Skip to main content

Elastic 9.2: Agent Builder, DiskBBQ, Streams, Significant Events, and more

By
Dan Courcy
image7.png

Today, we are pleased to announce the general availability of Elastic 9.2 as the latest version of the Elasticsearch Platform — the world’s most popular open source platform for unstructured data.

The world’s most popular open source platform for unstructured data
The world’s most popular open source platform for unstructured data

In addition to including new features that help developers with context engineering and agent building, Elastic 9.2 introduces a broad set of new capabilities to Search & AI, Elastic Observability, and Elastic Security.

Astute readers will note that many of the new features now available in Elastic 9.2 were already accessible via Elastic Cloud Serverless — this isn’t an anomaly! Elastic Cloud Serverless is versionless, removing the burden of version management from our customers and enabling us to ship features as soon as they are ready.

If you’re not already using Elastic Cloud Serverless, we highly encourage you to give it a try. It is the fastest way to start with the Elasticsearch Platform without having to manage clusters, nodes, or shards.

So, what’s new in Elastic 9.2?

Elastic 9.2 includes a lot of exciting new features. Some highlights include:

  • Elastic Agent Builder: A set of AI-powered capabilities that enable developers to natively chat with their Elasticsearch data and simplify the development of custom AI agents that can achieve higher accuracy, relevance, and efficiency

  • DiskBBQ: An approach to vector storage that partitions and searches compact clusters directly from disk, eliminating the need to load full indexes into memory. DiskBBQ delivers excellent query performance and ranking with significantly reduced memory requirements for large-scale datasets. Benchmarks show sub-20 ms latency even with 100 MB total memory. 
  • Streams: A set of AI-driven capabilities that enable SREs using Elastic Observability to solve problems faster by automatically parsing, compressing, and surfacing insights from unstructured data with logs

Read about these and additional highlights by solution below.

Search & AI

As developers transition from building search powered applications to augmenting existing applications with conversational AI and building more complex automations with AI agents and workflows, no platform for context engineering offers a wider, more robust set of relevance capabilities than Elasticsearch.

launch versus lunch graphic
*You* know which button to push… but will an autonomous AI agent? Relevance matters now more than ever before.

Highlights for Search & AI in 9.2:

  • Elastic Agent Builder: A set of AI-powered capabilities that enable developers to natively chat with their Elasticsearch data and simplify the development of custom AI agents that can achieve higher accuracy, relevance, and efficiency

  • DiskBBQ:Enables reading compact clusters of quantized vectors directly from disk, removing the need to load full indexes into memory. This design maintains recall and query performance while reducing memory use. Benchmarks show sub-20 ms latency even with 100 MB total memory. 
  • The (default) exclusion of vectors from source for newly created indices, helping to reduce storage overhead and improve indexing performance
  • “ELSER on EIS”: Elastic Learned Sparse EncodeR (ELSER), Elastic’s out-of-the-box sparse vector model for search relevance, is now the first text-embedding model available via EIS, Elastic’s new GPU-accelerated inference service on Elastic Cloud — delivering industry-leading relevance and performance with significantly more cost-effective inference operations.

Find more details in the blogs linked above and in the Search & AI 9.2 release notes.

Elastic Observability

Resolving incidents requires SREs to answer the questions of both “what” and “why” — answers that require an analysis of logs. But the volume of logs and their unstructured nature often creates significant operational overhead. Elastic 9.2 provides a remedy by moving beyond signal collection to enable proactive, log-driven investigations. To achieve this, we are introducing Streams, a new capability that uses AI to impose structure and extract value from your data. By automatically parsing raw logs, enriching them with meaningful fields, and identifying Significant Events, Streams provides a clear, actionable path to the root cause. 

With these new capabilities, the Elasticsearch Platform continues to enable SREs to maximize the potential value of their structured and unstructured data — reducing time spent on pipeline management, accelerating analysis, and, most importantly, enabling SREs to focus on what matters most: ensuring system reliability.

It’s easier than ever to get more value from raw signals with Streams.
It’s easier than ever to get more value from raw signals with Streams.

