Elasticsearch started life as a document database sitting atop the Lucene text search engine library. It was soon joined by related applications, and the preferred acronym for the Elasticsearch family of products was ELK: Elasticsearch; Logstash, the data pipelining tool, principally used to hoover data from logging into an Elasticsearch database; and Kibana, the data visualization construction kit.
The ELK trio has since been joined by a small platoon of “data shipper” utilities: the Beats products. Similar to Logstash, the Beats products move data from an outside source into an Elasticsearch database. They differ in the source of the shipped data. Filebeat is designed to read and forward the contents of log files (like Logstash, but without Logstash’s transformation and aggregation capabilities). Metricbeat reads system metric data gathered from Windows, Mac, or Linux hosts. Metricbeat can also gather enterprise application metrics from Microsoft SQL Server, MySQL, PostgreSQL, and other sources.
The Beats group is a lengthy list of sibling products; you can find the full family of . Similarly, the features and product updates that have appeared with the roll-out of Elastic Stack 7.x is a lengthy list, one that could occupy several articles. While there is much to be said about all of the updates to the various components in the Elastic Stack 7.x release, this article will focus principally on the enhancements and improvements made to the stack’s cornerstone: Elasticsearch itself.