The first pre-release of Elasticsearch and the Elastic Stack 9.0.0 is available: 9.0.0-beta1
Give it a try, let us know what works and what doesn't, and please don't use it in production (yet ).
And the easiest way to try it out today is through start-local: curl -fsSL https://elastic.co/start-local | sh -s -- -v 9.0.0-beta1
We'll dive into more features in the following (pre-) releases but here is an overview of what's now available in ES|QL, the new piped query language.
1. Lookup Joins
Lookup joins, a highly requested feature, are the first of many planned join commands. These joins function like SQL LEFT OUTER JOINs, enabling the direct joining of data or event streams with lookup indexes. The ES|QL editor suggests lookup indexes and conditions to expedite query construction.
2. KQL Filtering Inside ES|QL Queries
KQL filtering, the Kibana Query Language, is integrated within ES|QL queries. This integration allows for the combination of KQL's expressive filtering capabilities with ES|QL's transformation features, resulting in faster query execution and improved precision.
3. Inference API, MATCH & More
Semantic search is expanded with access to the Inference API, enabling more accurate AI-driven search experiences. The MATCH command now supports a wider range of field types, query parameters, and optimizations for enhanced accuracy.
4. New Functions and Commands for Statistical Analysis
The Standard Deviation function is natively available in ES|QL. A new categorization function automatically groups similar log messages to highlight patterns. Additionally, a failure store for debugging purposes is introduced to store query failures, facilitating pattern analysis and improved reliability.
5. Performance Enhancements
ES|QL includes several internal improvements to enhance query performance: acceleration of case-insensitive matching using TO_UPPER/TO_LOWER pushdowns, smarter field capabilities detection for optimized query execution, and memory reductions for faster response times and lower resource usage.