Obtén información sobre las características mediante demostraciones y anuncios, desde replicación entre clusters e índices congelados en Elasticsearch hasta Kibana Spaces y el conjunto de integraciones de datos en constante crecimiento en Beats y Logstash.

1. Andrés Rodríguez
Team Lead
The Elastic Stack Multiplier

2. Elasticsearch Kibana

3. Enterprise Search Observability Security
Elasticsearch Kibana

6. Data Management
Data Analysis
Actions & Alerting

7. Data Management

9. Hot Warm Cold
Snapshot

10. Hot Warm Cold
Snapshot Lifecycle Management
Index Lifecycle Management

11. myindex
myindex-01
Alias

12. myindex
myindex-01
Alias
myindex-02

13. myindex-03
myindex
myindex-01
Alias
myindex-02

14. myindex-03
myindex
myindex-01
Datastream
myindex-02
• Auto-create from templates
• Smarter rollups
• Smarter query routing
• Smarter index management

15. Hot Warm Cold
Snapshot
$$ $

16. Improved Memory Usage
Improved Disk Usage

17. Heap File system cache
Disk
< 30GB

18. Heap File system cache
Disk

19. Heap File system cache
Disk

20. Heap File system cache
Disk
6TB
10GB

21. Heap File system cache
Disk
6TB
1.5GB

22. Disk

23. Disk

24. Archive
Disk
Cold

25. Doc Values
Stored Fields
Term Dictionary
Term Proximity
Normalization Factors
Point Values
Meta Lookup

26. Doc Values
Stored Fields
Term Dictionary
Term Proximity
Normalization Factors
Point Values
Meta Lookup

27. Archive
Disk
Frozen

28. Archive
Disk
Frozen

29. Smarter Query Routing

30. SELECT *
FROM logs-*
WHERE region = “us-east”
AND service = “mysql”
AND @timestamp > “2020-01-01”
ORDER BY @timestamp DESC
LIMIT 20

31. SELECT *
FROM logs-*
WHERE region = “us-east”
AND service = “mysql”
AND @timestamp > “2020-01-01”
ORDER BY @timestamp DESC
LIMIT 20

32. SELECT *
FROM logs-*
WHERE region = “us-east”
AND service = “mysql”
AND @timestamp > “2020-01-01”
ORDER BY @timestamp DESC
LIMIT 20
WHERE region = “us-east”
AND service = “mysql”
const_keyword fields

33. WHERE region = “us-east”
AND service = “mysql”
AND @timestamp > “2020-01-01” AND @timestamp > “2020-01-01”
Range normalization

34. AND @timestamp > “2020-01-01”
ORDER BY @timestamp DESC
LIMIT 20
Sorted execution

35. Teaching Kibana patience

36. Elasticsearch is built for speed
• Every field is indexed
• Indexes built at ingest
• Denormalized data, no joins
• Distributed execution
But needs disk, cpu, memory!

37. Warm
Cold
More data, for longer
Cheap nodes
Remote file store
Frozen

38. 408 Request Time-out

41. Possibilities…
(How I learned to love the bomb)

42. Find users who:
• in the previous 12 months
• have used an application
• on today’s Malicious Apps list
• with param “powershell.exe”

43. Find users who:
• in the previous 12 months
• have used an application
• on today’s Malicious Apps list
• with param “powershell.exe”
Limited Join
}

44. Find users who:
• in the previous 12 months
• have used an application
• on today’s Malicious Apps list
• with param “powershell.exe”
Schema on Read}

45. Data Analysis

46. Speaking your language

47. GET logs-*/_search
{
“query”: {
“bool”: {
“filter”: {
“range”: {
“@timestamp”: {
“gte”: “2020-01-01”,
“lt”: “2020-02-01”
}
}
}
}
}
}

48. SELECT *
FROM logs-*
WHERE @timestamp
BETWEEN “2020-01-01”
AND “2020-02-01”
SQL

49. @timestamp >= "2020-01-01" AND @timestamp < "2020-02-01"
KQL

50. GET /api/v1/query_range?
start=2020-01-01T00:00:00Z
&end=2020-02-01T00:00:00Z
&query=node_network_receive_bytes_total{device="eth1"}
PromQL

51. sequence by unique_pid
[process where process_name in
("mshta.exe", "rundll32.exe")]
[image_load where image_name in
("jscript9.dll", "winhttp.dll")]
EQL

53. 53

54. 54

55. 55

56. 56

57. Actions & Alerting

64. Task Manager Alerting Actions
API

65. 65

67. 67

68. 68

69. 69

71. Enterprise Search Observability Security
Elasticsearch Kibana

72. Closing
Thank You!