Last checked and updated on 10 Jun 2026
What Is New in Elasticsearch 7.15
Elasticsearch 7.15 delivers significant enhancements across search, observability, and data management. This release focuses on improving the developer experience with better search profiling, more efficient data handling, and extended platform support.
| Category | Key Updates |
|---|---|
| New Features | Search profiler for concurrent searches, Synthetic source, EQL sequence queries, New fleet APIs |
| Improvements | Faster index closure, Reduced heap usage for doc-value fields, Better CCS performance, ARM64 support for Linux |
| Bug Fixes | Resolved issues in recovery, search, and indexing operations |
How does the new search profiler help with complex queries?
The search profiler now provides detailed timing for concurrent search requests. Previously, it only profiled a single slice of a search, making it hard to diagnose performance across the entire distributed operation.
This update breaks down the time spent on each phase across all shards involved in a query. You can see exactly where bottlenecks occur, whether it's in the query, fetch, or other phases. This is a game-changer for tuning complex queries that span large datasets.
What is synthetic source and when should I use it?
Synthetic source is a new, efficient way to store your document's _source field. Instead of storing the original JSON, Elasticsearch reconstructs it on the fly from the underlying doc-values at query time.
This is a huge win for time-series data or any use case where you have many fields but only query a subset of them. It significantly reduces your index storage footprint. Enable it by setting mode: synthetic in your field mapping.
{
"mappings": {
"_source": {
"mode": "synthetic"
}
}
}How are EQL sequence queries more powerful now?
Event Query Language (EQL) now supports querying across multiple indices and data streams with sequence queries. This extends its power beyond single indices, which was a major limitation for security and observability use cases.
You can now correlate events that span different data streams or time periods. This is critical for tracking complex attack chains in security analytics or tracing a request through a distributed system where logs are split across streams.
What performance gains can I expect from the index closure improvements?
Closing indices is now up to 25% faster. The process has been optimized to handle the internal state management more efficiently, reducing cluster management overhead.
This matters most in large clusters where you frequently cycle indices, like in ILM policies. Faster closure means less time waiting for operations to complete and reduced window of potential I/O contention.
Is there better ARM64 support for production environments?
Yes, Elasticsearch 7.15 introduces production-grade support for Linux ARM64 architectures. This isn't just a build option--it's a fully tested and supported platform.
You can now deploy on AWS Graviton or other ARM-based hardware with confidence. This opens up significant cost-saving opportunities, as ARM instances often provide better price-performance ratios for search and analytics workloads.
FAQ
Does the synthetic _source work with update operations?
No, synthetic _source is incompatible with update operations. If your application relies heavily on document updates, you should stick with the traditional _source storage method.
Can I use the new search profiler on existing queries without modification?
Yes, the enhanced profiling is automatic for concurrent searches. Just profile your query as you normally would, and you'll get the new detailed breakdown across all shards.
What's the storage reduction typically seen with synthetic source?
Storage savings vary by data structure, but we've seen reductions of 20-40% for typical observability and metrics data. The savings come from not storing the raw JSON and better compression of doc-values.
Are there any specific requirements for running on ARM64?
You need to use the ARM64-specific distribution and ensure your JVM is compatible. The official Elasticsearch distribution for Linux ARM64 includes everything you need for production deployment.
How do the new fleet APIs improve agent management?
The new fleet APIs provide a stable interface for managing Elastic Agents at scale. This replaces previous experimental endpoints and gives you programmatic control over agent policies, status checks, and central management configuration.