Elastic Stack (X-Pack)

Last updated: 2020-02-27 12:09:19



Elastic Stack (formerly X-Pack) features are Elasticsearch's official commercial features, including security, SQL, alerting, machine learning, and monitor. It helps Elasticsearch service application development and operations. ES offers editions that come with such features, which you can select when purchasing and creating a cluster. The features in different editions are detailed below.

Purchase Guide

As shown in the figure above, there are options for the Elastic Stack advanced features on the ES purchase page. ES offers three editions that have different Elastic Stack features as follows:

Item Basic Platinum Open Source
X-Pack included
X-Pack completeness Partial All None

Purchase Suggestions
In order to be able to use more advanced features in ES, we recommend that you choose the Platinum Edition when you create a cluster. The specific features and differences of each edition are detailed below. For pricing information, see Pricing.

Elastic Stack Overview

This document describes some of the commonly used Elastic Stack features. For more information, see Elasticsearch's official Elastic Stack and API documentation.

  • Some features vary by editions (Basic, Platinum, and Open Source). For the specific differences, see the descriptions in this document.
  • Security, alerting, and machine learning are only available in the Platinum Edition.
  • Security
    This feature supports refined read/write permission control at the index and field levels and effectively protects data security by enabling data security protection and business access isolation, granting access to the right people, and preventing malicious attacks and data leakage.
  • Machine learning
    In the application scenario of custom data alerting, it is sometimes difficult to set rules and thresholds to define the changes. In this case, the trend in data changes and reasonable fluctuation range can be predicted by the unattended machine learning feature, and when the data deviates from the normal trend, alarms will be triggered and notifications sent.

Monitoring and SQL are only available in the Platinum Edition and Basic Edition. However, in terms of SQL support, the Open Source Edition integrates with other SQL plugins. For more information, see elasticsearch-sql.

  • Monitor
    Monitoring information can be comprehensively collected at multiple levels such as cluster, node, and index, helping you understand the cluster operations in real time and facilitating your application development and OPS.
  • SQL
    This feature makes full-text search and statistical analysis of Elasticsearch data possible through traditional database SQL tools. CLI and REST access methods are supported. The Platinum Edition further supports JDBC connection. This feature enables you to seamlessly connect ES with your existing business systems and thus reduces your learning costs for new technologies.

Detailed Comparison among Editions

This section compares some of the key features in each edition. For a complete feature comparison, see Elasticsearch's official Elastic Edition Feature Descriptions.

In the table below, ⚫, ◑, and - are used to indicate the feature completeness. ⚫: all; ◑: partial; -: none.

Module Feature Open Source Basic Platinum
Elasticsearch Scalability and resiliency partial partial all
Query and analytics partial partial all
Data enrichment all all all
Management and tooling partial partial all
Security none none all
Machine Learning none none all
Kibana Explore and visualize partial partial all
Stack management and tooling partial partial all
Stack monitor none partial all
Share and collaborate partial partial all
Security none none all
Machine Learning none none all
Beats Data collection partial partial all
Data shipping partial partial all
Module partial partial all
Monitoring and management none partial all
Logstash Data collection all all all
Data enrichment all all all
Data shipping all all all
Module partial all all
Monitoring and management none partial all
ELASTIC APM APM server all all all
APM agents all all all
APM dashboards in Kibana all all all
APM UI none all all
Distributed tracing none all all
Machine learning integration none none all
ELASTIC Logs Log shipper(Filebeat) all all all
Dashboards for common data sources all all all
Logs UI none all all
ELASTIC Infrastructure Metric shipper (Metricbeat) all all all
Dashboards for common data sources all all all
Infrastructure UI none all all
ELASTIC Uptime Uptime monitor (Heartbeat) all all all
Uptime dashboards in Kibana all all all
Uptime UI none all all

Detailed descriptions of certain Elasticsearch features:

In the table below, ✓ means the feature is available, - not available.

Elasticsearch Feature Module Item Open Source Basic Platinum
Management and Tooling REST API
Language clients
_source only snapshot -
SQL interpreter CLI -
Data rollups -
Index lifecycle management -
Frozen indices -
Upgrade Assistant APIs -
JDBC client - -
ODBC client - -
Security Encrypted communications -
Role-based access control -
File and native authentication -
Audit logging - -
Attribute-based access control - -
Field- and document-level security - -
Machine Learning Anomaly detection on time series - -
Population/entity analysis - -
Log message categorization - -
Root cause indication - -
Alerting on anomalies - -
Forecasting on time series - -