Siren Federate

Siren Federate is a plugin extension for Elasticsearch that adds cluster-distributed and highly optimized cross-index and cross-back end data joins.

These capabilities are exposed by Siren Federate as an extended Elasticsearch API that is backward compatible with the Elasticsearch and Kibana plugin ecosystem.

Siren Federate makes full use of your current systems with the ability to translate analytic and join queries to the language supported by your existing databases and big data infrastructure, or transparently using in-Siren-cluster-nodes memory joins as required.

Version compatibility

Since Siren 10.3, users can upgrade to a newer Investigate version without having to upgrade their Elasticsearch and Federate backend. Upgrading the backend is a complex procedure as the Elasticsearch version has to be upgraded with every major/minor Federate release. By removing the dependence on a specific backend, users can benefit from new advanced features by upgrading to the latest Investigate version, without the complexity of a simultaneous Federate/Elasticsearch upgrade.

Each Investigate version now supports several Elasticsearch/Federate versions in the following way:

  • Minimum supported Elasticsearch/Federate version - runs the set of Siren features compatible with the Elasticsearch version used. This includes all the features available in Siren 10.1, and all the features in 10.2 except Data Reflection, Neo4j Support, Ingestion, and Export/Scroll API.

  • Feature complete Elasticsearch/Federate version - runs all current Siren features

  • Target Elasticsearch/Federate version - runs all current Siren features and, being the most up-to-date version, is recommended in most cases

Siren 10.4 compatibility

Compatibility Level Federate Version


5.6.10 - 10.1.1

Feature Complete

6.8.0 - 10.3.0


6.8.6 - 10.3.4

Documentation for each version of Federate is available here: