Last checked and updated on 10 Jun 2026
What Is New in Elasticsearch 5.4
Elasticsearch 5.4 delivers significant enhancements across search, security, and data management. This release focuses on making complex operations more intuitive and improving the overall resilience of the cluster.
| Category | Key Updates |
|---|---|
| New Features | Painless Scripting Language, Reindex-from-remote, Wait for Refresh API, Ingest Node Enhancements |
| Improvements | Indexing Performance, Recovery Prioritization, Cross-cluster Search |
| Bug Fixes | Numerous fixes for aggregation, indexing, and node discovery |
How does Painless scripting change the game?
Painless is a new secure scripting language designed specifically for Elasticsearch. It's the new default for inline and stored scripts, offering significant performance and security advantages over Groovy or other previous options.
It's sandboxed by default, which prevents potentially dangerous operations right out of the box. In practice, this means you get the flexibility of scripting without the operational headaches of managing fine-grained security permissions.
Example Usage
GET /_search
{
"script_fields": {
"total_discount": {
"script": {
"lang": "painless",
"source": "doc['price'].value * params.discount_rate",
"params": {
"discount_rate": 0.1
}
}
}
}
}What's new with reindexing data?
The reindex API now supports pulling data directly from a remote Elasticsearch cluster. This is a huge quality-of-life improvement for migrations or consolidating data from different deployments.
Before this, you had to use external tools or write custom scripts to transfer data between clusters. Now, it's a single API call that handles the entire process, including setting up a remote connection and the reindex operation itself.
Reindex from Remote Syntax
POST _reindex
{
"source": {
"remote": {
"host": "http://other-cluster:9200"
},
"index": "old_index"
},
"dest": {
"index": "new_index"
}
}Are there better ways to control index readiness?
Yes, the new Wait for Refresh API allows you to block until a refresh has occurred, making the operations visible to search. This provides more explicit control over data visibility compared to the `refresh` parameter.
This matters for testing and scenarios where you need to ensure that a document is immediately searchable after an indexing operation without forcing a refresh on every single write, which is expensive.
API Call
POST /my_index/_wait_for_refreshHow is data processing improved in Ingest Nodes?
Ingest nodes get two powerful new processors: the Date Index Name processor and the Dot Expander processor. These simplify common data transformation tasks during the ingestion pipeline.
The Date Index Name processor automatically routes documents to time-based indices (like `logstash-2017.05.15`) based on a date field in the document itself. This is fantastic for log data and time-series use cases, moving logic out of your application and into the cluster.
Dot Expander Processor
{
"dot_expander": {
"field": "foo.bar"
}
}FAQ
Why is Painless the new default scripting language?
Painless was built for Elasticsearch, offering better performance and security than Groovy. It's sandboxed to prevent dangerous operations and its syntax is designed to be easy to learn for Java developers.
Can I reindex from a remote cluster with a different version?
The reindex-from-remote feature is designed to work between clusters running the same major version (5.x to 5.x). Reindexing from significantly older versions may not be supported and could require an intermediate upgrade step.
What's the difference between the `refresh` parameter and the `wait_for_refresh` API?
The `refresh=true` parameter forces a refresh immediately after the operation. The `wait_for_refresh` API blocks until the next scheduled refresh happens, which is more efficient for ensuring visibility without impacting indexing throughput.
When should I use the Date Index Name Ingest processor?
Use it when you have time-series data (like logs or metrics) and want Elasticsearch to automatically manage routing documents to daily, monthly, or yearly indices based on a timestamp within each document, simplifying your indexing logic.
Are there any breaking changes in the 5.4 upgrade?
While most changes are additive, you should test thoroughly. The main change developers will notice is that Painless is now the default scripting language, so any existing Groovy scripts will need to be explicitly set with `"lang": "groovy"` or migrated to Painless.