APM to log | Integrated way to navigate between APM and the Logs app | [blog post](https://www.elastic.co/blog/how-to-easily-correlate-logs-apm-traces-for-better-observability-elastic-stack) |
 982 | | APM | Java logger | Centralized logging for Java applications with the Elastic stack made easy using plugins for Log4j & Logback | [github](https://github.com/elastic/ecs-logging-java) |
 983 | | ES | New alerting | Basis of the new Kibana's alerting system are being delivered... stay tuned! | [blog post](https://www.elastic.co/blog/alerting-in-the-elastic-stack) |
 984 | | ES | Results pinning | By using the new pinned query, users can manage and order results as they see fit | [blog post](https://www.elastic.co/blog/using-elasticsearch-pinned-queries-to-promote-specific-results) |
 985 | | ES | Agg on range | Run aggregations (cardinality, missing, value count, histogram and date histogram) on range fields |  |
 986 | | ES | Geospacial | Geospacial improvements : shape field type and circle ingest processor |  |
 987 | | ES | Auto cancel | Auto terminate queries sent through the `_search` endpoint when the initiating connection is closed |  |
 988 | | ML | Regression | Regression analysis estimates the relationships among a number of feature variables and a dependent variable | [feature importance](https://www.elastic.co/blog/feature-importance-for-data-frame-analytics-with-elastic-machine-learning) |
 989 | | K | Missile map | Map (in both Maps & SIEM) showing network connections live | [blog post](https://www.elastic.co/blog/integrating-maps-into-elastic-siem) |
 990 | | K | SLM | Management UI for snapshot lifecycle management (in Management/Snapshot and restore) |  |
 991 | | K | Index template | Manage index templates |  |
 992 | | K | PKI auth | Native support for PKI authentication enables to log into Kibana using X.509 client certificates and a two way encryption system |  |
 993 | | K | Share queries | Share saved queries accross Discover, Visualize & Dashboard |  |
 994 | | K | Custom time range | Ability to configure each viz or saved search for a specific time range |  |
 995 | | K | Copy objects | Copy saved objects accross spaces |  |
 996 | 
 997 | ## 7.3
 998 | 
 999 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
1000 | | --- | --- | --- |
1001 | | 31 Jul 2019 | 2 Dec 2019 | 31 Jan 2021 |
1002 | 
1003 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-7-3-0-released)
1004 | 
1005 | | Product | Feature | Description | References |
1006 | | --- | --- | --- | --- |
1007 | | B | New modules | Filebeat gets new modules for MS SQL Server, Google pub/sub and VPC flows ; Metricbeat adds Oracle and AWS RDS modules |  |
1008 | | L | JMS plugin | Consume data from any JMS technology by embracing the bring-your-own-driver model (similar to the JDBC plugins) | [blog post](https://www.elastic.co/blog/integrating-jms-with-elasticsearch-service-using-logstash) |
1009 | | APM | SPA support | RUM (Real User Monitoring) supports Single Page Applications (SPA) in React |  |
1010 | | APM | Maps integration | RUM now adds geoip by default so performance can be displayed in Maps app in Kibana |  |
1011 | | APM | Time spent | The "Time spent by type" chart allows to see exactly where applications are spending their time |  |
1012 | | ES | Rare terms | New aggregation designed to identify the long-tail of terms that have low doc counts |  |
1013 | | ES | Voting-only master | The new voting-only master-eligible node can participate in master elections without acting as a master |  |
1014 | | ES | Vector scoring | Adds two predefined functions to use for calculating vector similarity between a given query vector and document vectors | [blog post](https://www.elastic.co/blog/text-similarity-search-with-vectors-in-elasticsearch) |
1015 | | ES | Flattened type | Allows an entire flat JSON object to be indexed into a single field |  |
1016 | | ES | Synonyms update | Synonym filters used by search analyzers can now be updated without restarting the index | [blog post](https://www.elastic.co/blog/boosting-the-power-of-elasticsearch-with-synonyms) |
1017 | | ML | Security jobs | Create ML jobs from the SIEM app in Kibana |  |
1018 | | ML | Outlier detection | Outlier detection integrated in data transforms | [catching malware](https://www.elastic.co/blog/catching-malware-with-elastic-outlier-detection), [benchmark](https://www.elastic.co/blog/benchmarking-outlier-detection-in-elastic-machine-learning) |
1019 | | K | Log to APM | Logs & APM are not integrated so you can automatically navigate from a specific log event to APM traces |  |
1020 | | K | Uptime summaries | Monitor Summaries allow to see multiple Heartbeat results grouped in a single expandable row per endpoint |  |
1021 | | K | Snapshot mngt UI | The snapshot management UI enables create, restore and delete |  |
1022 | | K | Kerberos auth | Single-sign-on (SSO) access to users to log into Kibana using Kerberos  |  |
1023 | | K | CSV export | Export a saved search in a CSV file |  |
1024 | 
1025 | ## 7.2
1026 | 
1027 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
1028 | | --- | --- | --- |
1029 | | 25 Jun 2019 | 1 Oct 2019 | 25 Dec 2020 |
1030 | 
1031 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-7-2-0-released), [Video](https://youtu.be/bmx13X87e2s)
1032 | 
1033 | | Product | Feature | Description | References |
1034 | | --- | --- | --- | --- |
1035 | | B | New modules | A lot of new modules (Palo Alto Networks - PANW, Cisco ASA firewall, Netflow & IPFIX, NATS, CoreDNS, Windows sysmon & security) | [release post](https://www.elastic.co/blog/beats-7-2-0-released), [signals on sysmon data](https://www.elastic.co/blog/signals-in-elastic-siem-sysmon-data) |
1036 | | B | Scripting | Scripting in Go at the edge (on servers) |  |
1037 | | L | Google modules | New input & output modules to interact with GCS (Google Cloud Storage) buckets |  |
1038 | | APM | .Net agent | Instrument ASP.NET Core 2.x+ and Entity Framework Core 2.x+ apps (and others manually via the API) | [video](https://youtu.be/1EyF6JIST_0) |
1039 | | APM | Metrics | APM agents now collect language-specific metrics (for example Java heap memory and thread count) |  |
