What’s new in Elastic 8.17

:tada: What’s new in Elastic 8.17

Learn about Elastic 8.17 with logsdb now in GA, the new Elastic rerank model and full-text search support for ES|QL.

LogsDB (basic)

With the general availability of the Elasticsearch specialized logsdb index mode, Elastic has dramatically reduced the storage footprint of log data in Elasticsearch by up to 65%. This allows you to store more observability and security data without exceeding your budget while keeping all data accessible and searchable.

Logsdb index mode enables index sorting and advanced compression techniques like ZSTD, delta encoding, and run-length encoding. And with Elastic Cloud Serverless or the enterprise level license, you will get even more compression with synthetic_source. Refer to the subscription page for Elastic Cloud and Elastic Stack/self-managed for the breakdown of available features and their associated subscription tiers.

To activate this mode, you need to set index.mode to logsdb.

PUT _index_template/my-index-template
{
  "index_patterns": ["logs-*"],
  "data_stream": { },
  "template": {
     "settings": {
        "index.mode": "logsdb" 
     }
  },
  "priority": 101 
}

Elastic Rerank model (enterprise)

Reranking models provide a semantic boost to any search experience without requiring a change in the schema of your data. This gives you room to explore other relevance tools for semantic relevance on your own time and within your budget.

8.17 provides a semantic boost for full-text search with a highly performant and efficient semantic reranking model. The technical preview of Elastic Rerank model — in addition to the ability to integrate with third-party models for semantic reranking — makes it much easier to get started with relevance tuning.

The Elastic Rerank model is in technical preview. You can use it by creating an inference endpoint:

PUT _inference/rerank/elastic-rerank
{
    "service": "elasticsearch",
    "service_settings": {
        "model_id": ".rerank-v1",
        "num_allocations": 1,

        "num_threads": 1
    }
}

And then use it this way:

GET retrievers_example/_search
{
  "retriever": {
    "text_similarity_reranker": {
      "retriever": {
        "rrf": {
          "retrievers": [
            {
              "standard": { "query": { "sparse_vector": {
                    "field": "vector.tokens", "inference_id": ".elser-2-elasticsearch",
                    "query": "Cobrai Kai was a homage to the greatest movie of all time!"
            }}}},
            {
              "knn": {
                "field": "vector", "query_vector": [ 0.23, 0.67, 0.89 ],
                "k": 3, "num_candidates": 5
              }
            }
          ],
          "rank_window_size": 10,
          "rank_constant": 1
        }
      },
      "field": "text",
      "inference_id": "elastic-rerank",
      "inference_text": "Which show continues the awesomeness of Karate Kid, the 1984 movie?"
    }
  },
  "_source": [ "text", "topic" ]
}

You can read more details about the performance and efficiency of this new model on search labs.

Full-text search for ES|QL (basic)

The technical preview of new MATCH and query string (QSTR) functions in ES|QL makes log searches easier and more intuitive. MATCH delivers full-text search functionality in ES|QL using a Lucene match query, while QTSR aids in more advanced filtering of log data by enabling Lucene query string queries.

Some examples:

FROM books
| WHERE MATCH(author, "Faulkner")
| KEEP book_no, author
| SORT book_no
| LIMIT 5

Or

FROM books
| WHERE QSTR("author: Faulkner")
| KEEP book_no, author
| SORT book_no
| LIMIT 5

Start today on cloud or locally

Wanna get started on your machine in minutes with the new start-local feature? It's easy as:

curl -fsSL https://elastic.co/start-local | sh

Or start on the cloud with a free trial. Just click here.