What’s new in 8.18

Here are the highlights of what’s new and improved in 8.18. For detailed information about this release, check the release notes.

Previous versions: 8.17 | 8.16 | 8.15 | 8.14 | 8.13 | 8.12 | 8.11 | 8.10 | 8.9 | 8.8 | 8.7 | 8.6 | 8.5 | 8.4 | 8.3 | 8.2 | 8.1 | 8.0

This release introduces an in-table search feature that scans beyond what’s currently visible, making it easier to find logs, transaction IDs, and other records in large data sets. Inspired by your browser’s native search, this new box sits at the top of the Discover table and supports keyboard navigation for navigating through matches. It’s available across Kibana wherever the Discover table is embedded.

We’ve changed Saved search to Discover session for improved clarity and to better reflect Discover’s expanding capabilities. With this updated terminology, we’re setting the stage for more powerful data exploration with Discover.

The Elastic AI Assistant is now available in the log details flyout in Discover, offering instant highlights for logs that match a logs profile and include a message field. With AI-driven context and prompts, you can diagnose issues and uncover opportunities faster, saving time and improving overall efficiency.

We’ve introduced support for the LOOKUP JOIN command to enable a smooth autocomplete experience and client-side validation. The editor now suggests lookup mode indices and join condition fields, letting you craft accurate ES|QL queries more quickly and keep your data exploration flowing.

Moving from Discover’s data view mode to ES|QL mode is now easier than ever. Your existing KQL or Lucene query is automatically carried over and translated into ES|QL, saving time and preserving context. This enhancement keeps you focused on uncovering insights instead of re-rentering queries.

[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

You can now bind controls to your ES|QL visualizations in dashboards. When creating a visualization, the ES|QL autocomplete will prompt control insertion for field values, field names, and function configuration. This enables controls that only apply to a specific panel, and exposes visualization configuration such as date histogram interval controls to dashboard users.

Check out the following examples:

| WHERE field == ?value

| STATS count=COUNT(*) BY ?field

| BUCKET(@timestamp, ?interval),

We’ve rebuilt the Dashboard layout engine for faster authoring and improved performance. The new engine makes resize events behave more predictably, allows drag-and-drop of panels above and below the visible part of the dashboard, and improves browser performance to create a more responsive experience. Read more about the engineering behind this engine in our blog post.

You can now access the file uploader via a flyout on the Search Overview page and Search Playground. This release also adds support for uploading multiple files with a single action.

Case templates are now Generally Available. Case templates provide useful starting points for investigations in both Security and Observability. Add templates in Case Settings and leverage them as a starting point in any new case.

Case observables enable structured data collection. You can now add common observables to any case out of the box and extend the types of observable case data to include custom options.

The Service Now connector is certified for the Xanadu release.

You can now enable a role to assign users to a case.

You can now manage case attachments programmatically with new CRUD operations on the case attachments API. Check out the API documentation to learn more.