Elastic Delivers New ES|QL Features for Cross-Cluster Scale, Data Enrichment, and Performance

SAN FRANCISCO--(BUSINESS WIRE)--Elastic (NYSE: ESTC), the Search AI Company, today announced a major update to the Elasticsearch Query Language (ES|QL) in Elasticsearch 8.19 and 9.1, bringing advanced data enrichment, improved resilience, and significant performance gains across petabyte-scale environments.

Already in use on over 10,000 clusters each week, ES|QL now supports enterprise-grade use cases with the general availability of LOOKUP JOIN and Cross-Cluster Search (CCS), a new default setting for partial results, enhanced query observability, alongside more than 30 additional internal improvements that further reduce latency and resource usage across large-scale environments.

“With today’s release, ES|QL becomes even more powerful, observable, and fault-tolerant out of the box,” said Ajay Nair, general manager, Platform at Elastic. “Whether you're correlating live security data or running distributed queries across global clusters, these enhancements help developers move faster with more confidence.”

Production-Ready Data Enrichment with LOOKUP JOIN General Availability

LOOKUP JOIN is now generally available, simplifying data correlation across indexes without requiring data denormalization or complex client-side joins. It enables dynamic enrichment scenarios, such as merging security logs with employee directories or threat intelligence data, all within a single piped ES|QL query.

New capabilities include:

• Mixed-type joins: Seamless joins on compatible numeric types (e.g., long with integer)
• Index alias support: Cleaner, more flexible queries using alias targets
• High-precision joins: Full support for date_nanos for high-frequency or financial data use cases

Cross-Cluster Search (GA) for ES|QL

ES|QL now supports Cross-Cluster Search, allowing users to query petabytes of data across geographically distributed Elasticsearch clusters — breaking down silos between workloads such as observability, security, and operational telemetry.

Built-In Resilience and Fault Tolerance

A new allow_partial_results setting (enabled by default) allows queries to complete even when some shards are temporarily unavailable. ES|QL also retries failed shard-level operations automatically — improving stability during rolling upgrades or transient node failures.

Real-time Observability and Query Monitoring

• Query Logs: Persist logs for all ES|QL queries, enabling usage trend analysis and troubleshooting
• Live Query Monitoring (Tech Preview): A new API lets users see currently running queries and inspect detailed profiling data for debugging and optimization

Smarter, Faster, More Efficient Execution

The 8.19 and 9.1 releases include over 30 performance and resource optimizations, including:

• Aggressive pushdowns to Lucene for faster filtering (up to 86x speedup for some operations)
• Smarter query planning, prioritizing hot data tiers and optimizing resource usage
• Reduced memory and CPU usage in operations like REPLACE, TO_IP, and data serialization

To get started and learn more about the above enhancements and even more that are being released with 8.19 and 9.1, read the Elastic blog.

About Elastic

Elastic (NYSE: ESTC), the Search AI Company, integrates its deep expertise in search technology with artificial intelligence to help everyone transform all of their data into answers, actions, and outcomes. Elastic's Search AI Platform — the foundation for its search, observability, and security solutions — is used by thousands of companies, including more than 50% of the Fortune 500. Learn more at elastic.co.

Elastic and associated marks are trademarks or registered trademarks of Elasticsearch BV and its subsidiaries. All other company and product names may be trademarks of their respective owners.