DevRel newsletter — November 2025

November 20, 2025

Hello from the Elastic DevRel team! In this newsletter, we cover Elastic 9.2, complimentary on-demand trainings, the latest blogs and videos, and upcoming events.

What’s new?

Elastic 9.2 just landed, and it’s a chunky one:

Agentic workflows in Kibana
AI-assisted log pipelines
A new on-disk vector index
Quality-of-life upgrades in Discover

Elastic Agent Builder: Chat, tools, and agents in Kibana

Spin up AI agents that can chat over your Elasticsearch data and call tools that you define, such as ES|QL, built-ins like list indices, and get mapping. You can create tools, compose them into agents, and then converse either with your custom agent or the default. Some features are in tech preview and hidden behind flags.

Why you’ll care: It’s a native, standards-based (Model Context Protocol, or MCP) way to build task-oriented agents without duct tape.

POST kbn://api/agent_builder/tools
{
  "id": "news_on_asset",
  "type": "esql",
  "description": "Find news for a ticker",
  "configuration": {
    "query": "FROM financial_news | WHERE MATCH(entities, ?symbol) | limit 5",
    "params": { "symbol": { "type":"keyword" } }
  }
}

Wire it into an agent and chat with it in Kibana:

POST kbn://api/agent_builder/converse
{ "input": "What news about DIA?", "agent_id": "custom_agent" }

Or, bring it to your MCP client, such as Claude Desktop, Cursor, and VS Code.

{
  "mcpServers": {
    "elastic-agent-builder": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "${KIBANA_URL}/api/agent_builder/mcp",
        "--header",
        "Authorization:${AUTH_HEADER}"
      ],
      "env": {
        "KIBANA_URL": "${KIBANA_URL}",
        "AUTH_HEADER": "ApiKey ${API_KEY}"
      }
    }
  }
}

For more information, please follow the documentation.

Streams: AI-assisted logs that organize themselves

Streams uses AI to parse and structure raw logs, partition them, and surface Significant Events, so you start investigations with the most relevant signals. It works with OpenTelemetry, Elastic Agent, Filebeat, Logstash, Fluentd, and more. And you can stream straight to the /logs endpoint to have agentless ingestion. It comes with:

Log parsing and structuring: Turn log lines into structured, queryable data. Streams uses AI to find patterns, extract fields, and partition your logs automatically, reducing noise before the investigation begins.
Significant Events: Start your investigations with logs. Significant Events automatically flags signals to watch, such as errors, anomalies, or certificate expirations, so that you can focus on what matters.
Agentless ingest: Ingest any logs from any source, OpenTelemetry, Fluentd, or through Elastic's one-click integrations. You can stream directly to our /logs endpoint — no agents required.

All of it is powered by agentic AI. In Elastic, agentic workflows organize logs, surface significant events, and guide investigations. They’re combined with organizational context grounded in your knowledge bases and runbooks, fast ES|QL queries, and machine learning.

Quick OTel hint (processor and exporter sketch):

processors:
  transform/logs-streams:
    log_statements:
      - context: resource
        statements:
          - set(attributes["elasticsearch.index"], "logs")
exporters:
  otlp/ingest:
    endpoint: ${env:ELASTIC_OTLP_ENDPOINT}
    headers:
      Authorization: ApiKey ${env:ELASTIC_API_KEY}
service:
  pipelines:
    logs:
      receivers: [filelog]
      processors: [batch, transform/logs-streams]
      exporters: [elasticsearch, debug]

DiskBBQ: Vector search, but your RAM chills

DiskBBQ is a disk-based alternative to HNSW for kNN on compressed vectors. It keeps vectors on disk, which minimizes RAM needs while preserving recall and speed on large datasets. Enable it per-field with index_options.type=bbq_disk.

{
  "mappings": {
    "properties": {
      "image-vector": {
        "type": "dense_vector",
        "dims": 512,
        "similarity": "l2_norm",
        "index_options": { "type": "bbq_disk" }
      }
    }
  }
}

Platform highlights in 9.2

ES|QL Smart Lookup Joins
ES|QL time series
Smart enrichment in Discover
Background search (tech preview)
Discover Tabs

ES|QL Smart Lookup Joins: Match on multiple fields and expressions, (<, >, !=) and enrich from a lookup index even across remote clusters.

FROM logs-*, remote:logs-* 
| LOOKUP JOIN lookup_index ON left_field1 > right_field1 AND left_field2 <= right_field2

ES|QL time series: Native RATE, *_OVER_TIME, TBUCKET, TS make time-series queries more direct.

TS k8s
| STATS max_rate=MAX(RATE(network.total_bytes_in)) BY time_bucket = TBUCKET(5minute)

Smart enrichment in Discover: Run LOOKUP JOIN inline as you explore.

Background search (tech preview): Kick off long ES|QL, KQL, or DSL queries as async jobs from Discover, and get notified when they’re done.

Discover Tabs: Painless context switching and side-by-side comparisons.

Blogs, videos, and interesting links

On-demand Elastic trainings: Pick one of the Elastic trainings by logging in or signing up, and then select the course type “On-Demand” to launch it at no cost.
Context engineering: Learn how to use Mistral Chat completions in Elasticsearch to ground large language model (LLM) responses with Ugo Sangiorgi. Explore the impact of relevance in context engineering for AI agents with Joseph McElroy.
Streams: Bahubali Shetti and Luca Wintergerst introduce Streams for Observability. Kevin Lacabane explores how Streams simplifies retention management in Elasticsearch.
Agentic AI: Join Enrico Zimuel and Florian Bernd as they explain how to use Microsoft Agent Framework with Elasticsearch to build a simple agentic app in Python and .NET.
Multilingual embeddings: Discover how to deploy an e5 multilingual embedding model for vector search and cross-lingual retrieval, and improve its relevance with Quynh Nguyen.
Security: Charles Davison expedites SIEM migration with Automatic Migration for Dashboards. Brixton Pizzuti elevates public sector cyber defense with AI-powered threat hunting.

Check out these videos:

Introducing Elastic Agent Builder: The best context and tools for your agentsby Iulia Feroli
How to instrument front-end web applications with OpenTelemetry and Elastic observabilityby Carly Richmond
How to use the Elasticsearch Synonym API to improve search accuracybyTomás Murúa
Search AI with autotune: Showcasing agentic search O11y autotune by James Williams

Featured blogs and projects from the community:

Electronic health record queries with Elasticsearch by Joey Whelan
Range query and query ranges in Elasticsearch by Tomasz Dzierżanowski
Elasticsearch: Mastering indexing, analyzers, and hybrid search by IBM Developer

Upcoming events

Elastic{ON} Tour, the one-day Elastic conference series around the world, is back. Register and join us in:

Silicon Valley (security and observability focused) — January 22, 2026
Paris — January 27, 2026
London — February 26, 2026
São Paulo — March 5, 2026
Sydney — March 5, 2026
Singapore — March 17, 2026
Washington, D.C. — March 19, 2026
Tokyo — March 19, 2026

And we’d like to have a good representation of the Elastic Community on stage. Submit your ideas even if they’re still a bit raw — we're happy to iterate on them with you.

Join your local Elastic User Group chapter for the latest news on upcoming events! You can also find us on Meetup.com and Luma. If you’re interested in presenting at a meetup, send an email to [email protected].

The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.