What’s new in Elastic 9.2

Learn about Elastic 9.2 with Agent Builder, DiskBBQ, Streams, Significant Events, and more.

9.2700×420 5.1 KB

Note that some of those new features are in tech preview and hidden by default but there are feature flags to enable them.

Agent Builder

A set of AI-powered capabilities that enable developers to natively chat with their Elasticsearch data and simplify the development of custom AI agents that can achieve higher accuracy, relevance, and efficiency.

This new layer provides a framework with all the essential building blocks for creating AI Agents powered by Elasticsearch: an open set of primitives, standards‑based protocols, and secure access to data - so you can build agentic systems tailored to real-world data and requirements. For example, start to define a tool using ES|QL:

POST kbn://api/agent_builder/tools
{
  "id": "news_on_asset",
  "type": "esql",
  "description": "Find news and reports about a particular asset where ...",
  "configuration": {
    "query": "FROM financial_news, financial_reports | where MATCH(company_symbol, ?symbol) OR MATCH(entities, ?symbol) | limit 5",
    "params": {
      "symbol": {
        "type": "keyword",
        "description": "The asset symbol"
      }
    }
  ...
  }
...
}

You can optionally create your custom agent with:

POST kbn://api/agent_builder/agents
{
  "id": "custom_agent",
  "name": "My Custom Agent",
  "description": "Description of the custom agent",
  "configuration": {
      "instructions": "You are a finance specialist providing advices to your customers ...",
      "tools":  [
          {
            "tool_ids": [
              "platform.core.search",
              "platform.core.list_indices",
              "platform.core.get_index_mapping",
              "platform.core.get_document_by_id",
              "news_on_asset"
            ]
          }
        ]
...
   }
}

And then just converse with your agent:

POST kbn://api/agent_builder/converse
{
    "input": "What news about DIA?",
    "agent_id": "custom_agent"
}

Even easier, you can also use the default agent:

POST kbn://api/agent_builder/converse
{
    "input": "what is our top portfolio account?"
}

Streams

Streams brings AI-assisted parsing, intelligent logs organization, and proactive event detection into a simple, intuitive workflow, so you can focus on solving problems, not wrangling pipelines. It comes with:

• Log parsing & structuring: Turn chaotic log lines into structured, queryable data. Streams uses AI to find patterns, extract fields, and partition your logs automatically — cutting through noise before the investigation begins.
• Significant events: Start your investigations with logs. Significant Events uses agentic AI to automatically flag signals to watch, such as errors, anomalies, or certificate expirations — so you can focus on cause, not clutter.
• Agentless ingest: Ingest any logs from any source, from OpenTelemetry, Fluentd, or through Elastic's one-click integrations. You can stream directly to our /logs endpoint — no agents required.

All that powered by agentic AI: In Elastic, agentic workflows organize logs, surface significant events, and guide investigations. Combined with organizational context grounded in your knowledgebases and runbooks, fast ES|QL queries, and machine learning, agentic AI turns raw logs into a ready-to-use source of truth.

To add it to your favorite OTel collector, just add:

processors:
  transform/logs-streams:
      log_statements:
        - context: resource
          statements:
            - set(attributes["elasticsearch.index"], "logs")
exporters:
  debug:
  otlp/ingest:
    endpoint: ${env:ELASTIC_OTLP_ENDPOINT}
    headers:
      Authorization: ApiKey ${env:ELASTIC_API_KEY}

service:
  pipelines:
      logs:
        receivers: [filelog]
        processors: [batch, transform/logs-streams]
        exporters: [elasticsearch, debug]

DiskBBQ

DiskBBQ is a disk-based alternative to HNSW for kNN search on compressed vectors. It stores the vector data on disk instead of in memory, lowering RAM requirements and reducing the overall cost of vector storage and search.

To activate DiskBBQ on your index (bbq_disk), set the following mapping:

{
  "mappings": {
    "properties": {
       "image-vector": {
        "type": "dense_vector",
        "dims": 3,
        "similarity": "l2_norm",
        "index_options": {
          "type": "bbq_disk"
        }
      }
    }
  }
}

Highlights for the Elasticsearch Platform with 9.2:

ES|QL Smart Lookup Joins: Building on ES|QL enhancements from Elastic 9.1, ES|QL now enables users to match on multiple fields and expressions (including <, >, !=) and enrich rows from a lookup index — even across remote clusters!

FROM logs-*, remote:logs-* 
| LOOKUP JOIN lookup_index ON left_field1 > right_field1 AND left_field2 <= right_field2

ES|QL Time Series: Elastic 9.2 brings native time-series analysis (RATE, *_OVER_TIME, TBUCKET, TS).

TS k8s
| STATS max_rate=MAX(RATE(network.total_bytes_in)) BY time_bucket = TBUCKET(5minute)

ES|QL Smart Enrichment in Discover: Elastic 9.2 brings in-place enrichment with LOOKUP JOIN right into Discover.

Smart Enrichments950×450 29.3 KB

Background Search for Long-Running Queries: Stop fighting timeouts on complex queries. This new feature in technical preview lets users run ES|QL, KQL, or DSL queries as asynchronous jobs directly from Discover. Kick off hour-long searches across years of data without blocking your workflow, and get notified upon completion.

Discover Tabs: Context-switching turns into a single click (!), reducing cognitive load and enabling users to compare, validate, and pivot in parallel.

Start today on cloud or locally

Wanna get started on your machine in minutes with the new start-local feature? It's easy as:

curl -fsSL https://elastic.co/start-local | sh

Or start on the cloud with a free trial. Just click here.