Elastic 7.9 released

Version 7.9 of the Elastic Stack has been released! The release contains mainly Stack-oriented features, with some new components in the free tier (tease!).

There are some features in Elasticsearch 7.9 I’m reviewing but the main feature that got my attention is the new wildcard field type.

Wildcard queries can be expensive

I’ve seen wildcard queries cause mayhem in a cluster. A leading wildcard (*) in a query seems like an innocent thing to do but Lucene can’t execute it efficiently. CPU utilization will spike on any node running the query.

These inefficiencies can be mitigated by using an n-gram tokenizer so a leading wildcard isn’t required. It appears that this isn’t common knowledge, so Elastic have implemented the ability for this to be done automatically with the new wildcard field type.

I’m having an experiment with this new field type and will post my thoughts soon.

Other interesting features

There are some new aggregation types, and an entirely new query language called EQL. Elastic are doing a lot of work to make themselves useful in the security sector, following their acquisition of Endgame last year.

Data streams also looks like something that could be incredibly useful in some scenarios.

I’m still hoping for…

I’m still waiting for (hoping for) changes to the enrich processor, and at least a plan for the Changes API.

© 2018 - 2025
All content on this site is my own and does not necessarily reflect the views of any of my employers or clients, past or present.
Built with Hugo
Theme based on Stack originally designed by Jimmy, forked by George Bridgeman