6 Brand new upgrade experience • New Upgrade Assistant (UI & API) • Zero downtime upgrades ‒Rolling restarts from latest 5.x to 6.x ‒Cross-cluster search across major version Upgrades just got oh so simpler
7 Space-saving columnar store • Better for storing sparse fields • Save on disk space & file system cache Tapping into Lucene 7 goodness (sparse doc value) user first middle last age phone johns Alex Smith jrice Jill Amy Rice 508.567.121 1 mt123 Jeff Twain 56 sadams Sue Adams adoe Amy Doe 31 lp12 Liz Potter
8 Much speedier sorted queries Tapping into Lucene 7 goodness (index sorting) Player 1 Score: 600 5.x Query for top 3 player scores Player 2 Score: 0 Player 3 Score: 200 Player 4 Score: 700 Player 5 Score: 300 Player 1907 Score: 800 ... Query for top 3 player scores ... Player 1907 Score: 800 Player 4 Score: 700 Player 1 Score: 600 Player 5 Score: 300 Player 3 Score: 200 Player 2 Score: 0 6.x Sort at index time vs. query time Optimize on-disk format for some use cases Improve query performance at the cost of index performance
9 Large Improvements to Replication • Limit syncs to only changed documents (instead of file-based recovery) • Fast replica recovery after temporary unavailability (network issues, etc.) • Re-sync on primary failure • Laying foundation for future big league features ‒Cross-datacenter replication ‒Changes API (tbd) New operation-based approach to recovery (sequence numbers)
10 Breaking changes • Improved tools to handle breaking changes ‒Deprecation logging ‒Upgrade Assistant (UI & APIs) • Refer to Release Notes for complete list • Test, test, test Because major releases is time for major cleanup
11 Simpler data models with type removal • Breaking change • Gradual migration path ‒ 6.0 indices can be created with only one type ‒ Existing 5.x indices using _type will continue to function • Introducing new APIs for type-less operations Say goodbye to _type confusion
12 Some interesting changes • Rename template to index_patterns in _template • Content-Type detection disabled • Set explicit Content-Type in request header • Deprecation of _all • _all can no longer be configured for indices in 6.0 • Use all_fields in query
13 Some interesting changes • <= 2.x indices need to be reindexed • Re-index into 5.x or 6.0 cluster • Deprecate Groovy, Python, Javascript lang plugin • Rewrite scripts in plainless • Java High Level REST Client • Starting from version 5.6.0 a new Java client has been released.
14 Distributed watch execution • Watches are no longer executed on only the master node • They are executed on nodes which hold shards of the .watches index • Configure all or specific nodes dedicated to watch execution X-Pack feature (Gold)
16 What's new in 6.1? • Index Splitting • Original primary shard is split into some primary shard in new index • Composite Aggregation • Designed to return ALL terms and sorted in ‘natural order’ • Improve indexing throughput • Simple change of _fields metafield • Scripted Similarity • Custom similarity has become much easier
22 6.0 starts Kibana on the accessibility path • High contrast color scheme • Keyboard accessibility • Screen reader support • More improvements on the way Accessibility improvements
24 Kibana now supports multiple query languages • Lucene Query Language (default) • Kuery (off by default, experimental in 6.0) • ... perhaps others in the future We want your feedback! • Enable Kuery from Advanced Settings More ways to query with Kuery Consistent syntax and simple to get started
25 Get e-mail alerts on Cluster Alerts • Cluster Alerts are built-in Watches for cluster issues • Get e-mails when Cluster Alerts get triggered and resolved • Add admin e-mail in Kibana Advanced Settings X-Pack feature (Gold)
31 • Run multiple, distinct workloads on a single Logstash JVM • Simplify dataflow logic by managing per data source logic independently • Monitor each pipeline separately with the new Pipeline Viewer Multiple Pipelines, One Logstash Logstash JDBC Pipeline Netflow Pipeline Apache Pipeline
32 • Visualize pipeline topologies as graphs • Reveal bottlenecks at the plugin level • Optimize dataflow with better metrics • Integrated with Monitoring UI Zoom in on your Pipelines Pipeline Viewer X-Pack feature (Basic, free)
38 • New Kubernetes module in Metricbeat ‒ CPU, memory, bytes on network and more. • New processor to add_docker_metadata ‒ Container ID, name, image, labels • New processor to add_kubernetes_metadata ‒ Pod name, pod namespace, container name, pod labels Beats <3 containerization Monitor your Docker and Kubernetes deployments with ease
41 • Skip the hassle of parsing auditd logs ‒ Auditbeat subscribes to the kernel directly • Reuse auditd rule formats (no need to learn new rule formats) • Plus, file integrity checks on Linux, macOS, and Windows ‒ Watch files or directories (non-recursively) for changes ‒ Report file metadata and MD5, SHA1, SHA256 hashes on changes Auditbeat - a simpler way to track audit logs An alternative to auditd on Linux
42 • Index pattern versions • Simpler configuration ‒ Module commands and configuration files ‒ module.d directory ‒ ./metricbeat module enable system ‒ Dashboards are easier to load and packaged with the Beat And moar awesome all around
43 In 6.1? • Docker Autodiscovery • New Metricbeat and Filebeat modules • Metricbeat: Graphite, HTTP server metricset, Etcd, Logstash, System uptime, Windows service, OSD tree, RabbitMQ queue metricset • Filebeat: Logstash, Postgres, Kafka • TLS support in Packetbeat
johtani
oracle4engineer
shinrinakamura
line_developers_tw
codmoninc
sadonosake
yusuke
_kensh
tammyeverts
yayoi_dd
miu_crescent
doradora09
nktamago
ammeep
tmm1
cherdarchuk
addyosmani
brettharned
destraynor
lemiorhan
chrislema
jcasabona
shpigford
moore
danielanewman