What’s New in Elasticsearch 9.0: Key Innovations in Search, Observability, and Security 

Insights, News / Elasticsearch, Enterprise AI, Insight Engine, News

Elasticsearch 9.0 is finally GA, and it’s packed with powerful new features that push the boundaries of search, observability, and AI-driven analytics. Whether you’re building semantic search applications, managing massive datasets, or monitoring LLM performance, this release delivers innovations designed to meet modern data challenges head-on.

Here’s a breakdown of the most impactful updates in Elasticsearch 9.0 from our perspective: 

Better Binary Quantization (BBQ) – Now Generally Available 

One of the standout features in Elasticsearch 9.0 is the GA release of Better Binary Quantization (BBQ), Elastic’s proprietary vector quantization technique. Purpose-built for blazing-fast semantic search, BBQ achieves: 

  • Up to 5x faster query speed 

  • 3.9x higher throughput across all recall levels 

  • No loss in accuracy 

Unlike traditional methods, BBQ performs a full index scan using a lightweight predictor vector, oversamples potential matches, and reranks the results using a larger vector — all handled seamlessly through a simplified API. Developers can now fine-tune the oversampling rate and let Elasticsearch take care of the rest. 

ES|QL Joins and Real-Time Query Enhancements 

Elasticsearch Query Language (ES|QL) continues to evolve as a powerful analytical query language and now supports join, which is somewhat the holy grail of search and data analytics. In version 9.0, it now supports: 

  • LOOKUP JOINs for real-time cross-index and cross-dataset queries 

  • Partial query results for long-running queries 

  • Advanced text grouping functions 

  • KQL filters for flexible, expressive filtering 

Together, these enhancements make ES|QL a formidable tool for interactive and scalable data exploration. 

Lucene upgrade to 10 

Under the hood, Elasticsearch 9.0 now runs on Lucene 10, the latest version of the open-source search library that powers Elasticsearch. 

Lucene 10 brings: 

  • Improved query performance and lower latency 

  • More efficient use of hardware resources 

  • New APIs that simplify index management and upgrade processes 

This integration not only boosts performance but also smooths the path for operational maintenance. 

Native Support for OpenTelemetry: EDOT GA 

Elastic Distributions of OpenTelemetry (EDOT) is now generally available. This integration enables native support for OpenTelemetry schemas across all telemetry signals — including logs, metrics, and traces. 

Benefits include: 

  • Out-of-the-box observability without proprietary lock-in 

  • Improved data correlation across services 

  • Streamlined integration with OpenTelemetry-native tools 

This positions Elasticsearch as a core player in open observability stacks. 

LLM Observability for GenAI Applications 

With the rise of Generative AI, observability is no longer optional — it’s essential. Elasticsearch 9.0 introduces native observability tooling for LLMs, offering: 

  • Performance metrics and latency insights 

  • Prompt and response tracking 

  • Usage and cost visibility 

  • Safety and reliability assessments 

It supports popular hosting platforms like Amazon Bedrock, Google Vertex AI, Azure OpenAI, and OpenAI directly — making it easier than ever to monitor and optimize GenAI workloads.

Security Enhancements: Attack Discovery & Detection Rule Automation 

Security operations get a major boost in Elasticsearch 9.0 with: 

  • General availability of Attack Discovery for automated threat detection 

  • Automatic Import of detection rules for streamlined rule management 

  • Customizable prebuilt detection rules 

  • Preview of Automatic Migration from legacy SIEM rules 

These tools enhance both proactive detection and migration simplicity, helping SecOps teams stay ahead of evolving threats. 

Deprecations and Breaking Changes 

As with any major release, Elasticsearch 9.0 includes some important changes to be aware of: 

  • Removal of the Enterprise Search Node, AppSearch, and Workplace search.  We’ll follow up on this separate as its a significant change if you rely on these features. 

  • Removal of TLS_RSA cipher support on JDK 24 

  • Deprecation of Behavioral Analytics CRUD APIs 

  • Removal of support for frozen indices 

  • ️ Other removals: client.type setting, TLSv1.1 support, and various deprecated APIs 

Before upgrading, users should review the full deprecation guide to ensure compatibility and avoid service disruptions. 

Getting Started with Elasticsearch 9.0 

You can create a cluster today in Elastic cloud or use the start-local command which can be found on github or by running this command: 

 curl -fsSL https://elastic.co/start-local | sh

Scroll to Top