Last checked and updated on 10 Jun 2026
What Is New in Elasticsearch 8.15
Elasticsearch 8.15 delivers key enhancements across search, observability, and data management. This release focuses on improving developer experience with better query performance and more flexible data handling.
| Category | Key Updates |
|---|---|
| New Features | Vector search optimization, _id from script, terms enrichment policy, EQL sequence queries |
| Improvements | Faster terms aggregations, Painless script compiler upgrade, TSDB dimension field limits |
| Bug Fixes | Resolved issues in search, indexing, and cluster management |
| Deprecations | Deprecated indices:admin/auto_create privilege and _fields usage in knn queries |
How is vector search performance improved?
Vector search now uses the HNSW graph for approximate kNN searches even when the mapping specifies a different similarity algorithm. This change means that if your mapping defines l2_norm but you perform a search with cosine, the system will automatically use the HNSW graph instead of falling back to an exact, brute-force search.
In practice, this delivers a massive speed boost for production workloads where query-time similarity needs differ from index-time configuration. You get the performance benefits of approximate search without being locked into a single similarity algorithm.
What's new for document ingestion and scripting?
You can now generate document _id values directly from an ingest pipeline script. This eliminates the previous two-step process of generating an ID and then indexing the document, streamlining data ingestion workflows.
The Painless script compiler was upgraded to a newer version, which improves overall script performance and reliability. For developers, this means your complex scripting logic in search queries and ingest pipelines will execute more efficiently.
How are terms aggregations faster now?
Significant performance improvements were made to global ordinals for keyword fields. Global ordinals are the internal data structure that powers terms aggregations, and they're now built much more efficiently.
This optimization is most noticeable on large datasets with high-cardinality fields. Your dashboard and analytic queries that rely on terms aggregations should see reduced latency and lower memory overhead.
What enrichment policies were added?
A new terms enrichment policy type allows you to enrich incoming documents based on matching exact values in a reference dataset. This complements the existing match policy which uses range queries.
You might use this for adding metadata to documents based on specific product codes, user IDs, or other discrete values. The policy works by creating a terms query under the hood against your enrichment index.
What changed for EQL sequence queries?
Event Query Language (EQL) now supports the until keyword in sequence queries, letting you define an explicit termination condition for event sequences. This gives you more precise control over the temporal boundaries of your sequence matching.
Security analysts will find this particularly useful for threat hunting, as they can now define exactly when a sequence of suspicious events should stop being evaluated, reducing false positives and improving query performance.
FAQ
Does the vector search change affect my existing mappings?
No, your existing mappings remain valid. The improvement is in how queries are executed against those mappings, not in how data is stored or indexed.
Can I use the new _id generation feature in update scripts?
No, the _id from script feature only works in ingest pipelines during document ingestion, not in update operations on existing documents.
Will I need to reindex to benefit from the terms aggregation improvements?
No, the global ordinals optimization works with existing indices. The improvements are applied automatically when building aggregation data structures.
What happens if I use the deprecated _fields parameter in knn queries?
Elasticsearch will continue to work but will emit a deprecation warning. You should migrate to using the field parameter instead for future compatibility.
Is the terms enrichment policy better than the match policy?
They serve different purposes. Use terms for exact value matching and match for range-based matching. The choice depends on your specific enrichment use case.