1040 | | ES | OpenID realm | OpenID Connect realm (authentication backbone used by Okta, Google, etc) added | [blog post](https://www.elastic.co/blog/a-deep-dive-into-elasticsearch-authentication-realms) |
1041 | | ES | Geo in SQL | Geographical queries through SQL statements |  |
1042 | | ES | Geo ranking | Use time or geographical distance (normalized) in the computation of the relevance ranking score | [blog post](https://www.elastic.co/blog/distance-feature-query-time-and-geo-in-elasticsearch-result-ranking) |
1043 | | ES | Type ahead | New search_as_you_type field type providing results from the field while the user is typing the query |  |
1044 | | ML | Data transforms | Data transforms enable to pivot (aggregate) an existing index to a secondary, summarized index, by batch or continuously |  | 
1045 | | K | SIEM | Dedicated UI for exploring and visualizing host and network-based data, made for investigation | [blog post](https://www.elastic.co/blog/introducing-elastic-siem), [building a SIEM](https://www.elastic.co/blog/elastic-siem-for-small-business-and-home-1-getting-started) |
1046 | | K | Metrics explorer | Navigate through most important infrastructure metrics and interact using tags and chart groupings | [blog post](https://www.elastic.co/blog/elastic-infrastructure-7-2-0-released) |
1047 | | K | Logs UI++ | Adding field pinning and quick filtering in the Logs UI | [blog post](https://www.elastic.co/blog/elastic-logs-7-2-0-released) |
1048 | | K | Feature control | Allows to hide and restrict applications and features (per Kibana Space) | [blog post](https://www.elastic.co/blog/introducing-kibana-feature-controls-curating-and-securing-feature-access) |
1049 | | K | ML Query bar | New query bar in the ML app to make it easier to search the anomaly results for specific influencers | [blog post](https://www.elastic.co/blog/find-influencers-faster-with-the-machine-learning-anomaly-explorer-query-bar) |
1050 | | K | Uptime integration | Provide bi-directional links between Uptime and Logs, Infrastructure, and APM | [blog post](https://www.elastic.co/blog/elastic-uptime-monitoring-7-2-0-released) |
1051 | | K | Snapshot repo UI | Snapshot repository management, in Kibana. Snapshot management is coming ;) |  |
1052 | | K | Saved Object restore | New API to export & import saved objects, including dependencies |  |
1053 | | K | Rollup in TSVB | Time Series Visual Builder now supports rollup index |  |
1054 | | K | Plugin API | New platform to develop plugins in Kibana | [blog post](https://www.elastic.co/blog/kibana-plugin-api-changes-in-7-2) |
1055 | 
1056 | ## 7.1
1057 | 
1058 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
1059 | | --- | --- | --- |
1060 | | 20 May 2019 | 31 Jul 2019 | 20 Nov 2020 |
1061 | 
1062 | Version-level references: [Blog post](https://www.elastic.co/blog/security-for-elasticsearch-is-now-free), [getting started](https://www.elastic.co/blog/getting-started-with-elasticsearch-security), [how to setup encryption](https://www.elastic.co/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash), [prevent breach](https://www.elastic.co/blog/how-to-prevent-elasticsearch-server-breach-securing-elasticsearch)
1063 | 
1064 | ## 7.0
1065 | 
1066 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
1067 | | --- | --- | --- |
1068 | | 10 Apr 2019 | 25 Jun 2019 | 10 Oct 2020 |
1069 | 
1070 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-7-0-0-released)
1071 | 
1072 | | Product | Feature | Description | References |
1073 | | --- | --- | --- | --- |
1074 | | B | ECS | Beats now use the new field naming convention Elastic Common Schema (ECS) | [blog post](https://www.elastic.co/blog/introducing-the-elastic-common-schema), [webinar](https://www.elastic.co/webinars/introducing-the-elastic-common-schema), [ECS doc](https://www.elastic.co/guide/en/ecs/current/index.html), [observability with ECS](https://www.elastic.co/blog/easier-observability-with-the-elastic-common-schema), [blog post](https://www.elastic.co/blog/migrating-to-elastic-common-schema-in-beats-environments) |
1075 | | B | AWS module | New metricbeat module to monitor AWS EC2 using Cloudwatch | [video](https://youtu.be/JO-1PhA7XuU), [blog post](https://www.elastic.co/blog/monitoring-aws-ec2-using-metricbeat-and-the-elastic-stack) |
1076 | | B | MSSQL module | New metricbeat module for Microsoft SQL Server | [blog post](https://www.elastic.co/blog/monitoring-microsoft-sql-server-using-metricbeat-and-elasticsearch) |
1077 | | B | OpenMetrics support | Deeper integration between Elastic Stack and Prometheus by support the OpenMetrics standard | [blog post](https://www.elastic.co/blog/elasticsearch-observability-embracing-prometheus-and-openmetrics-standards-for-metrics), [observability, by Elastic](https://www.elastic.co/blog/observability-with-the-elastic-stack), [Prometheus at scale](https://www.elastic.co/blog/prometheus-monitoring-at-scale-with-the-elastic-stack) |
1078 | | B | Zeek module | New ingestion module for Zeek (Bro) | [blog post](https://www.elastic.co/blog/collecting-and-analyzing-zeek-data-with-elastic-security) |
1079 | | L | Java execution | Logstash now executed in Java by default, for better performance, less memory and java plugins support | [blog post](https://www.elastic.co/blog/meet-the-new-logstash-java-execution-engine), [java plugins](https://www.elastic.co/blog/previewing-native-support-for-java-plugins-in-logstash) |
1080 | | ES | Typeless APIs | 6.0: no more than one type, 7.0: new typeless APIs, 8.0 will remove APIs that accept types | [blog post](https://www.elastic.co/blog/moving-from-types-to-typeless-apis-in-elasticsearch-7-0) |
1081 | | ES | Cluster coordination | New Zen2 cluster coordination which is faster, safer, and easier to use | [blog post](https://www.elastic.co/blog/a-new-era-for-cluster-coordination-in-elasticsearch) |
1082 | | ES | Circuit breaker | Adding a real memory circuit breaker which detects unserviceable requests to improve node resiliency | [blog post](https://www.elastic.co/blog/improving-node-resiliency-with-the-real-memory-circuit-breaker) |
