X-Pack advanced features are the commercial features developed by the open source Elasticsearch team based on the X-Pack commercial plug-in. The features include security, SQL plug-in, machine learning, alerting, and monitoring. These features enhance the service capabilities of open source Elasticsearch in terms of application development and O&M management. Alibaba Cloud Elasticsearch provides editions that support the advanced features. You can purchase the features when you create a cluster. This topic describes the detailed information of these features.

Purchase guideline

Log on to the Alibaba Cloud Elasticsearch console and click Create on the Elasticsearch Clusters page. For more information, see Create an Alibaba Cloud Elasticsearch cluster.

Only Alibaba Cloud Elasticsearch clusters of the Standard Edition support the advanced features. The following table lists the related information of the Standard Edition.

Item Standard Edition
Whether X-Pack is included Yes
Whether all X-Pack features are provided Yes
Note In addition to X-Pack advanced features, Alibaba Cloud Elasticsearch clusters of the Standard Edition provide features such as O&M management, security, plug-ins, and high availability. For more information, see Alibaba Cloud Elasticsearch clusters of the Standard Edition.

Feature description

This section describes only a few commonly used advanced features. For more information about all the X-Pack advanced features, see Elastic Stack subscriptions and X-Pack APIs.

Notice The X-Pack advanced features provided by Elastic Stack differ in various editions, such as FREE AND OPEN, GOLD, and PLATINUM. Alibaba Cloud subscribes to Elasticsearch of the PLATINUM edition. For more information about the comparisons between new features provided in the FREE AND OPEN edition and new features provided in the GOLD edition, see Elastic Stack subscriptions.
Feature Description
Security Manages indexes and fields in a decentralized manner and strictly controls access permissions to improve data security.
Machine learning Monitors data in real time, provides the auto alerting feature, and reports alerts.
Monitoring Monitors objects, such as clusters, nodes, and indexes, in real time to improve development efficiency and reduce O&M costs.
SQL plug-in
  • Implements full-text searches and statistical analysis on Elasticsearch data based on traditional SQL databases.
  • Supports access methods such as CLI and REST. In the PLATINUM edition, the SQL plug-in also supports the Java Database Connectivity (JDBC) method.
  • Seamlessly integrates with original business systems, which reduces the costs for learning new techniques.
Note In the FREE AND OPEN edition, other SQL plug-ins are integrated. For more information, see elasticsearch-sql.

Some features provided by open source Elasticsearch

Alibaba Cloud Elasticsearch clusters of the Standard Edition support the following open source Elasticsearch features. For more information about the features, see Elastic Stack features. Due to the rapid iteration of open source Elasticsearch versions, the features supported by each version are constantly updated. For more information about the features supported by each version, see Version comparisons.

Category Subcategory Feature
Management and operations Scalability and resiliency Clustering and high availability
Automatic node recovery
Automatic data rebalancing
Horizontal scalability
Rack awareness
Cross-cluster replication
Cross-data center replication
Monitoring Full stack monitoring
Multi-stack monitoring
Configurable retention policy
Automatic alerts on stack issues
Management Index lifecycle management
Data tiers
Frozen indexes
Snapshot creation and data restoration
Searchable snapshots
Source-only snapshots
Snapshot lifecycle management
Data rollup
Data streams
CLI tools
Upgrade assistant UI
Upgrade assistant APIs
User and role management
Alerting Highly available, scalable alerting
Alerting UI
Stack security Security settings
Encrypted communications
Support for encryption at rest
Role-based access control (RBAC)
Field- and document-level security
Audit logging
IP address filtering
Security realms
Single sign-on (SSO)
Third-party security integration
Clients RESTful APIs
Language clients
SQL plug-in
Event query language (EQL)
JDBC client
ODBC client
Data collection and enrichment Data sources Operating systems
Web servers and proxies
Data repositories and queues
Cloud services
Network data
Security data
Running status data
File import
Data enrichment Processors
Language analyzers
Field transformation
External lookups
Match enrich processor
Geo-match enrich processor
Modules and integrations Clients and APIs
Community shippers
Plug-ins and integrations
Data storage Flexibility Data types
Full-text searches
Document databases
Time series and analysis
Security Support for encryption at rest
Field-level security
Management Clustered indexes
Snapshot creation and data restoration
Index rollup
Search and analysis Full-text searches Inverse indexes
Cross-cluster searches
Relevance scoring
Query DSL
Asynchronous searches
Automatic completion
Spelling checks and corrections
Query optimizer
Permissions-based search results
Query cancellation
Analytics Aggregations
Graph searches
Threshold-based alerting
Machine learning Inference
Forecasting on time series
Anomaly detection on time series
Alerting on anomalies
APM APM server
APM agents
APM applications
Distributed tracing
Service maps
Visualization Dashboards
Kibana Lens
Time Series Visual Builder (TSVB)
Graph analysis
Geospatial analysis
Container monitoring
Kibana plug-ins
Data import tutorial
Maps Map layers
Custom area maps
GeoJSON upload
Elastic logs Log shipper
Log dashboards
Detection on log rate anomalies
Elastic metrics Metric shipper
Metric dashboards
Uptime Uptime monitoring
Uptime dashboards
Certificate monitoring
Synthetic monitoring
Security analysis Common schema
Security analysis
Timeline events
Case management
Anomaly detection