Highlights for Elastic Observability in 9.2:

  • Streams: A set of AI-driven capabilities that enable SREs using Elastic Observability to solve problems faster by automatically parsing, compressing, and surfacing insights from unstructured data with logs.
  • Significant metrics enhancements: Key capabilities like new time series commands in ES|QL deliver queries up to 10x faster while an interactive Discover experience simplifies metric exploration and visualization with auto-generated queries. Additionally, a new OTLP metrics endpoint boosts ingest throughput by up to 60%, improving performance for both Elastic Cloud and self-managed deployments.

Find more details in the blogs linked above and in the Elastic Observability 9.2 release notes.

Elastic Security

Change is the only constant, and Elastic’s 2025 Global Threat Report proves this. For example, we know that adversaries are prioritizing immediate payload delivery over initial evasion, and of course, AI is lowering the bar for cybercrime. The good news is the Elasticsearch Platform provides everything security engineers need to build an AI-powered SOC.

Chat Sharing
Chat Sharing enables analysts to share Elastic AI Assistant conversations across their organization more easily.

Highlights for Elastic Security in 9.2:

  • Automatic Migration for Dashboards (in technical preview) significantly reduces onboarding time by helping users migrate custom dashboards from Splunk to Elastic.
  • Automatic Migration for Detection Rules is now generally available to enable users to specify their preference to match Elastic rules or perform custom rules translations. Users will also now be able to update partially translated rules that have a missing index pattern in bulk.
  • Chat Sharing streamlines collaboration by making it easier for analysts to share valuable AI Assistant conversations across their organization — all while ensuring proper attribution and security controls.
  • Several endpoint focused features like Device Control empower security teams to define and enforce policies that govern the use of storage devices. Additionally, Elastic Defend Detection and Response Dashboard provides out-of-the-box visibility into endpoint detection activity.

Find more details about these features and several updates to Cases in the Elastic Security 9.2 release notes.

The Elasticsearch Platform

With each new release, the Elasticsearch Platform is helping developers and practitioners of all types bridge the gap between enterprise data and high-quality AI experiences. Whether we’re bolstering the performance of the world’s best datastore for unstructured data or extending our lead when it comes to providing the most important part of search and retrieval (relevance!), all users win when there are enhancements to the core platform.

Highlights for the Elasticsearch Platform with 9.2:

  • ES|QL Smart Lookup Joins: Building on ES|QL enhancements from Elastic 9.1, ES|QL now enables users to match on multiple fields and expressions (including <, >, !=) and enrich rows from a lookup index — even across remote clusters!

  • ES|QL Time Series & Smart Enrichment in Discover: Elastic 9.2 brings native time-series analysis (RATE, *_OVER_TIME, TBUCKET, TS) and in-place enrichment with LOOKUP JOIN right into Discover.
  • Discover Tabs: Context-switching turns into a single click (!), reducing cognitive load and enabling users to compare, validate, and pivot in parallel.
  • Background Search for Long-Running Queries: Stop fighting timeouts on complex queries. This new feature in technical preview lets users run ES|QL, KQL, or DSL queries as asynchronous jobs directly from Discover. Kick off hour-long searches across years of data without blocking your workflow, and get notified upon completion.

Find more details in the blogs linked above and in the Elasticsearch Platform 9.2 release notes.

In case you missed it…

AutoOps is now available for self-managed customers with an Enterprise license at no additional cost. AutoOps simplifies cluster management with zero additional overhead. The first in a roadmap of Elastic Cloud Connected services for self-managed environments, it runs through a lightweight integration that securely streams operational metadata, such as shard allocations, query latencies, and node utilization to Elastic Cloud. The cloud-powered service processes this telemetry to deliver self-managed customers real-time issue detection and suggestion resolutions, while the underlying customer data never leaves the self-managed deployment.

And, some additional good news, AutoOps uses a lightweight agent and is compatible with all releases starting with Elastic 7.17 and up.

Start today

Ready to get started? 

Elastic 9.2 is now available on Elastic Cloud — the hosted Elasticsearch service that includes all of the new features in this latest release.

The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.

In this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use. 

Elastic, Elasticsearch, and associated marks are trademarks, logos or registered trademarks of Elasticsearch B.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.

Sign up for Elastic Cloud free trial

Spin up a fully loaded deployment on the cloud provider you choose. As the company behind Elasticsearch, we bring our features and support to your Elastic clusters in the cloud.

Start free trial