1083 | | ES | Adaptive Replica Selection | Instead of basic round robin, ARS allows requests to be sent to the most available shard (and node) based on response time and queue size | [blog post](https://www.elastic.co/blog/improving-response-latency-in-elasticsearch-with-adaptive-replica-selection) |
1084 | | ES | Faster "top k" queries | Huge speed boost when retrieving only top k hits of a search query | [blog post](https://www.elastic.co/blog/faster-retrieval-of-top-hits-in-elasticsearch-with-block-max-wand) |
1085 | | ES | Function scoring | Script score queries provide a simpler, modular, and more flexible way to generate a ranking score per record | [blog post](https://www.elastic.co/blog/better-than-average-sort-by-best-rating-with-elasticsearch) |
1086 | | ES | New ranking | New field types to boost documents based on values that are relevant to the scoring | [blog post](https://www.elastic.co/blog/easier-relevance-tuning-elasticsearch-7-0) |
1087 | | ES | Nanosecond precision | Elasticsearch now supports anosecond precision in time fields, which allows high-frequency data collection  | [blog post](https://www.elastic.co/blog/journey-support-nanosecond-timestamps-elasticsearch) |
1088 | | ES | Helm charts | Elastic now provides helm charts for Elasticsearch and Kibana | [blog post](https://www.elastic.co/blog/alpha-helm-charts-for-elasticsearch-kibana-and-cncf-membership) |
1089 | | K | New UI | New navigation, dark mode, recent items, responsive, KQL by default... you'll love it! | [K7 release post](https://www.elastic.co/blog/kibana-7-0-0-released) |
1090 | 
1091 | ## 6.8
1092 | 
1093 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
1094 | | --- | --- | --- |
1095 | | 20 May 2019 | Ended | Ended |
1096 | 
1097 | Version-level references: [Blog post](https://www.elastic.co/blog/security-for-elasticsearch-is-now-free), [getting started](https://www.elastic.co/blog/getting-started-with-elasticsearch-security), [how to setup encryption](https://www.elastic.co/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash), [prevent breach](https://www.elastic.co/blog/how-to-prevent-elasticsearch-server-breach-securing-elasticsearch)
1098 | 
1099 | ## 6.7
1100 | 
1101 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
1102 | | --- | --- | --- |
1103 | | 26 Mar 2019 | Ended | Ended |
1104 | 
1105 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-6-7-0-released)
1106 | 
1107 | | Product | Feature | Description | References |
1108 | | --- | --- | --- | --- |
1109 | | K | Uptime UI | Active uptime monitoring of services & apps, based on Heartbeat | [blog post](https://www.elastic.co/blog/elastic-uptime-monitoring-solution-released), [video](https://youtu.be/42iNUC2gScw) |
1110 | | K | Maps | Dedicated solution for mapping, querying, and visualizing geospatial data | [blog post](https://www.elastic.co/blog/elastic-maps-beta-released), [new features](https://www.elastic.co/blog/top-10-new-elastic-maps-features), [Maps example](https://www.elastic.co/blog/how-to-use-elastic-maps-to-make-public-datasets-observable) |
1111 | | K | Frozen management | Frozen indices can be managed in ILM and index management |  |
1112 | | K | Localization | Localizing Kibana, starting with Chinese |  |
1113 | 
1114 | ## 6.6
1115 | 
1116 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
1117 | | --- | --- | --- |
1118 | | 29 Jan 2019 | Ended | Ended |
1119 | 
1120 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-6-6-0-released)
1121 | 
1122 | | Product | Feature | Description | References |
1123 | | --- | --- | --- | --- |
1124 | | B | Auditbeat module | Record host, process, socket & user activity on a host, using ECS | [blog post](https://www.elastic.co/blog/introducing-auditbeat-system-module) |
1125 | | B | Netflow input | Filebeat adds a new NetFlow input |  |
1126 | | L | Java plugins | Introducing native support for input, filter and output java plugins | [blog post](https://www.elastic.co/blog/previewing-native-support-for-java-plugins-in-logstash) |
1127 | | APM | OpenTracing | All agents now have [OpenTracing](https://opentracing.io/) compatible bridges | [blog post](https://www.elastic.co/blog/distributed-tracing-opentracing-and-elastic-apm), [W3C TraceContext](https://www.elastic.co/blog/elastic-apm-adopts-w3c-tracecontext) |
1128 | | APM | APM to Infra | When looking at a trace, you can jump to the host or container metrics and logs. This is Observability! |  |
1129 | | ES | Frozen indices | Frozen indices allow for a much higher ratio of disk storage to heap, at the expense of search latency | [blog post](https://www.elastic.co/blog/creating-frozen-indices-with-the-elasticsearch-freeze-index-api) |
1130 | | ES | SQL Date Histograms | Added support for date histograms via the SQL API |  |
1131 | | ML | Annotations | Create annotations to keep a record of actions taken, from the Kibana UI | [blog post](https://www.elastic.co/blog/augmenting-results-with-user-annotations-for-elastic-machine-learning) |
1132 | | K | ILM | managing indices lifecycle (hot/warm/cold/delete) from Kibana | [blog post](https://www.elastic.co/blog/implementing-hot-warm-cold-in-elasticsearch-with-index-lifecycle-management), [ILM to APM data](https://www.elastic.co/blog/how-to-apply-index-lifecycle-management-to-apm-data) and [ILM troubleshooting](https://www.elastic.co/blog/troubleshooting-elasticsearch-ilm-common-issues-and-fixes) |
1133 | | K | CCR UI | Two new interfaces to manage remote clusters and remote replication process | [5' video](https://youtu.be/jDt8IwXG398) |
1134 | | K | PNG export | Export dashboards as a PNG report |  |
1135 | | K | Upgrade to 7.0 | Prepare for an upgrade from Elasticsearch 6.x to Elasticsearch 7.0 | [blog post](https://www.elastic.co/blog/upgrading-the-elastic-stack-with-the-7-x-upgrade-assistant) |
1136 | | K | ES cluster | Kibana now allows the definition of multiple Elasticsearch nodes |  |
1137 | 
1138 | ## 6.5
1139 | 
1140 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
1141 | | --- | --- | --- |
1142 | | 14 Nov 2018 | Ended | Ended |
1143 | 
1144 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-6-5-0-released), [Video](https://youtu.be/dnmqoD0XP18)
