What’s new in Skedler Reports 4.16.0 & Alerts 4.8.0

Here are the highlights of what’s new and improved in Skedler Reports 4.16.0 & Alerts 4.8.0. For detailed information about this release, check the release notes.

EQL

EQL (Event Query Language) is a declarative language dedicated to identifying patterns and relationships between events. Consider using EQL if you use Elasticsearch for threat hunting or other security use cases. Search time-series data or logs, such as network or system logs

Data streams

A data stream is a convenient, scalable way to ingest, search, and manage continuously generated time-series data. They provide a simpler way to split data across multiple indices and still query it via a single named resource.

Enable fully concurrent snapshot operations

Snapshot operations can now execute in a fully concurrent manner.

  • Create and delete operations can be started in any order
  • Delete operations wait for snapshot finalization to finish and are batched as much as possible to improve efficiency. 
  • Snapshot creation is completely concurrent across shards, but per shard, snapshots are linearized for each repository, as are snapshot finalizations

Indexing metrics and backpressure

ELK 7.9 now tracks metrics about the number of indexing request bytes that are outstanding at each point in the indexing process (coordinating, primary, and replication) which is supported by Skedler. These metrics are exposed in the node stats API. Additionally, the new setting indexing_pressure.memory.limit controls the maximum number of bytes that can be outstanding, which is 10% of the heap by default. Once this number of bytes from a node’s heap is consumed by outstanding indexing bytes, Elasticsearch will start rejecting new coordinating and primary requests.

Inference in pipeline aggregations

In this release, the inference is even more flexible! You can reference a pre-trained data frame analytics model in aggregation to infer on the result field of the parent bucket aggregation. The aggregation uses the model on the results to provide a prediction. This addition enables you to run classification or regression analysis at search time. If you want to perform analysis on a small set of data, you can generate predictions without the need to set up a processor in the ingest pipeline.

Skedler Reports v4.15.0 now supports Grafana 7.1.0

Now Skedler supports Grafana 7.1.0. with all its new features in Skedler Reports v4.15.0

Influx data source

Support for Flux and Influx v2 has been added, now Build Grafana Dashboards with InfluxDB, Flux, and InfluxQL and explain the changes in depth.

Query history search

In Grafana v 7.1 we are introducing search functionality in Query history. You can search across queries and your comments. It is especially useful in combination with a time filter and data source filter. 

Explore modes unified

Grafana 7.1 includes a major change to Explore: it removes the query mode selector. Many data sources tell Grafana whether a response contains time series data or logs data. Using this information, Explore chooses which visualization to use for that data. This means that you don’t need to switch back and forth between Logs and Metrics modes depending on the type of query that you want to make. Grafana 7.1 includes a major change to Explore: it removes the query mode selector.

Internal links for Elasticsearch

The new internal linking feature for Elasticsearch allows you to link to other data sources from your logs. You can now create links in Elastic configuration that point to another data source (similar to an existing feature in Loki). An example would be using a trace ID field from your logs to be able to link to traces in a tracing data source like Jaeger.

Ad hoc filtering in the new table panel

Ad hoc filtering, a way to automatically add filters to queries without having to define template variables is now supported in the new Table panel.

Provisioning of apps

Grafana v7.1 adds support for the provisioning of app plugins. This allows app plugins to be configured and enabled/disabled using configuration files. 

Skedler Reports & Alerts now supports ELK 7.7.0 & Grafana 7.0.0

Now Skedler supports ELK 7.7.0 and Grafana 7.0. with all its new features in Skedler Reports v4.13.0 & Skelder Alerts v4.6.0

Features which supports Grafana 7.0 for Skelder 4.13.0

New panel editor and unified data model

The first visible change is the separated panel display settings to a right-hand side panel that you can collapse or expand depending on what your focus is on. With this change, we are also introducing our new unified option model and UI for defining data configuration and display options. A unified data configuration framework allows a single user interface to set data options through visualizations as well as to control and override all data display settings.

New tracing UI

This release provides substantial support for distributed tracing, including a telemetry mode to complement the existing metrics and log support. Traces allow you to monitor how single requests move through a distributed network. More workflows and integrations should be introduced in the future so that identification between measurements, logs, and traces is much easier.

