Kibana features
Kibana lets you visualize your Elasticsearch data and navigate the Elastic Stack, so you can do things like quickly find out why you're getting paged at 2:00 a.m. and predict the impact of rain on this quarter's numbers.
Explore and visualize
Visualizations
Share and collaborate
Management and monitoring
Security
Management
Alerting
Solutions
Elastic Maps
Elastic Metrics
Elastic Uptime
Elastic APM
Elastic Security
Explore and visualize
Explore and visualize
Visualizations
Your data has a compelling story. How will you best display it? Charts, tables, maps, and other tools in Kibana all stand at the ready for live expression of your data.
Kibana Lens
Kibana Lens is an easy-to-use, intuitive UI that simplifies the process of data visualization through a drag-and-drop experience. Whether you're exploring billions of logs or spotting trends from your website traffic, Lens gets you from data to insights in just a few clicks — no prior experience in Kibana required.
Time Series Visual Builder
Using the full power of the Elasticsearch aggregation framework, Time Series Visual Builder (TSVB) is a time series data visualizer that combines an infinite number of aggregations and pipeline aggregations to display complex data in a meaningful way.
Geospatial analysis
"Where" is a critical question for many users of the Elastic Stack. Whether you're protecting your network from attackers, investigating slow application response times in specific locations, or simply hailing a ride home, geo data and search play an important role.
Charts
Line, area, and bar charts allow you to plot your data on an X/Y axis. A heat map is a graphical representation of data where the individual values contained in a matrix are represented as colors or gradients. And pie charts can also double as donut charts, displaying as a sliced ring instead of a sliced pie.
Metrics
A metric visualization displays a single number for each aggregation. Display metrics for count, average, sum, min/max, standard deviation, percentiles, and more.
Data tables
Data table displays are one of the most common ways to express your data. Configure your data tables to capture a moment in time, or sync with your live data for a dynamic, up-to-date look at what's going on.
Vega (custom)
Vega and Vega-Lite allow for custom visualizations without the need for JavaScript. Build out visualizations (either standalone or on top of a map) in Kibana with data from a single Elasticsearch query or multiple data sources.
Kibana plugins
Add even more functionality to Kibana with community-driven plugin modules. Open source plugins are available for a variety of apps, extensions, visualizations, and more. Plugins include:
Vega visualizations
Prometheus exporter
3D charts and graphs
Calendar visualizations
And many more
Canvas
Canvas is a whole new way of making data look amazing. Canvas combines data with colors, shapes, text, and your own imagination to bring dynamic, multi-page, pixel-perfect data displays to screens large and small.
User Experience
User Experience data reflects real-world user experiences. Quantify and analyze the perceived performance of your web application.
Kibana runtime fields editor
The Kibana runtime fields editor uses the Elasticsearch functionality for runtime fields to give analysts access to adding their own custom fields on the fly. From Index Patterns, Discover, and Kibana Lens, this editor is available to create, edit, or remove runtime fields.
Explore and visualize
Data exploration
Built-in Kibana dashboards encourage exploration and visualization of your network flow data the moment you process events. Set up some filters and start drilling down to gain deeper insight into your data.
Dashboards
A Kibana dashboard displays a collection of visualizations and searches. You can arrange, resize, and edit the dashboard content and then save the dashboard so you can share it. You can create custom drilldowns between multiple dashboards or even out to web applications to drive action and decision making.
Discover
Discover enables you to explore your data with Kibana's data discovery functions. You have access to every document in every index that matches the selected index pattern. You can submit search queries, filter the search results, and view document data. You can also see the number of documents that match the search query and get field value statistics. If a time field is configured for the selected index pattern, the distribution of documents over time is displayed in a histogram at the top of the page.
Field statistics
Field statistics is a tab in Discover that shows a breakdown of fields, values, and data distributions via handy visualizations and statistics for each field in your index. Look for completeness of your data, spot outliers, understand the distribution of values, and gain a holistic view.
Console interface
In Console, one of the Dev Tools in Kibana, you can compose requests to send to Elasticsearch in a cURL-like syntax and view responses to your requests.
Graph analytics
The graph analytics features enable you to discover how items in an Elasticsearch index are related. You can explore the connections between indexed terms and see which connections are the most meaningful. This can be useful in a variety of applications, from fraud detection to recommendation engines.
Console
In Console, one of the Dev Tools in Kibana, you can compose requests to send to Elasticsearch in a cURL-like syntax and view responses to your requests.