1145 | 
1146 | | Product | Feature | Description | References |
1147 | | --- | --- | --- | --- |
1148 | | B | Central management | Enroll, configure, and manage Beats deployments from a central place using either the UI or API | [blog post](https://www.elastic.co/blog/introducing-beats-central-management-in-the-elastic-stack) |
1149 | | B | Functionbeat | Functionbeat is a new Beat that deploys as a function in serverless platform, and streams cloud infrastructure data to Elasticsearch | [blog post](https://www.elastic.co/blog/functionbeat-serverless-ingestion-for-elasticsearch) |
1150 | | APM | Distributed tracing | Distributed tracing gives an end-to-end trace on a request as it traverses multiple services | [video](https://youtu.be/Bz41KzRCM4g), [blog post](https://www.elastic.co/blog/distributed-tracing-opentracing-and-elastic-apm), [Distributed tracing](https://www.elastic.co/blog/how-to-instrument-a-polyglot-microservices-application-with-elastic-apm) |
1151 | | APM | Monitoring | APM monitoring lets you track the health of your Elastic APM deployments from the Kibana Monitoring app |  |
1152 | | ES | Cross Cluster Replication (CCR) | Synchronization of indices across clusters | [webinar](https://www.elastic.co/webinars/replicate-elasticsearch-data-with-cross-cluster-replication-ccr), [blog post](https://www.elastic.co/blog/follow-the-leader-an-introduction-to-cross-cluster-replication-in-elasticsearch), [another post](https://www.elastic.co/blog/cross-datacenter-replication-with-elasticsearch-cross-cluster-replication), [benchmark CCR](https://www.elastic.co/blog/benchmarking-elasticsearch-cross-cluster-replication), [bidirectional replication](https://www.elastic.co/blog/bi-directional-replication-with-elasticsearch-cross-cluster-replication-ccr) |
1153 | | ES | ODBC | Query Elasticsearch using the SQL API and the ODBC driver | [5' video](https://youtu.be/1KCw6DwS6Us) |
1154 | | ES | Minimal snapshots | 50% smaller snapshots with source-only (needs reindex though) | [doc](https://www.elastic.co/guide/en/elasticsearch/reference/6.5/modules-snapshots.html#_source_only_repository) |
1155 | | ML | Multi-bucket span | Detect anomalies that span multiple buckets and adjust anomaly score accordingly | [blog post](https://www.elastic.co/blog/changes-to-elastic-machine-learning-anomaly-scoring-in-6-5) |
1156 | | K | Canvas | Create and share live infographic style presentations of your Elasticsearch data | [getting started](https://www.elastic.co/blog/getting-started-with-canvas-in-kibana), [metrics and markdown](https://www.elastic.co/blog/kibana-canvas-metric-and-markdown-elements), [airport security](https://www.elastic.co/blog/monitoring-airport-security-operations-with-canvas-and-elasticsearch), [service KPIs](https://www.elastic.co/blog/cdl-visualising-the-power-of-data-with-canvas-and-elasticsearch), [bikes sharing](https://www.elastic.co/blog/eye-catching-canvas-dashboards-on-top-of-bike-sharing-data), [tables and debug](https://www.elastic.co/blog/kibana-canvas-data-table-and-debug-elements), [AMA booth](https://www.elastic.co/blog/elasticon-kibana-canvas-story-ama), [coffee machine](https://www.elastic.co/blog/elasticon-kibana-canvas-story-elasticoffee), [5' video](https://youtu.be/CLhtLNMALdQ), [demo video](https://youtu.be/fxA5GE1-V50), [preview at Elastic{ON}](https://youtu.be/NhJi-9DkvdI) |
1157 | | K | Spaces | Kibana Spaces organize your Kibana objects (for eg. visualizations and dashboards) into separate "spaces", and use RBAC to control which users have access to which space | [intro](https://www.elastic.co/blog/introducing-kibana-spaces-for-organization-and-security), [migration](https://www.elastic.co/blog/how-to-migrate-to-kibana-spaces), [5mn video](https://youtu.be/RUMi5HUsWxM) |
1158 | | K | Sample data | Several datasets (with dashboard, canvas, etc) are available to start playing around in Kibana! | [5mn video](https://youtu.be/qg5_k4ogpzY), [another one](https://youtu.be/32NbRQHHAYQ), the [flights dataset](https://youtu.be/hMFWu1NfNMU) and the [e-commerce dataset](https://youtu.be/6_DrY9_bVDY) |
1159 | | K | Rollup UI | Management UI to configure and manage and visualize rollup indices (for metrics) | [blog post](https://www.elastic.co/blog/how-to-create-manage-and-visualize-elasticsearch-rollup-data-in-kibana) |
1160 | | K | Data visualizer | This new UI (in ML tab) finds the structure of an uploaded file, generates the grok, ingest pipeline and mapping to eventually import data in Elasticsearch | [blog post](https://www.elastic.co/blog/importing-csv-and-log-data-into-elasticsearch-with-file-data-visualizer) and [earthquake data import](https://www.elastic.co/blog/aftershock-therapy-with-elasticsearch-and-csv-data-import), [5' video](https://youtu.be/MXyLqfMadQI) |
1161 | | K | Infra UI | The Infrastructure solution allows to easily navigate between logs and metrics activity on any specific host, pod, or container | [blog post](https://www.elastic.co/blog/elastic-infrastructure-app-released), [other post](https://www.elastic.co/blog/infrastructure-and-logs-ui-new-ways-for-ops-to-interact-with-elasticsearch), [6mn video](https://youtu.be/t4Ny-tcMES4), [preview at Elastic{ON}](https://youtu.be/NzHGDyAQ2_Y) |
1162 | | K | Logs UI | The Logs UI in Kibana displays live trail, like a `tail -f` combined with a grep | [blog post](https://www.elastic.co/blog/elastic-logs-app-released), [other post](https://www.elastic.co/blog/infrastructure-and-logs-ui-new-ways-for-ops-to-interact-with-elasticsearch) |
1163 | 
1164 | ## 6.4
1165 | 
1166 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
1167 | | --- | --- | --- |
1168 | | 23 Aug 2018 | Ended | Ended |
1169 | 
1170 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-6-4-0-released)
1171 | 
1172 | | Product | Feature | Description | References |
1173 | | --- | --- | --- | --- |
1174 | | B | Dissect processor | A new processor that's fast and performant, and brings more processing power to the edge device |  |
1175 | | L | Azure module | Monitoring your Azure cloud environment using the Elastic Stack is a single command away | [blog post](https://www.elastic.co/blog/azure-cloud-monitoring-with-the-elastic-stack) |
