Elastic 9.4: AI takes Search, Observability and Security to the next level

What it is:

• A conversational AI assistant that guides developers from idea to working Elasticsearch search implementation
• Works integrated with tools such as Cursor, Claude Code and Kibana
•  Acts as an interactive guide for search development

What it does:

• Asks what you want to build (use case and goal)
• Understands your data structure and context
• Provides recommendations for the right Elasticsearch approach
  • Guides step by step
    • Mapping
    • Indexing
    • Query design
• Generates a working implementation
• Automatically introduces relevant Elasticsearch concepts at the right moment

What is new:

• From static documentation to an interactive AI onboarding flow
• From “figuring it out yourself” to guided building in real time
• Direct integration in developer tools such as IDEs and Kibana

Benefits:

• Faster onboarding of new developers
• Less time needed to read documentation
• Lower entry barrier for Elasticsearch search development
• Fewer errors in mapping and indexing design
• Faster from idea → prototype → working search
• Better knowledge building through contextual explanations during building

What is it:

• A new generation of Kibana in which AI is central to the user experience
• Focuses on automation, natural language and code-first dashboarding

Main features

• Users describe dashboards in natural language
• Kibana builds dashboards automatically and iteratively
• No manual configuration needed anymore
• Works as a conversation-based analytics builder

Dashboards as code ( technical preview):

• Dashboards are managed as code (version-controlled assets)
• Supports CI/CD pipelines
• Makes dashboards:
  • Reusable
  • Testable
  • Reviewable via code review
• Replaces the old saved-object export/import workflows

What is new:

• Shift from GUI-first to AI + code-first Kibana
• Dashboards are no longer only “clicked”, but also:
  • Generated via AI
  • Managed via software and engineering workflows
• Stronger integration with DevOps and CI/CD systems

Benefits:

• Faster dashboards without technical setup
• Less manual work for analysts
• Version control and governance via Git/CI/CD workflows
• Better collaboration between data teams and engineers
• Fewer errors through automated generation
• More scalability for enterprise dashboard management
• AI makes data exploration accessible for non-technical users

Elastic 9.4 english strengthens observability by making it easier to manage large volumes of logs, metrics and monitoring data.

• Native support for Prometheus and PromQL
• Faster analysis of large datasets and better performance in monitoring
• Improvements within the Time Series Database (TSDB)

1. More efficient metric storage

• TSDB uses storage more efficiently and is according to Elastic up to 2.6x more efficient than Prometheus. This allows organizations to store more metrics without a proportional increase in infrastructure costs.

2. Higher ingest performance

• Elastic 9.4 increases ingestion throughput, allowing larger volumes of logs and metrics to be processed faster. This is especially important for Kubernetes, microservice and AI environments where huge data volumes are generated.

3. Faster query performance

• The query engine has been further optimized so that time-series analysis is significantly faster. Elastic reports performance improvements of up to 30x compared to Prometheus and Mimir.

4. Longer retention without extra hardware

• Thanks to more efficient storage and processing, organizations can retain data longer without additional storage capacity or infrastructure.

5. One platform for logs, metrics and traces

• Where organizations often combine multiple tools, Elastic 9.4 makes it possible to manage logs, metrics and traces in one environment without different query languages or separate platforms.

Within Security, Elastic 9.4 focuses on more efficient processes and better threat detection.

• AI support for SIEM migrations
• Improved Entity Analytics
• Faster processing of alerts and incidents
• Elastic Workflows for automation

Elastic Workflow focus:

• Elastic Workflows is a relatively new native automation engine within the Elastic Stack (introduced in technical preview early 2026 and now generally available in version 9.4).
• Goal: Automate tasks directly in Elasticsearch.
• Focus: In-product automation such as enriching data, letting AI agents reason over logs, or executing scripted actions without data leaving the platform.
• Location: Runs fully within the Elastic infrastructure.

The Elasticsearch Platform also received important improvements around speed and scalability.

• Faster indexing and data processing
• Improved vector search

Benefits of improved vector search:

1. Better semantic search results: meaning of text is understood instead of only keywords
2. Faster nearest neighbor search on large datasets
3. Scalable to millions to billions of vectors
4. Higher relevance in AI applications such as RAG and chatbots
5. More efficient use of storage and compute power
6. Support for hybrid search (vector + keyword search combined)

Extensions within ES|QL:
Main extensions:

• Smart joins for easier dataset combination
• Improved time-series analysis for faster trend and log analysis
• Data transformation pipelines within queries themselves
• Support for cross-cluster search across multiple Elasticsearch clusters
• Improved performance for complex queries
• Better integration with AI and analytics workloads

Practical impact: ES/QL:

• Faster and more efficient real-time dashboards
• Easier analysis of logs, metrics and events
• Less dependence on external data processing tools
• Direct support for AI-driven data retrieval
• More efficient data engineering workflows

What is GPU (Graphics Processing Unit):

• A GPU is a specialized processor originally designed for graphical computations
• Today widely used for AI and data-intensive workloads

What a GPU does in Elasticsearch:

• Processes large numbers of computations in parallel instead of sequentially
• Accelerates vector indexing and similarity search
• Reduces latency in large AI search queries
• Offloads the CPU so it can perform other tasks

CPU= processes thousands of small computations at once and is optimized for parallel AI data processing

Why upgrade to Elastic 9.4?

• Smarter AI and search functionality
• More automation within security
• Faster processing of large volumes of data
• Better support for AI environments
• Improved observability and monitoring