Explore and visualize
Preconfigured dashboards
When the Elastic Stack is used to analyze logs and metrics, you can take advantage of a wide variety of preconfigured dashboards for many common data sources. Use Kibana like a pro right from the start.
Web server modules
Example dashboards — Apache, NGINX, IIS, HAProxy, and more — make it easy for you to start monitoring your web server log data and system metrics in Kibana. Get started quickly with these preconfigured dashboards, and then customize them to meet your needs.
Database modules
Example dashboards — for MySQL, MongoDB, PostgreSQL, Microsoft SQL, and more — make it easy for you to start monitoring database and queuing system log data and system metrics in Kibana. Get started quickly with these preconfigured dashboards, and then customize them to meet your needs.
Infrastructure modules
Example dashboards — system, Kubernetes, Docker, Windows, auditd, journald, and more — make it easy for you to start monitoring your servers in Kibana. Get started quickly with these preconfigured dashboards, and then customize them to meet your needs.
Explore and visualize
Share and collaborate
Easily share Kibana visualizations with your team members, your boss, their boss, your customers, compliance managers, contractors — anyone you like, really using the sharing option that works for you. Embed a dashboard, share a link, or export to PDF, PNG, or CSV files and send as an attachment. Or organize your dashboards and visualizations into Kibana spaces.
Embeddable dashboards
From Kibana, you can easily share a direct link to a Kibana dashboard, or embed the dashboard in a web page as an iframe — either as a live dashboard or a static snapshot of the current point in time.
Dashboard-only mode
Use the kibana_dashboard_only_user built-in role to limit what users see when they log in to Kibana. The kibana_dashboard_only_user role is preconfigured with read-only permissions to Kibana. When users open a dashboard, they will have a limited visual experience. All edit and create controls are hidden.
Spaces
With Spaces in Kibana, you can organize your dashboards and other saved objects into meaningful categories. Once you're in a specific space, you will only see the dashboards and other saved objects that belong to it. And with security enabled, you can control which users have access to individual spaces, giving you an extra layer of protection.
PDF/PNG reports
Quickly generate reports of any Kibana visualization or dashboard and save them to PDF or PNG. Get a report on demand, schedule it for later, trigger it based on specified conditions, and automatically share it with others.
Custom banners for Kibana Spaces
Custom banners help to differentiate Kibana Spaces for different roles, teams, functions, and more. Tailor specific announcements and messagings to individual Kibana Spaces, and help users quickly identify which Space they’re in.
CSV exports
Export saved searches in Discover to CSV files for use with external text editors.
Saved objects import/export
View, edit, delete, import, and export saved objects right from Kibana. A saved object can be a search, visualization, dashboard, or index pattern.
Tags
Easily create tags and add them to dashboards and visualization for efficient content management.
Explore and visualize
Machine learning
Elastic machine learning features automatically model the behavior of your Elasticsearch data — trends, periodicity, and more — in real time to identify issues faster, streamline root cause analysis, and reduce false positives.
Forecasting on time series
After Elastic machine learning creates baselines of normal behavior for your data, you can use that information to extrapolate future behavior. Then create a forecast to estimate a time series value at a specific future date or estimate the probability of a time series value occurring in the future
Anomaly detection on time series
Elastic machine learning features automate the analysis of time series data by creating accurate baselines of normal behavior in the data and identifying anomalous patterns in that data. Anomalies are detected, scored, and linked with statistically significant influencers in the data using proprietary machine learning algorithms.
Anomalies related to temporal deviations in values, counts, or frequencies
Statistical rarity
Unusual behaviors for a member of a population
Alerting on anomalies
For changes that are harder to define with rules and thresholds, combine alerting with unsupervised machine learning features to find the unusual behavior. Then use the anomaly scores in the alerting framework to get notified when problems arise.
Population/entity analysis
Use Elastic machine learning features to build a profile of what a "typical" user, machine, or other entity does over a specified time period and then identify outliers when they behave abnormally compared to the population.
Log message categorization
Application log events are often unstructured and contain variable data. Elastic machine learning features observe the static parts of the message, cluster similar messages together, and classify them into message categories.
Root cause indication
Once an anomaly is detected, Elastic machine learning features make it easy to identify the properties that significantly influenced it. For instance, if there's an unusual drop in transactions, you can quickly identify the failing server or misconfigured switch causing the problem.