1176 | | APM | ML integration | Click a button in the APM app to enable Machine Learning jobs and start detecting anomalies on performance and errors |  |
1177 | | APM | Java agent | New APM agent for Java | [blog post](https://www.elastic.co/blog/elastic-apm-java-agent-beta-released), [custom instrumentation](https://www.elastic.co/fr/blog/create-your-own-instrumentation-with-the-java-agent-plugin), [perf tuning](https://www.elastic.co/blog/performance-tuning-of-the-elastic-apm-java-agent), [regression testing](https://www.elastic.co/fr/blog/regression-testing-your-java-agent-plugin), [plugin contrib](https://www.elastic.co/blog/a-cookbook-for-contributing-a-plugin-to-the-elastic-apm-java-agent), [5mn video](https://youtu.be/mm0sdldjeo0) and [other 5' video](https://youtu.be/X9r0sjBWdlA) and [java monitoring](https://www.elastic.co/blog/monitoring-java-applications-and-getting-started-with-the-elastic-apm-java-agent) |
1178 | | APM | RUM agent | Real User Monitoring | [blog post](https://www.elastic.co/blog/elastic-apm-rum-js-agent-is-generally-available), [another post](https://www.elastic.co/blog/performing-real-user-monitoring-rum-with-elastic-apm) |
1179 | | ES | Kerberos auth | Use Kerberos as authentication realm | [blog post](https://www.elastic.co/blog/how-to-secure-your-elasticsearch-clusters-using-kerberos) |
1180 | | ES | FIPS 140-2 | Elasticsearch now has the ability to run with a FIPS 140-2 enabled JVM | [blog post](https://www.elastic.co/blog/configuring-elasticsearch-in-a-fips-140-2-environment) |
1181 | | ES | Field alias | Create aliases on fields, no need to reindex anymore. Good to get prepared for [ECS](https://github.com/elastic/ecs) | [blog post](https://www.elastic.co/blog/introducing-field-aliases-in-elasticsearch) |
1182 | | ML | Custom rules | Custom rules for fine tuning machine learning results (to avoid learning or alerting on specific conditions) | [blog post](https://www.elastic.co/blog/how-to-capture-domain-knowledge-in-elastic-machine-learning-jobs-with-custom-rules) |
1183 | 
1184 | ## 6.3
1185 | 
1186 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
1187 | | --- | --- | --- |
1188 | | 13 Jun 2018 | Ended | Ended |
1189 | 
1190 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-6-3-0-released), [Video](https://youtu.be/q9R7r4ncaPY)
1191 | 
1192 | Opening the code of X-Pack: [Webpage](https://www.elastic.co/products/x-pack/open), [Blog post](https://www.elastic.co/blog/doubling-down-on-open) and [Elastic{ON} announcement](https://youtu.be/gR3OhOnCMf8)
1193 | 
1194 | | Product | Feature | Description | References |
1195 | | --- | --- | --- | --- |
1196 | | B | K8S and Docker autodiscovery | The Autodiscover feature allows logs & metrics to be captured automatically | [kubernetes observability](https://www.elastic.co/blog/kubernetes-observability-tutorial-k8s-metrics-collection-and-analysis), [blog post](https://www.elastic.co/blog/docker-and-kubernetes-hints-based-autodiscover-with-beats), [another one](https://www.elastic.co/blog/monitoring-kubernetes-and-docker-containers-with-beats-logs-metrics-and-metadata), [Amazon EKS monitoring](https://www.elastic.co/blog/observability-monitoring-amazon-eks-logs-and-metrics-with-the-elastic-stack), [video](https://youtu.be/1-iUoWGfByE), [5' video](https://youtu.be/585ig9iuqI4) |
1197 | | B | syslog input | Send logs to Filebeat using syslog over UDP or TCP | [blog post](https://www.elastic.co/blog/brewing-in-beats-syslog-input-in-filebeat) |
1198 | | L | Connecting pipelines | Multi-staged processing pipelines can connect pipelines within a Logstash process |  |
1199 | | APM | Watcher integration | Receive alerts on errors (in APM data) |  |
1200 | | ES | SQL | Query Elasticsearch using the SQL language, coming with a JDBC driver | [part 1](https://www.elastic.co/blog/an-introduction-to-elasticsearch-sql-with-practical-examples-part-1) and [part 2](https://www.elastic.co/blog/an-introduction-to-elasticsearch-sql-with-practical-examples-part-2) |
1201 | | ES | Rollups | Take historic data and generate aggregate statistics. Very useful for metrics in particular | [video](https://youtu.be/I5-9x_pQ-Y0) |
1202 | | ML | CCS support | Machine Learning jobs now support Cross Cluster Search |  |
1203 | | K | Auto complete | Auto complete added in the Kibana Discover query bar | [blog post](https://www.elastic.co/blog/improving-kibanas-query-language) |
1204 | | K | Index Management UI | Browse indices, see details about an individual, and change some options (close, force merge, clear cache, etc.) directly from the UI |  |
1205 | 
1206 | ## 6.2
1207 | 
1208 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
1209 | | --- | --- | --- |
1210 | | 6 Feb 2018 | Ended | Ended |
1211 | 
1212 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-6-2-0-released)
1213 | 
1214 | | Product | Feature | Description | References |
1215 | | --- | --- | --- | --- |
1216 | | B | Monitoring | Monitor Beats health in a new Kibana UI |  |
1217 | | B | Keystore | Hide passwords from configuration files using a secure keystore | [blog post](https://www.elastic.co/blog/brewing-in-beats-password-keystore) |
1218 | | L | Keystore | Hide passwords from configuration files using a secure keystore |  |
1219 | | L | JDBC static filter |  |  |
1220 | | ES | Rank Evaluation | Track how rankings of expected results is measured against specific queries | [blog post](https://www.elastic.co/blog/made-to-measure-how-to-use-the-ranking-evaluation-api-in-elasticsearch) |
1221 | | ES | SAML support | Get access to the Elastic Stack with the introduction of SAML support | [blog post](https://www.elastic.co/blog/how-to-enable-saml-authentication-in-kibana-and-elasticsearch), [SAML on Azure](https://www.elastic.co/blog/saml-based-single-sign-on-with-elasticsearch-and-azure-active-directory), [SAML with ADFS](https://www.elastic.co/blog/how-to-configure-elasticsearch-saml-authentication-with-adfs) |
1222 | | ML | Calendar setting | Skip analyzing the data during scheduled events (entered manually or imported via ics) |  |
