From 08d0503940c149867090a3621035ec679aa1208b Mon Sep 17 00:00:00 2001 From: DeDe Morton Date: Mon, 8 Apr 2019 19:26:48 -0700 Subject: [PATCH] [7.0] Backport: Add release highlights (#11708) * Add release highlights (#11621) * Add release highlights * Rework highlights * Add fixes from review * Use attribute * Remove NetFlow * Add netflow back in and clarify that it's an input --- libbeat/docs/highlights-7.0.0.asciidoc | 104 +++++++++++++++++++++++++ libbeat/docs/highlights.asciidoc | 9 +++ libbeat/docs/index.asciidoc | 6 +- 3 files changed, 117 insertions(+), 2 deletions(-) create mode 100644 libbeat/docs/highlights-7.0.0.asciidoc create mode 100644 libbeat/docs/highlights.asciidoc diff --git a/libbeat/docs/highlights-7.0.0.asciidoc b/libbeat/docs/highlights-7.0.0.asciidoc new file mode 100644 index 00000000000..759abab74e2 --- /dev/null +++ b/libbeat/docs/highlights-7.0.0.asciidoc @@ -0,0 +1,104 @@ +[[release-highlights-7.0.0]] +=== 7.0.0 release highlights +++++ +7.0.0 +++++ + +Each release of {beats} brings new features and product improvements. +Here are the highlights of the new features and enhancements in 7.0.0. + +Refer to the {beats} <> and <> for a list of bug fixes and other changes. + +//NOTE: The notable-highlights tagged regions are re-used in the +//Installation and Upgrade Guide + +// tag::notable-highlights[] + +[float] +==== Elastic Common Schema (ECS) + +The {ecs-ref}/index.html[Elastic Common Schema], or ECS, is an open source +specification that defines a common set of document fields for event data +ingested into {es}. ECS makes it dramatically easier for users to correlate data +across sources and develop common content, such as dashboards and machine +learning jobs. + +In 7.0, all {beats} and {beats} modules generate ECS format events by default. +This means that adopting ECS is as easy as upgrading to {beats} 7.0. All {beats} +module dashboards in 7.0 make use of ECS. + +Migrating to a common schema means that many fields have been renamed. We have +developed an upgrade procedure that uses {es} field aliases to make the +transition easier. After the upgrade is complete, we strongly advise that you +adjust your custom {kib} dashboards, machine learning jobs, and other content to +use the new ECS field names. + +See the {beats-ref}/upgrading.html[{beats} upgrade documentation] for more +information. + +[float] +==== Index lifecycle management (ILM) + +In 6.6, {es} added advanced capabilities for index management. Rather than +simply performing management actions on your indices on a set schedule, you can +base actions on other factors such as shard size and performance requirements. +You control how indices are handled as they age by attaching a lifecycle policy +to the index template used to create them. You can update the policy to modify +the lifecycle of both new and existing indices. This set of capabilities are +grouped in the {ref}/index-lifecycle-management.html[index lifecycle management +(ILM)] APIs. + +In 7.0, {beats} defaults to rotating indices by using ILM policies, if the {es} +version to which they connect supports ILM. The default policy rotates indices +when they reach 50 GB or 30 days. You can edit the ILM policy by using the {kib} +management UI, or directly via the {es} API. + +[float] +==== Stack monitoring + +The full suite of modules to {stack-ov}/monitoring-production.html[monitor your +{stack}] are now GA. These include the {metricbeat} modules for {es}, {ls}, and +{kib}. + +In the future, we will switch to {metricbeat} as the recommended agent +for monitoring the {stack}. To prepare for the switch, see +{ref}/configuring-metricbeat.html[Collecting {es} monitoring data with {metricbeat}]. + +[float] +==== Logs and infrastructure metrics + +{beats} adds several new modules, focusing on datastores and the cloud. + +On the cloud side, {metricbeat} adds the +{metricbeat-ref}/metricbeat-module-aws.html[AWS] module, which collects and +centralizes basic resource utilization metrics from all your EC2 instances, +directly from Cloudwatch. A widely used messaging platform, +{metricbeat-ref}/metricbeat-module-nats.html[NATS], earns its own module for +capturing stats, connections, routes, and subscriptions metrics. + +For datastores, {metricbeat} offers modules for Microsoft SQL Server and +CouchDB. The {metricbeat-ref}/metricbeat-module-mssql.html[MSSQL] module +captures transaction log and performance counters, while the +{metricbeat-ref}/metricbeat-module-couchdb.html[CouchDB] module provides a +server metricset. + +[float] +==== Security analytics data sources + +For data relevant to security analytics, {filebeat} adds a +{filebeat-ref}/filebeat-module-zeek.html[Zeek] module that integrates with the +popular open-source Zeek project, formerly known as Bro, and a +{filebeat-ref}/filebeat-module-santa.html[Santa] module, which tracks process +executions on macOS. These modules add to the list of data sources already +supported in the 6.x series, including +{filebeat-ref}/filebeat-module-suricata.html[Suricata], +{filebeat-ref}/filebeat-module-iptables.html[IPtables], and +{filebeat-ref}/filebeat-input-netflow.html[NetFlow]. + +In addition, the {auditbeat} +{auditbeat-ref}/auditbeat-module-system.html[system] module keeps improving, and +the transition to ECS makes all {beats} modules more useful for security +use cases. + +// end::notable-highlights[] diff --git a/libbeat/docs/highlights.asciidoc b/libbeat/docs/highlights.asciidoc new file mode 100644 index 00000000000..191fa6a1960 --- /dev/null +++ b/libbeat/docs/highlights.asciidoc @@ -0,0 +1,9 @@ +[[release-highlights]] +== Release highlights + +This section summarizes the most important changes in each release. For the +full list, see <> and <>. + +* <> + +include::highlights-7.0.0.asciidoc[] \ No newline at end of file diff --git a/libbeat/docs/index.asciidoc b/libbeat/docs/index.asciidoc index a31ef54ec1d..e6bf78711af 100644 --- a/libbeat/docs/index.asciidoc +++ b/libbeat/docs/index.asciidoc @@ -21,11 +21,13 @@ include::./communitybeats.asciidoc[] include::./gettingstarted.asciidoc[] -include::./breaking.asciidoc[] +include::./config-file-format.asciidoc[] include::./upgrading.asciidoc[] -include::./config-file-format.asciidoc[] +include::./highlights.asciidoc[] + +include::./breaking.asciidoc[] include::./release.asciidoc[]