Data Visualizer
Data Visualizer helps you better understand your Elasticsearch data and identify possible fields for machine learning analysis by analyzing the metrics and fields in a log file or an existing index.
Inference
Inference enables you to use supervised machine learning processes – like regression or classification – not only as a batch analysis but in a continuous fashion. Inference makes it possible to use trained machine learning models against incoming data.
Language identification
Language identification is a trained model that you can use to determine the language of text. You can reference the language identification model in an inference processor.
Model snapshot management
Quickly revert a model back to a desired snapshot in case of an unplanned system outage or other event causing misleading results in anomaly detection.
Management and monitoring
Management and monitoring
Security
The security features of the Elastic Stack give the right access to the right people. IT, operations, and application teams rely on these features to manage well-intentioned users and keep malicious actors at bay, while executives and customers can rest easy knowing data stored in the Elastic Stack is safe and secure.
Secure Spaces
With Spaces in Kibana, you can organize your dashboards and other saved objects into meaningful categories. Once you're in a specific space, you will only see the dashboards and other saved objects that belong to it. And with security enabled, you can control which users have access to individual spaces, giving you an extra layer of protection.
Encrypted communications
Network-based attacks on Elasticsearch node data can be thwarted through traffic encryption using SSL/TLS, node authentication certificates, and more.
Role-based access control (RBAC)
Role-based access control (RBAC) enables you to authorize users by assigning privileges to roles and assigning roles to users or groups.
Anonymous access control (for public sharing)
From maps to dashboards to literally any Kibana saved object, you can now create specialized links that let anyone access an asset without being prompted for credentials.
Field- and document-level security
Field-level security restricts the fields that users have read access to. In particular, it restricts which fields can be accessed from document-based read APIs.
Document-level security restricts the documents that users have read access to. In particular, it restricts which documents can be accessed from document-based read APIs.
Learn about document-level securitySecurity realms
The security features of the Elastic Stack authenticate users by using realms and one or more token-based authentication services. A realm is used to resolve and authenticate users based on authentication tokens. The security features provide a number of built-in realms.
Single sign-on (SSO)
The Elastic Stack supports SAML single sign-on (SSO) into Kibana, using Elasticsearch as a backend service. SAML authentication allows users to log in to Kibana with an external identity provider, such as Okta or Auth0.
Security APIs
The role management API allows you to manage roles that grant Kibana privileges. These endpoints cannot be accessed via the Console in Kibana.
Management and monitoring
Management
The Elastic Stack comes with a variety of management tools, UIs, and APIs to allow full control over data, users, cluster operations, and more.
Dark theme
Kibana defaults to a light theme, but can easily be switched to a dark theme at the space level. Pick the mode that works best for you (and your eyes).
Index patterns
An index pattern identifies one or more Elasticsearch indices that you want to explore with Kibana. Kibana looks for index names that match the specified pattern. An asterisk (*) in the pattern matches zero or more characters. For example, the pattern myindex-*
matches all indices whose names start with myindex-
, such as myindex-1
and myindex-2
.
Index lifecycle management
Index lifecycle management (ILM) lets the user define and automate policies to control how long an index should live in each of four phases, as well as the set of actions to be taken on the index during each phase. This allows for better control of cost of operation, as data can be put in different resource tiers.
Hot: actively updated and queried
Warm: no longer updated, but still queried
Cold/Frozen: no longer updated and seldom queried (search is possible, but slower)
Delete: no longer needed
Snapshot lifecycle management
As a background snapshot manager, snapshot lifecycle management (SLM) APIs allow administrators to define the cadence with which to take snapshots of an Elasticsearch cluster. With a dedicated UI, SLM empowers users to configure retention for SLM policies and create, schedule, and delete snapshots automatically — ensuring that appropriate backups of a given cluster are taken on a frequent enough basis to be able to restore in compliance with customer SLAs.
Data rollup management
In Kibana, you'll find a UI for viewing, creating, starting, stopping, and deleting rollup jobs. A rollup job is a periodic task that summarizes data from Elasticsearch indices specified by an index pattern and rolls it into a new index.
User and role management
Create and manage users and roles via API or from Management within Kibana.
Upgrade Assistant UI
The Upgrade Assistant UI helps you prepare your upgrade to the most recent version of the Elastic Stack. Within the UI, the assistant identifies the deprecated settings in your cluster and indices, guiding you through the process of resolving issues — including reindexing.
