Elasticsearch highlights

edit

This list summarizes the most important enhancements in Elasticsearch 7.13. For the complete list, go to Elasticsearch release highlights.

Frozen tier is now GA

edit

The frozen tier and partially mounted indices, formerly known as shared cache searchable snapshots, are now generally available. We these features as technical previews in 7.12. See the 7.12 announcement.

Index runtime fields

edit

Runtime fields let you dynamically create fields from other fields and document properties at query time. These query-time runtime fields optimize for flexibility over speed, letting you change them at any time.

With 7.13, you can now also create index-time runtime fields, trading flexibility for better query performance. See Index a runtime field.

Match IPv4 and IPv6 addresses against CIDR ranges in Painless

edit

Painless expressions can now match IPv4 and IPv6 addresses against CIDR ranges. This is useful for classifying and grouping IP addresses in security and monitoring use cases. This feature is available in all contexts, including runtime fields, ingest, search, and aggregations.

For example:

CIDR myCidrRange = new CIDR('10.1.1.0/25');
myCidrRange.contains('10.1.1.127'); // true
myCidrRange.contains('10.1.1.129'); // false

myCidrRange = new CIDR('2001:0db8:85a3::/64');
myCidrRange.contains('2001:0db8:85a3:0000:0000:8a2e:0370:7334'); // true
myCidrRange.contains('2001:0db8:85a3:0001:0000:8a2e:0370:7334'); // false

New combined_fields query type

edit

7.13 introduces the combined_fields query, a new DSL query type for searching multiple text fields as a combined field. You can use the combined_fields query as a simpler alternative to the multi_match query’s cross_fields type option. See the combined_fields query documentation.

Faster terms aggregations

edit

We’ve significantly improved the speed of the terms aggregation when:

  • It has no parent or child aggregations.
  • Target indices have no deleted documents or were recently merged.
  • You don’t use document-level security.
  • There’s no top-level query.
  • The field has global ordinals, such as a keyword or ip field.
  • There are fewer than a thousand distinct terms.

Many time series use cases are likely to meet these criteria, particularly for data in the cold or frozen tier.

Data frame analytics and inference are generally available

edit

The ability to train outlier detection, regression, and classification models and then use those models to infer against incoming data becomes generally available in 7.13.

Trained model aliases

edit

To simplify the deployment and upgrade of trained models, the concept of model aliases is introduced in 7.13. When using a model_alias in an ingest pipeline, it is now possible to make changes to the underlying referenced model without having to update the pipeline. The underlying referenced model changes in place for all ingest pipelines automatically when the new model is loaded into cache.