Table panel

Grafana 7.0 comes with a new table panel (with the old one deprecated). This new table panel allows horizontal scrolling and resizing of columns. Paired with the detailed transformation of new Organize fields above you can reorder, hide & rename columns. This new panel also supports new display modes for cells, such as showing a bar gauge within a cell.

Auto grid mode for Stat panel and Gauge

This new function of 7.0 applies to the gauge and stat panels. Before, only horizontal or vertical stacking was enabled by stat and gage: The auto-layout mode only selected vertical or horizontal stacking depending on the dimensions of the panel (whatever was highest). But in 7.0 the auto layout for these two panels will allow for dynamic grid layouts where Grafana will attempt to optimize space use and map out each sub-visualization within a grid.

Features which supports ELK 7.7.0 for Skelder 4.13.0 & Skelder Alerts 4.6.0

Fixed index corruption on shrunk indices

Applying deletions or updates to the index after it has been truncated is likely to corrupt the index. We advise Elasticsearch 6.x users who opt-in for soft deletes on some of their indices and all Elasticsearch 7.x users to update to 7.7 as soon as possible so that this corruption vulnerability will no longer be applicable to them.

Significant reduction of heap usage of segments

This Elasticsearch release substantially reduces the amount of heap memory required to hold Lucene segments accessible. This helps to reduce costs, in addition to helping with cluster stability, by storing much more data per node before reaching memory limits.

Query speed-up for sorted queries on time-based indices

We optimized sorted, top-document-only queries that run on indices based on time. The optimization is due to the fact that the ranges of timestamps (document) in the shards do not overlap. This is enforced by rewriting the requests for shard searches based on partial results that are already available from other shards.

A new aggregation: top_metrics

The new top metrics aggregation “selects” a metric from a document on a given, separate field according to the requirements. At present, the criterion is the greatest or the smallest “type” value. It’s fairly close in spirit to top hits, but since it’s more constrained, top metrics uses less memory and is therefore quicker.

Skedler Single sign-on with OpenId and Azure Active Directory

Skedler supports security plugins like X-pack, open distro, search guard, Nginx, and security onion. Now our latest version of Skedler v4.12 supports SSO with OpenId Connect and Azure AD

What is SSO in Azure AD:

Single sign-on (SSO) adds security and convenience when users sign-on to applications in Azure Active Directory (Azure AD). This article describes the single sign-on methods and helps you choose the most appropriate SSO method when configuring Skedler application.

  • With single sign-on, users sign in once with one account to access domain-joined devices, company resources, software as a service (SaaS) applications, and web applications. After signing in, the user can launch applications from the Office 365 portal or the Azure AD MyApps access panel. Administrators can centralize user account management, and automatically add or remove user access to applications based on group membership.
  • Without single sign-on, users must remember application-specific passwords and sign in to each application. IT staff needs to create and update user accounts for each application such as Office 365, Box, and Salesforce. Users need to remember their passwords, plus spend the time to sign in to each application.

Choosing a single sign-on authentication method in Skedler V4.12:

There are several ways to configure Skedler application with a security plugin but we choose open distro security plugin because Open Distro for Elasticsearch gives you a comprehensive set of features to help you keep your data secure and stay compliant with regulations such as GDPR, HIPAA, PCI, and ISO. Whether you want to encrypt data-in-transit, authenticate users against Active Directory, use Kerberos or JSON web tokens for single sign-on (SSO), or monitor and log any malicious access attempts, Open Distro for Elasticsearch has you covered.

On-premises applications can use password-based, Integrated Windows Authentication, header-based, linked, or disabled methods for single sign-on.

Password-based SSO:

With password-based sign-on, users sign on to the application with a username and password the first time they access it. After the first sign-on, Azure AD supplies the username and password to the application.

Password-based single sign-on uses the existing authentication process provided by the application. When you enable password single sign-on for an application, Azure AD collects and securely stores usernames and passwords for the application. User credentials are stored in an encrypted state in the directory.

Translate »