Upgrade Assistant API
The Upgrade Assistant API allows you to check the upgrade status of your Elasticsearch cluster and reindex indices that were created in the previous major version. The assistant helps you prepare for the next major version of Elasticsearch.
Saved objects UI
View, edit, delete, import, and export saved objects right from Kibana. A saved object can be a search, visualization, dashboard, or index pattern.
Saved objects API
The saved objects API allows you to manage Kibana saved objects, including but not limited to dashboards, visualizations, and index patterns. These endpoints cannot be accessed via the Console in Kibana.
Data import tutorial
With our easy-to-follow tutorial, learn to load a data set into Elasticsearch, define an index pattern, discover and explore the data, create visualizations and dashboards, and more.
License management
When you install Kibana, it generates a Basic license with no expiration date. Go to Management > License Management to view the status of your license, start a 30-day trial, or install a new license. You can activate a 30-day trial license with just a click to try out the full set of Platinum features, including machine learning, advanced security, graph capabilities, and more.
Localized UI
Interfaces are available for English, Japanese, and Simplified Chinese right out of the box, and the localization framework within Kibana means more languages can be added in the future.
Transforms
Transforms are two-dimensional, tabular data structures that make indexed data more digestible. Transforms perform aggregations that pivot your data into a new entity-centric index. By transforming and summarizing your data, it becomes possible to visualize and analyze it in alternative ways, including as a source for other machine learning analytics.
Management and monitoring
Monitoring
Elastic Stack monitoring features provide you visibility into how your Elastic Stack is running. Keep a pulse on how it's performing to make sure you're getting the most out of it.
Full stack monitoring
The monitoring features of the Elastic Stack give you insight into the operation of Elasticsearch, Logstash, and Kibana. All of the monitoring metrics are stored in Elasticsearch, which enables you to easily visualize the data from Kibana.
Configurable retention policy
With the Elastic Stack, you can control how long you hold onto monitoring data. The default is 7 days, but you can change that to anything you want.
Automatic alerts on stack issues
With Elastic Stack alerting features, you can get notified automatically to changes in your cluster — cluster state, license expiration, and other metrics across Elasticsearch, Kibana, and Logstash — using the power of alerting.
Management and monitoring
Alerting
The alerting features of the Elastic Stack give you the full power of the Elasticsearch query language to identify changes in your data that are interesting to you. In other words, if you can query something in Elasticsearch, you can alert on it.
Highly available, scalable alerting
There's a reason organizations large and small trust the Elastic Stack to handle their alerting needs. By reliably and securely ingesting data from any source, in any format, analysts can search, analyze, and visualize key data in real time — all with customized, reliable alerting.
Notifications via email, webhooks, IBM Resilient, Jira, Microsoft Teams, PagerDuty, ServiceNow, Slack, xMatters
Link alerts with built-in integrations for email, IBM Resilient, Jira, Microsoft Teams, PagerDuty, ServiceNow, xMatters, and Slack. Integrate with any other third-party system via a webhook output.
Alerting UI
Take control of your alerts by viewing, creating, and managing all of them from a single UI. Stay in the know with real-time updates on which alerts are running and what actions were taken.
Alerting suppression and noise reduction
Snooze alerting rules to suppress notifications and actions for a user-defined duration. You’ll never miss an action because you forgot to unmute a rule while handling problems that arose unexpectedly or during known downtimes.
Search threshold alerts for Discover
A search threshold rule in Discover is based on an Elasticsearch query - it analyzes documents at a given time interval to check if a threshold is reached for documents with the designated criteria, then triggers an alert. Users can create and assign an action if they wish to be trigger a notification or automatically create an incident.
Management and monitoring
Dev Tools
The Dev Tools page contains development tools that you can use to interact with your data in Kibana. Tools include Console, Grok Debugger, and Search Profiler.
Console
In Console, one of the Dev Tools in Kibana, you can compose requests to send to Elasticsearch in a cURL-like syntax and view responses to your requests.
Grok Debugger
You can build and debug grok patterns in the Kibana Grok Debugger before you use them in your data processing pipelines. Grok is a pattern matching syntax that you can use to parse arbitrary text and structure it. Grok is good for parsing syslog, Apache, and other web server logs, MySQL logs, and in general, any log format that is written for human consumption.