1223 | | K | Vega | Support for Vega & Vega lite visualizations | [getting started](https://www.elastic.co/blog/getting-started-with-vega-visualizations-in-kibana), [blog post](https://www.elastic.co/blog/custom-vega-visualizations-in-kibana), [sankey viz](https://www.elastic.co/blog/sankey-visualization-with-vega-in-kibana) |
1224 | 
1225 | ## 6.1
1226 | 
1227 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
1228 | | --- | --- | --- |
1229 | | 13 Dec 2017 | Ended | Ended |
1230 | 
1231 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-6-1-0-released)
1232 | 
1233 | | Product | Feature | Description | References |
1234 | | --- | --- | --- | --- |
1235 | | B | TLS support | Packetbeat adds support for the TLS protocol to inspect the TLS enveloppe |  |
1236 | | L | Ruby filter | Complex modification of events in Logstash is now possible via the Logstash Ruby filter |  |
1237 | | APM | New! | APM released, with server, agents and UI | [blog post](https://www.elastic.co/blog/elastic-apm-beta-released), [python agent](https://www.elastic.co/blog/creating-custom-framework-integrations-with-the-elastic-apm-python-agent) |
1238 | | ES | Split API | Each original primary shard is split into two, or more, primary shards in the new index, as a companion to the Shrink Index API |  |
1239 | | ES | Composite agg | The composite aggregation is designed to return all terms and sorted in 'natural order' | [blog post](https://www.elastic.co/blog/composite-aggregations-elasticsearch-pizza-delivery-metrics) |
1240 | | ML | Forecasting | Based on the past, what values would you expect in the future | [blog post](https://www.elastic.co/blog/elasticsearch-machine-learning-on-demand-forecasting), [video](https://youtu.be/wJVgh5knV4E) |
1241 | | K | Input control | Input control visualization components allow users to select particular values and guide to important filtering values for a dashboard | [blog post](https://www.elastic.co/blog/interactive-inputs-on-kibana-dashboards), [video](https://youtu.be/W1w76rysykI) |
1242 | 
1243 | ## 6.0
1244 | 
1245 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
1246 | | --- | --- | --- |
1247 | | 14 Nov 2017 | Ended | Ended |
1248 | 
1249 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-6-0-0-released), [Video (FR)](https://youtu.be/mL-2Uorq9-k)
1250 | 
1251 | | Product | Feature | Description | References |
1252 | | --- | --- | --- | --- |
1253 | | B | Docker & K8S | Logs and metrics out of Kubernetes and Docker | [docker](https://www.elastic.co/blog/enrich-docker-logs-with-filebeat), [kubernetes](https://www.elastic.co/blog/shipping-kubernetes-logs-to-elasticsearch-with-filebeat), [5mn video](https://youtu.be/4E3-k0eFcj0) |
1254 | | B | Auditbeat | A new beat to capture auditd (based on the Linux audit framework) | [blog post](https://www.elastic.co/blog/introducing-auditbeat-ship-linux-audit-logs-to-elasticsearch), [use ML](https://www.elastic.co/blog/analysing-linux-auditd-anomalies-with-auditbeat-and-elastic-stack-machine-learning) |
1255 | | L | Multiple pipelines | Run multiple pipelines concurrently for different use cases in the same instance, with centralized pipeline management, pipeline viewer and a conversion tool from ingest pipelines! | [blog post](https://www.elastic.co/blog/logstash-multiple-pipelines), [maintainable pipelines](https://www.elastic.co/blog/how-to-create-maintainable-and-reusable-logstash-pipelines), [management UI](https://www.elastic.co/blog/logstash-centralized-pipeline-management), [pipeline viewer](https://www.elastic.co/blog/logstash-pipeline-viewer-6-0) and [conversion tool](https://www.elastic.co/blog/ingest-node-to-logstash-configuration-converter), [doc](https://www.elastic.co/guide/en/logstash/6.0/multiple-pipelines.html) |
1256 | | ES | Rolling upgrade | Upgrade a cluster without a cluster restart (from 5.6.3 to 6.x) |  |
1257 | | ES | Faster restart | Faster Restarts and Recoveries using operations-based shard recovery (using sequence IDs) | [blog post](https://www.elastic.co/blog/elasticsearch-sequence-ids-6-0) |
1258 | | ES | Sparse data | sparse fields (with no data) in doc-values will be significantly smaller | [blog post](https://www.elastic.co/blog/minimize-index-storage-size-elasticsearch-6-0) |
1259 | | ES | Distributed alerting | Distributed watch execution moves watch execution to the nodes that hold the shards of the watcher index | [Blog post](https://www.elastic.co/blog/distributed-watch-execution-elasticsearch-6.0) |
1260 | | ES | Removal of types | Indices now have only a single mapping type | [blog post](https://www.elastic.co/blog/removal-of-mapping-types-elasticsearch), [another](https://www.elastic.co/blog/kibana-6-removal-of-mapping-types), [doc](https://www.elastic.co/guide/en/elasticsearch/reference/6.0/removal-of-types.html) |
1261 | | ES | Security | We no longer use `changeme` as a default password! And TLS/SSL between nodes is required when security is enabled | [blog post](https://www.elastic.co/blog/default-security-for-elasticsearch-and-the-elastic-stack), [another](https://www.elastic.co/blog/default-password-removal-elasticsearch-and-x-pack-6-0), [TLS](https://www.elastic.co/blog/tls-elastic-stack-elasticsearch-kibana-logstash-filebeat) | 
1262 | | K | Kuery Language | Try out the new Kibana Query Language | [blog post](https://www.elastic.co/blog/building-a-better-search-experience-in-kibana) |
1263 | | K | CSV export | Search in Discovery then export matching documents as a CSV file via the reporting menu | [video](https://youtu.be/Jd8-A3fIGjo) |
1264 | | K | Watcher UI | New UI for creating and editing alerts based on thresholds | [blog post](https://www.elastic.co/blog/creating-a-threshold-alert-in-elasticsearch-is-simpler-than-ever) |
1265 | | K | Full screen & dashboard only | Enter full screen mode when viewing a dashboard and only share dashboards to users | [blog post](https://www.elastic.co/blog/kibana-dashboard-only-mode), [video](https://youtu.be/lZoSL1usU_Y) |
1266 | | K | Cluster Alerts | Alerts on Monitoring Email Notifications and License Expiration |  |
1267 | 
1268 | ## 5.6
1269 | 
1270 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
1271 | | --- | --- | --- |
1272 | | 11 Sep 2017 | Ended | Ended |
