Last checked and updated on 10 Jun 2026
What Is New in Elasticsearch 8.7
Elasticsearch 8.7 delivers key enhancements in vector search, analytics, and operational management. This release focuses on making advanced search capabilities more efficient and developer-friendly.
| Category | Key Updates |
|---|---|
| New Features | kNN query as filter, ESQL (technical preview), New _terms_enrich policy type |
| Improvements | Faster vector search, Better GeoIP database management, Enhanced downsampling |
| Security | FIPS 140-2 compliance for the Kibana Docker image |
| Deprecations | Deprecation of the `_thread_pool` and `_thread_pool/{thread_pools}` endpoints |
How is vector search performance improved in 8.7?
The biggest win for vector search is the new ability to use a kNN query as a filter in the search API. This lets you combine approximate k-nearest neighbor search with other queries and aggregations in a single request.
In practice, this means you can now run a hybrid search that finds similar vectors while also filtering those results by a specific tag, date range, or any other standard query clause. It eliminates the need for a two-step process, making semantic search applications significantly faster and more powerful.
What new capabilities does ESQL bring?
ESQL enters technical preview, introducing a new pipe-based syntax for data exploration and analysis. This new language allows you to chain commands together to process data in a more intuitive way.
For developers familiar with SQL-like languages, ESQL offers a fresh approach. You can now use commands like FROM logs | STATS avg(response.size) BY host.name | SORT host.name to quickly query and transform your data without needing to master the complex DSL.
How is downsampling more efficient now?
Downsampling has been optimized to use less disk space. The improvement comes from a change in how the component that manages time series data handles the downsampling process.
This matters because for large-scale observability and metrics use cases, storage costs are a major concern. The reduced disk footprint means you can retain more historical, downsampled data for trend analysis without expanding your storage infrastructure.
What's new with GeoIP databases?
Managing GeoIP databases is now simpler and more reliable. The endpoint for downloading these databases is now highly available, and the system includes built-in retry logic for failed downloads.
This change automates a previously manual and error-prone task. Your ingest pipelines that rely on GeoIP data for geolocation will be more resilient against temporary network issues, ensuring data enrichment continues uninterrupted.
Are there any new enrich policy types?
Yes, a new _terms enrich policy type has been added. This complements the existing range and match types, giving you more flexibility in how you enrich incoming documents.
This is useful for use cases where you need to decorate documents based on exact key matches from a reference dataset, streamlining data normalization during ingestion.
FAQ
Can I now use a filter context with my kNN search?
Yes, absolutely. You can now wrap a kNN query in a `filter` clause within a `bool` query. This allows you to pre-filter the documents that the kNN search runs against, which can drastically improve performance by reducing the search space.
Is ESQL ready for production use?
No, ESQL is currently in technical preview. This means it's available for testing and development purposes, but its syntax or functionality might change before it is declared stable for production workloads.
What is the benefit of the new _terms enrich policy?
The `_terms` policy lets you enrich your data based on exact value matches. It's the right tool when you have a reference dataset and want to append information to incoming documents where a key field matches exactly, like looking up product details from a SKU.
Do the GeoIP improvements mean the databases update automatically?
The process is more robust, but it's not fully automatic. The endpoint for downloading the databases is now highly available, and the system will retry failed downloads. However, you still need to manage the update policy for when new database versions are released.
Why were the _thread_pool endpoints deprecated?
The `_thread_pool` endpoints were deprecated in favor of the more detailed and actionable node stats API. The newer API provides richer metrics that are more useful for monitoring and troubleshooting cluster performance.