Query profiler/optimizer
The profile API provides detailed timing information about the execution of individual components in a search request. It provides insight into how search requests are executed at a low level so you can understand why certain requests are slow and take steps to improve them.
Management and monitoring
Deployment
Public cloud, private cloud, or somewhere in between — we make it easy for you to run and manage the Elastic Stack.
Download and install
It's as easy as ever to get started. Just download and install Elasticsearch and Kibana as an archive or with a package manager. You'll be indexing, analyzing, and visualizing data in no time. And with the default distribution, you can also test out Platinum features such as machine learning, security, graph analytics, and more with a free 30-day trial.
Elastic Cloud
Elastic Cloud is our growing family of SaaS offerings that make it easy to deploy, operate, and scale Elastic products and solutions in the cloud. From an easy-to-use hosted and managed Elasticsearch experience to powerful, out-of-the-box search solutions, Elastic Cloud is your springboard for seamlessly putting Elastic to work for you. Try any of our Elastic Cloud products for free for 14 days — no credit card required.
Start a free trial of Elasticsearch Service
Elastic Cloud Enterprise
With Elastic Cloud Enterprise (ECE), you can provision, manage, and monitor Elasticsearch and Kibana at any scale, on any infrastructure, while managing everything from a single console. Choose where you run Elasticsearch and Kibana: physical hardware, virtual environment, private cloud, private zone in a public cloud, or just plain public cloud (e.g., Google, Azure, AWS). We've covered them all.
Elastic Cloud on Kubernetes
Built on the Kubernetes Operator pattern, Elastic Cloud on Kubernetes (ECK) extends the basic Kubernetes orchestration capabilities to support the setup and management of Elasticsearch and Kibana on Kubernetes. With Elastic Cloud on Kubernetes, simplify the processes around deployment, upgrades, snapshots, scaling, high availability, security, and more for running Elasticsearch in Kubernetes.
Helm Charts
Deploy in minutes with the official Elasticsearch and Kibana Helm Charts.
Docker containerization
Run Elasticsearch and Kibana on Docker with the official containers from Docker Hub.
Solutions
Solutions
Elastic Maps
The Maps app enables you to parse through your geographical data at scale, with speed, and in real time. With features like multiple layers and indices in a map, plotting of raw documents, dynamic client-side styling, and global search across multiple layers, you can understand and monitor your data with ease.
Map layers
Add layers from unique indices into one view using the Maps app in Kibana. And since the layers are on the same map, you can search and filter across all of them in real time. Options include choropleth layers, heat map layers, tile layers, and vector layers and even use-case specific layers like observability for APM data.
Vector tiles
Vector tiles partition your map into tiles and offer the best performance and smooth zooming over the alternative methods. All new polygon layers enable the 'Use vector tiles' setting by default. You can change the scaling options in layer settings if you prefer the 10,000 records approach.
Custom region maps
Create region maps — thematic maps in which boundary vector shapes are colored using a gradient — using the custom location data on a schematic of your choosing.
Elastic Maps Service (zoom levels)
The Elastic Maps Service powers all the geospatial visualizations in Kibana (including the Maps app) by serving basemap tiles, shapefiles, and key features that are essential for visualizing geodata. With the default distribution of Kibana, you can zoom in up to 18x on a map.
Elastic Maps Server
The Elastic Maps Server uses the Elastic Maps Service’s basemaps and boundaries on local infrastructure.
GeoJSON upload
Though simple and easy to use, the GeoJSON upload feature is robust. Through direct ingestion into Elasticsearch, the feature enables map creators to drag and drop GeoJSON files enriched with points, shapes, and content into a map for instantaneous visualization. Enable email or webapp alerts using GeoJSON defined boundaries when tracking data driven object movement.
Geo alerts
Trigger notifications when an entity enters, leaves, or crosses a boundary. Monitor the location of an entity while it remains inside a specified boundary.
Shapefile upload
Load shapefiles into Elastic with this simple but powerful uploader built right into the Maps application. Easily load local open data and boundaries for analysis and comparison.
Solutions
Elastic Logs
With out-of-the-box support for common data sources and default dashboards to boot, the Elastic Stack is all about the it-just-works experience. Ship logs with Filebeat and Winlogbeat, index into Elasticsearch, and visualize it all in Kibana in minutes.
Log shipper (Filebeat)
Filebeat helps you keep the simple things simple by offering a lightweight way to forward and centralize logs and files. Filebeat comes with internal modules (auditd, Apache, NGINX, System, MySQL, and more) that simplify the collection, parsing, and visualization of common log formats down to a single command.