1273 | 
1274 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-5-6-0-released)
1275 | 
1276 | | Product | Feature | Description | References |
1277 | | --- | --- | --- | --- |
1278 | | L | Modules | Logstash modules enable easy setup of Logstash configuration, index mapping in Elasticsearch & Kibana dashboards. Starting with two modules for Netflow and Arcsight  | [Arcsight module](https://www.elastic.co/blog/integrating-elasticsearch-with-arcsight-siem-part-1), [doc](https://www.elastic.co/guide/en/logstash/5.6/logstash-modules.html) |
1279 | | ES | Rolling upgrade | Upgrade a cluster without a cluster restart (starting from 5.6.3) |  |
1280 | | ES | Java High-level client | New Java high-level REST client (built on top of the low-level client) accepts objects for the most important APIs | [blog post](https://www.elastic.co/blog/the-elasticsearch-java-high-level-rest-client-is-out) |
1281 | | ES | Join datatype | New way to specify parent/child relationships without needing types | [doc](https://www.elastic.co/guide/en/elasticsearch/reference/5.6/parent-join.html) |
1282 | | K | Migration assistant | Prepare upgrades by inspecting breaking changes to index, cluster settings, etc |  |
1283 | 
1284 | ## 5.5
1285 | 
1286 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
1287 | | --- | --- | --- |
1288 | | 6 Jul 2017 | Ended | Ended |
1289 | 
1290 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-5-5-0-released)
1291 | 
1292 | | Product | Feature | Description | References |
1293 | | --- | --- | --- | --- |
1294 | | L | Queueing | Dead Letter Queues enables local queueing in Logstash (when using Elasticsearch output) |  |
1295 | | ES | MSI installer | Windows MSI Installer for Elasticsearch with both GUI and silent installation support |  |
1296 | | ML | Monitoring | Monitor assigned nodes, number of processed documents, and a job's state over time |  |
1297 | | K | Filter editor | New filter editors (drop-downs, text-boxes) in Discover |  |
1298 | | K | Regions in maps | The Elastic Maps Service now supports region maps | [blog post](https://www.elastic.co/blog/visualizing-france-salary-data-with-region-maps-in-kibana), [another](https://www.elastic.co/blog/region-maps-gauge-kibana), [5' video](https://youtu.be/-ISaOx6u9rs) |
1299 | | K | Grok debugger | Debug grok patterns (from Logstash or ingest pipelines) in Kibana | [video](https://youtu.be/SKSqPRwDfns) and [blog post](https://www.elastic.co/blog/debugging-broken-grok-expressions-in-elasticsearch-ingest-processors) |
1300 | | K | CCS support | Index Patterns can now point to indices from remote clusters using cross cluster search feature |  |
1301 | 
1302 | 
1303 | ## 5.4
1304 | 
1305 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
1306 | | --- | --- | --- |
1307 | | 4 May 2017 | Ended | Ended |
1308 | 
1309 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-5-4-0-released)
1310 | 
1311 | | Product | Feature | Description | References |
1312 | | --- | --- | --- | --- |
1313 | | B | Modules | Modules for JMX (using Jolokia) to monitor Java applications, Linux auditd and system authentication logs | [blog post](https://www.elastic.co/blog/monitoring-java-applications-with-metricbeat-and-jolokia) |
1314 | | ML | New! | Machine Learning makes it easy to detect anomalies (spot infrastructure problems, cyber attacks, or business issues) by automatically modeling the normal behavior of time series data | [blog post](https://www.elastic.co/blog/introducing-machine-learning-for-the-elastic-stack), [scoring](https://www.elastic.co/blog/machine-learning-anomaly-scoring-elasticsearch-how-it-works), [span](https://www.elastic.co/blog/explaining-the-bucket-span-in-machine-learning-for-elasticsearch), [sizing](https://www.elastic.co/blog/sizing-machine-learning-with-elasticsearch) |
1315 | | K | Time Series Visual Builder | Time Series Visual Builder (TSVB) combines pipeline aggregations and a new UI for interacting with, and designing visualizations from, time series data | [getting started](https://www.elastic.co/blog/master-time-with-kibanas-new-time-series-visual-builder), [other post](https://www.elastic.co/blog/visualizing-observability-with-kibana-event-rates-and-rate-of-change-in-tsvb), [annotations](https://www.elastic.co/blog/time-series-annotations-and-anomalies-with-kibana), [demo](https://www.elastic.co/elasticon/conf/2017/sf/kibana-visualizations-deep-dive), [video part1](https://youtu.be/CNR-4kZ6v_E), [video part2](https://youtu.be/CvorsH3x7Z8), [video part3](https://youtu.be/xkluflzhpAw), [blog post](https://www.elastic.co/blog/how-to-display-data-as-a-percentage-in-kibana-visualizations) |
1316 | | K | Watcher UI | Watcher UI allows you to do basic operations on watches |  |
1317 | 
1318 | ## 5.3
1319 | 
1320 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
1321 | | --- | --- | --- |
1322 | | 28 Mar 2017 | Ended | Ended |
1323 | 
1324 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-5-3-0-released)
1325 | 
1326 | | Product | Feature | Description | References |
1327 | | --- | --- | --- | --- |
1328 | | B | Filebeat modules | Introducing modules (filebeat config, ES template and K dashboards) for Apache2, MySQL, Nginx, and System | [blog post](https://www.elastic.co/blog/how-to-monitor-nginx-web-servers-with-the-elastic-stack), [video](https://youtu.be/K-jVrLMOd-g) |
1329 | | B | Dynamic config reload | Dynamic configuration reloading makes it possible to change any module configuration on the fly without restarting the Beat |  |
1330 | | ES | CCS | Cross-cluster search, aka searching across multiple clusters, replacing the tribe node | [blog post](https://www.elastic.co/blog/tribe-nodes-and-cross-cluster-search-the-future-of-federated-search-in-elasticsearch) |
1331 | 
1332 | 
1333 | ## 5.2
1334 | 
1335 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
1336 | | --- | --- | --- |
1337 | | 31 Jan 2017 | Ended | Ended |
1338 | 
1339 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-5-2-0-released)
1340 | 
1341 | | Product | Feature | Description | References |
1342 | | --- | --- | --- | --- |
