Elastic Delivers New ES|QL Features for Cross-Cluster Scale, Data Enrichment, and Performance

New capabilities enhance ES|QL with production-ready lookup joins, cross-cluster query execution, observability, and over 30 performance optimisations

Artificial Intelligence | Data Management | Product Development

Posted: Thursday, Jul 31

KBI.Media
$
Elastic Delivers New ES|QL Features for Cross-Cluster Scale, Data Enrichment, and Performance

Elastic Delivers New ES|QL Features for Cross-Cluster Scale, Data Enrichment, and Performance

Elastic (NYSE: ESTC), the Search AI Company, today announced a major update to the Elasticsearch Query Language (ES|QL) in Elasticsearch 8.19 and 9.1, bringing advanced data enrichment, improved resilience, and significant performance gains across petabyte-scale environments.

Already in use on over 10,000 clusters each week, ES|QL now supports enterprise-grade use cases with the general availability of LOOKUP JOIN and Cross-Cluster Search (CCS), a new default setting for partial results, enhanced query observability, alongside more than 30 additional internal improvements that further reduce latency and resource usage across large-scale environments.

“With today’s release, ES|QL becomes even more powerful, observable, and fault-tolerant out of the box,” said Ajay Nair, general manager, Platform at Elastic. “Whether you’re correlating live security data or running distributed queries across global clusters, these enhancements help developers move faster with more confidence.”

Production-Ready Data Enrichment with LOOKUP JOIN General Availability

LOOKUP JOIN is now generally available, simplifying data correlation across indexes without requiring data denormalisation or complex client-side joins. It enables dynamic enrichment scenarios, such as merging security logs with employee directories or threat intelligence data, all within a single piped ES|QL query.

New capabilities include:

Mixed-type joins: Seamless joins on compatible numeric types (e.g., long with integer)
Index alias support: Cleaner, more flexible queries using alias targets
High-precision joins: Full support for date_nanos for high-frequency or financial data use cases

Cross-Cluster Search (GA) for ES|QL

ES|QL now supports Cross-Cluster Search, allowing users to query petabytes of data across geographically distributed Elasticsearch clusters — breaking down silos between workloads such as observability, security, and operational telemetry.

Built-In Resilience and Fault Tolerance

A new allow_partial_results setting (enabled by default) allows queries to complete even when some shards are temporarily unavailable. ES|QL also retries failed shard-level operations automatically — improving stability during rolling upgrades or transient node failures.

Real-time Observability and Query Monitoring

Query Logs: Persist logs for all ES|QL queries, enabling usage trend analysis and troubleshooting
Live Query Monitoring (Tech Preview): A new API lets users see currently running queries and inspect detailed profiling data for debugging and optimisation

Smarter, Faster, More Efficient Execution

The 8.19 and 9.1 releases include over 30 performance and resource optimisations, including:

Aggressive pushdowns to Lucene for faster filtering (up to 86x speedup for some operations)
Smarter query planning, prioritising hot data tiers and optimising resource usage
Reduced memory and CPU usage in operations like REPLACE, TO_IP, and data serialistion

To get started and learn more about the above enhancements and even more that are being released with 8.19 and 9.1, read the Elastic blog.