Logs dashboards
Example Filebeat dashboards make it easy for you to explore log data in Kibana. Get started quickly with these preconfigured dashboards, then customize them to meet your needs.
Log rate anomaly detection
Log rate analysis powered by machine learning automatically highlights periods of time where the log rate is outside normal bounds so you can quickly identify and inspect log anomalies.
Logs app
The Logs app provides real-time log tailing in a compact, customizable display. The log data is correlated with metrics in the Metrics app, making it easier for you to diagnose problems.
Solutions
Elastic Metrics
With Elastic Metrics, easily track high-level metrics, like CPU usage, system load, memory usage, and network traffic, to help you assess the overall health of your servers, containers, and services.
Metric shipper (Metricbeat)
Metricbeat is a lightweight shipper that you can install on your servers to periodically collect metrics from the operating system and from services running on the server. From CPU to memory, Redis to NGINX, Metricbeat is a lightweight way to send system and service statistics.
Metrics dashboards
Example Metricbeat dashboards make it easy for you to start monitoring your servers in Kibana. Get started quickly with these preconfigured dashboards, and then customize them to meet your needs.
Metrics app
After you have metrics streaming to Elasticsearch, use the Metrics app in Kibana to monitor them and identify problems in real time.
Alerting integration for Metrics
Create threshold alerts for your metrics with real-time feedback, directly in the Metrics app in Kibana, and get notified the way that you choose — documents, logs, Slack, simple webhooks, and more.
Machine learning integration for Metrics
Find common infrastructure issues with one-click anomaly detection directly from the Metrics UI.
Solutions
Elastic Uptime
With Elastic Uptime powered by open source Heartbeat, your availability data works in concert with rich context provided by logs, metrics, and APM — making it simpler to connect the dots, correlate activity, and solve problems quickly.
Uptime monitor (Heartbeat)
Heartbeat is a lightweight daemon that you install on a remote server to periodically check the status of your services and determine whether they are available. Heartbeat ingests the server data that will then be displayed in the Uptime dashboard and app in Kibana.
Uptime dashboards
Example Heartbeat dashboards make it easy for you to visualize the status of your services in Kibana. Get started quickly with these preconfigured dashboards, and then customize them to meet your needs.
Alerting integration for Uptime
Easily create threshold-based alerts from your availability data directly in the Uptime app, and get notified the way that you choose -- documents, logs, Slack, simple webhooks, and more.
Certificate monitoring
Check or get notified when your SSL or TLS certificates are expiring and keep your services available directly in the Uptime app.
Synthetic monitoring
Simulate the user experience across multi-step journeys — like the checkout flow for an ecommerce store. Capture detailed status info each step of the way to identify problematic areas and create exceptional digital experiences.
Uptime app
The Uptime app in Kibana is intended to help you quickly identify and diagnose outages and other connectivity issues within your network or environment. Easily monitor hosts, services, websites, APIs, and more from this helpful interface.
Solutions
Elastic APM
Already housing logs and system metrics in Elasticsearch? Expand to application metrics with Elastic APM. Four lines of code let you see a bigger picture to quickly fix issues and feel good about the code you push.
APM Server
The APM Server receives data from APM agents and transforms them into Elasticsearch documents. It does this by exposing an HTTP server endpoint to which agents stream the APM data they collect. After the APM Server has validated and processed events from the APM agents, the server transforms the data into Elasticsearch documents and stores them in corresponding Elasticsearch indices.
APM agents
APM agents are open source libraries written in the same language as your service. You install them into your service as you would install any other library. They instrument your code and collect performance data and errors at runtime. This data is buffered for a short period and sent on to the APM Server.
APM app
Finding and fixing roadblocks in your code boils down to search. Our dedicated APM app in Kibana lets you identify bottlenecks and zero in on problematic changes at the code level. As a result, you get better, more efficient code that leads to a speedier develop-test-deploy loop, faster applications, and better customer experiences.
Distributed tracing
Wondering how requests are flowing through your entire infrastructure? String transactions together with a distributed trace and get a clear view of how your services are interacting. Find where latency issues are arising in the path and then pinpoint the components that need optimizing.
Alerting integration
Stay up to date on how your code is performing. Get an email notification when something goes awry or a Slack notification when something goes really right.