1343 | | B | Heartbeat | Heartbeat periodically checks the status of services (availability and round-trip-time) | [blog post](https://www.elastic.co/blog/uptime-monitoring-with-heartbeat-and-the-elastic-stack) |
1344 | | B | Prometheus exporter | Prometheus module that collects metrics from the Prometheus exporters |  |
1345 | | K | LS Monitoring UI | New monitoring UI with nice graphs and historical data to track changes in your production Logstash instances |  [blog post](https://www.elastic.co/blog/monitoring-logstash-filters), [video](https://youtu.be/Ahfymloitjk) |
1346 | | K | Heatmaps | Heatmaps are great to pick out an area of high or low volume in time series data | [blog post](https://www.elastic.co/blog/awesome-new-kibana-visualizations-heatmap-and-point-series) |
1347 | 
1348 | ## 5.1
1349 | 
1350 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
1351 | | --- | --- | --- |
1352 | | 8 Dec 2016 | Ended | Ended |
1353 | 
1354 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-5-1-1-released)
1355 | 
1356 | | Product | Feature | Description | References |
1357 | | --- | --- | --- | --- |
1358 | | B | Docker module | Periodically collect container metrics from cgroup | [blog post](https://www.elastic.co/blog/monitoring_container_resource_usage_with_metricbeat), [metadata enrichment](https://www.elastic.co/blog/brewing-in-beats-enrich-events-with-docker-metadata) |
1359 | | B | Kafka module | Connects to the local Kafka node and reads periodically details about the partitions | [blog post](https://www.elastic.co/blog/monitoring-kafka-with-elasticsearch-kibana-and-beats) and [kafka monitoring](https://www.elastic.co/blog/how-to-monitor-containerized-kafka-with-elastic-observability) |
1360 | | L | Presistent queues | Inbuilt persistent queues enable Logstash to persist events before processing them | [blog post](https://www.elastic.co/blog/logstash-persistent-queue), [with parallel pipelines](https://www.elastic.co/blog/using-parallel-logstash-pipelines-to-improve-persistent-queue-performance) |
1361 | | L | Truncate | Truncate is a new filter that allows you to truncate fields longer than a given byte-length |  |
1362 | | ES | Faster reindexing | Reindex can now perform their tasks in parallel automatically |  |
1363 | | K | Tag cloud | New visualization displaying tags (words) as a cloud |  |
1364 | | K | Advanced monitoring | Advanced view in monitoring and more charts in index and node views |  |
1365 | | K | Search profiler | Get detailed information about the parts of your queries that take time |  |
1366 | 
1367 | ## 5.0
1368 | 
1369 | | Release date | [End of Maintenance](https://www.elastic.co/support/eol) | [End of Support](https://www.elastic.co/support/eol) |
1370 | | --- | --- | --- |
1371 | | 26 Oct 2016 | Ended | Ended |
1372 | 
1373 | Version-level references: [Blog post](https://www.elastic.co/blog/elastic-stack-5-0-0-released), [Intro video](https://youtu.be/_XPCb9FdgNs), [Feature tour](https://youtu.be/ttO6_BRSEE4), [Kibana 5 video](https://youtu.be/TBvlDrt7b70)
1374 | 
1375 | "ELK" becomes "The Elastic Stack", see [Webpage](https://www.elastic.co/elk-stack) 
1376 | 
1377 | | Product | Feature | Description | References |
1378 | | --- | --- | --- | --- |
1379 | | B | Metricbeat | Metricbeat replaces Topbeat as the primary tool for collecting metrics |  |
1380 | | B | Kafka output | Native Kafka output support in Beats |  |
1381 | | L | Monitoring | New monitoring feature provides runtime visibility into the Logstash pipeline  |  |
1382 | | ES | Ingest node | Ingest Node is an Elasticsearch node type enabling some data enrichment capabilities at index time | [blog post](https://www.elastic.co/blog/new-way-to-ingest-part-1), [CSV ingest](https://www.elastic.co/blog/indexing-csv-elasticsearch-ingest-node) |
1383 | | ES | Painless scripting | New scripting language for query, alert, reindex, or in an ingest node for a powerful way to manipulate documents | [blog post](https://www.elastic.co/blog/painless-a-new-scripting-language), [video](https://youtu.be/3FLEJJ8PsM4) |
1384 | | ES | Keyword field | Analyzed and not-analysed string fields have been replaced by dedicated `text` fields for full text search, and `keyword` fields for string identifier search, sorting, and aggregations |  |
1385 | | ES | Shrink API | Shrink an existing index into a new index with fewer primary shards |  |
1386 | | ES | Rollover API | Rolls an alias over to a new index when too large or too old | [blog post](https://www.elastic.co/blog/managing-time-based-indices-efficiently) |
1387 | | ES | Java Low-level client | A simple low-level Java HTTP/REST client |  |
1388 | | ES | Benchmarking | We open sourced our Elasticsearch benchmarking tool Rally | [doc](https://github.com/elastic/rally) |
1389 | | K | Timelion | New visualization tool with query DSL and interesting math functions and rendering capabilities | [getting started](https://www.elastic.co/blog/timelion-tutorial-from-zero-to-hero), [blog post](https://www.elastic.co/blog/sparse-timeseries-and-timelion), [another](https://www.elastic.co/blog/mining-earthquake-data-with-kibana-5-and-timelion), [video](https://youtu.be/cfTehOJScL4) |
1390 | | K | Console | Build free-form requests to Elasticsearch from Kibana (replacing Sense) |  |
1391 | | K | Security UI | Management UI in Kibana for creating and managing both users and roles |  |
1392 | | K | Kibana monitoring | Monitoring for Kibana as part of the monitoring (Marvel) UI |  |
1393 | | K | Scripted fields | Create computed scripted fields in Kibana using Painless | [video](https://youtu.be/BhmpDtS7g28) |
1394 | 
1395 | ## Authors
1396 | 
1397 | * **Vincent Maury** - *Initial commit* - [blookot](https://github.com/blookot)
1398 | 
1399 | ## Disclamer
1400 | 
1401 | This is an unofficial informative document. Vincent Maury or Elastic cannot be held responsible for erroneous information. Official information can be found on the only official [Elastic website](https://www.elastic.co).
1402 | 
1403 | ## License
1404 | 
1405 | This project is licensed under the Apache 2.0 License - see the [LICENSE.md](LICENSE.md) file for details
1406 | 


--------------------------------------------------------------------------------