Service maps
Service maps are a visual representation of how your services are connected and provide high-level transaction metrics like average transaction duration, request and error rates, plus CPU and memory usage.
Machine learning integration
Create a machine learning job directly from the APM app. Quickly hone in on abnormal behavior with machine learning features that automatically model your data.
Solutions
Elastic Security
Elastic Security equips security operations, threat hunting, and IT Ops teams to prevent, detect, and respond to threats. It prevents ransomware and malware at the host, automates the detection of threats and anomalies, and streamlines response with intuitive workflows, built-in case management, and integrations with SOAR and ticketing platforms.
Elastic Common Schema
Uniformly analyze data from diverse sources with the Elastic Common Schema (ECS). Detection rules, machine learning jobs, dashboards, and other security content can be applied more broadly, searches can be crafted more narrowly, and field names are easier to remember.
Machine learning anomaly detection
Integrated machine learning automates anomaly detection, enhancing detection and hunting workflows. A portfolio of prebuilt machine learning jobs enables rapid adoption. Alerting and investigation workflows leverage ML results.
Detection engine
The detection engine performs technique-based threat detection and alerts on high-value anomalies. Prebuilt rules developed and tested by Elastic Security research engineers enable rapid adoption. Custom rules can be created for any data formatted for Elastic Common Schema (ECS).
Host security analysis
Elastic Security enables interactive analysis of endpoint data from Elastic Agent and Elastic Beats, plus technologies like Carbon Black, CrowdStrike, and Microsoft Defender for Endpoint. Explore shell activity with Session View and processes with Analyzer.
Network security analysis
Elastic Security enables network security monitoring with interactive maps, graphs, event tables, and more. It supports numerous network security solutions, including OSS technologies like Suricata and Zeek, devices from vendors like Cisco ASA, Palo Alto Networks, and Check Point, and cloud services like AWS, Azure, GCP, and Cloudflare.
User security analysis
Elastic Security excels with entity analytics. The solution provides visibility into user activity, helping practitioners address insider threats, account takeover, privilege abuse, and related vectors. Environment-wide collection supports security monitoring, with user data presented on curated visualizations and tables. User context is presented within the flow of a hunt or investigation, with further details quickly accessible.
Timeline event explorer
Timeline event explorer lets analysts view, filter, correlate, and annotate events, gather data to reveal the root-cause and scope of attacks, align investigators, and package information for immediate and long-term reference.
Case management
Built-in case management workflows enhance control over detection and response. Elastic Security allows analysts to easily open, update, tag, comment on, close, and integrate cases with external systems. An open API and prebuilt support for IBM Resilient, Jira, Swimlane, and ServiceNow enable alignment with existing workflows.
Cloud workload session auditing
Secure hybrid cloud workloads and cloud-native applications with a lightweight agent powered by eBPF. Spot runtime threats automatically with prebuilt and custom detection rules and machine learning models. Investigate with a terminal-like view that surfaces rich context.
KSPM data collection and CIS posture findings
Gain visibility into your security posture across multi-cloud environments. Review findings, benchmark findings against CIS controls, and follow remediation guidance to drive rapid improvement.
Administration of host-based prevention, detection, and response
Manage anti-malware and anti-ransomware capabilities, manage centralized collection to enable the detection of advanced threats, and power host-based inspection and response.
Osquery central management
Elastic Security enables users to easily deploy osquery on every endpoint, streamlining hunting and host inspection across Linux, Windows, and macOS hosts. The solution provides direct access to rich host data, retrievable with a prebuilt or custom SQL query for analysis in Elastic Security.
Solutions
Elasticsearch
Connectors
Make use of native connectors and connector clients to popular productivity tools, plus handy APIs to build connectors for your data sources, too.
Crawler
Open Crawler lets you index web content directly into Elasticsearch. The repository is open source, so you can review the code, submit issues or PRs, and create custom versions. Its lightweight design ensures efficient crawling and indexing.
Playground
Test the latest AI search capabilities with AI Playground, now in Elasticsearch. Ingest your own data or use our sample data to explore how to build RAG systems, test different LLMs from various providers like OpenAI, Amazon Bedrock, Anthropic and more.
Search Applications
Search Applications enable users to build search-powered applications that leverage the full power of Elasticsearch and its Query DSL, with a simplified user experience.
Behavioral Analytics
Behavioral Analytics is an analytics event collection platform. Use these tools to analyze your users' searching and clicking behavior.