What’s New in Elasticsearch 8.0? Key Features, Security, and API Changes

Elasticsearch is a Lucene‑based distributed full‑text search engine with a HTTP web interface and schema‑free JSON documents. It is written in Java and released under the SSPL+Elastic License, with official clients for Java, .NET, PHP, Python, Groovy, Ruby, and many other languages.

7.x REST API Compatibility

Elasticsearch 8.0 adds optional compatibility headers that let you send 7.x‑compatible requests to an 8.0 cluster and receive 7.x‑compatible responses, easing the upgrade process. While native 8.0 requests are recommended, the headers provide a longer migration window.

Security Features Enabled by Default

Running Elasticsearch without security exposes the cluster to any user who can send requests. Starting with 8.0, security (authentication, authorization, TLS) is enabled and configured automatically on first start.

Elasticsearch 8.0 generates an enrollment token at startup, which can be used to connect Kibana or register other nodes without manually creating certificates or editing YAML files.

Known Issues

On Linux ARM or macOS M1, the elastic user password and Kibana enrollment token are not generated automatically. After node startup, run bin/elasticsearch-reset-password -u elastic to create the password, then use bin/elasticsearch-create-enrollment-token -s kibana to generate a token for Kibana.

Better Protection of System Indices

System indices store internal configuration and data. Direct access is now blocked unless the allow_restricted_indices privilege is set to true. The built‑in elastic superuser no longer has write access to system indices, and attempts to modify them produce warnings.

New KNN Search API (Technical Preview)

The KNN search API uses the dense_vector field to find the k nearest vectors based on similarity metrics. It enables faster approximate KNN searches for large datasets, supporting recommendation engines and NLP‑based relevance ranking.

Storage‑Saving Field Encodings

Updates to the inverted index reduce storage for keyword, match_only_text, and text fields. In benchmark tests on application logs, the message field (mapped as match_only_text) saw a 14.4% reduction in index size and a 3.5% overall disk‑space reduction.

Faster Indexing for geo_point, geo_shape, and Range Fields

Optimizations to multi‑dimensional point indexing improve indexing speed for geo_point, geo_shape, and range fields by 10‑15% in Lucene‑level benchmarks.

PyTorch Model Support for NLP

Elasticsearch now allows uploading PyTorch models trained outside the Elastic Stack for inference, bringing modern NLP capabilities to search use cases.

Other Changes

Aggregations : removed adjacency matrix settings, deprecated MovingAverage pipeline aggregation, and removed deprecated sorting fields _time and _term.

Allocation : removed include_relocations setting.

Analysis : cleaned up versioned deprecations and removed pre‑configured delimited_payload_filter.

Authentication : file and native realms are always added unless explicitly disabled; default NameID format in policies is no longer set; enforced order for realms.

Cluster Coordination : removed connection timeout and support for delayed state recovery.

Distributed : removed sync flush and deprecated cluster.remote.connect setting.

Engine : rejected settings only_expunge_deletes and max_num_segments on force merge; removed per‑type index stats and translog retention settings.

Features/CAT APIs : removed deprecated local parameter from _cat/indices and _cat/shards.

Features/ILM+SLM : defaulted cluster.routing.allocation.enforce_default_tier_preference to true.

Features/Indices APIs : defaulted prefer_v2_templates to true, removed deprecated _upgrade API and include_type_name parameter, and removed template field from index templates.

Infra/Core : removed nodes/0 folder prefix from data path, deprecated bootstrap.system_call_filter, node.max_local_storage_nodes, Joda dependency, and camel‑case date/time format names.

Packaging : removed SysV init support, dropped JAVA_HOME support, and now requires Java 17 to run.

For more details, see the official Elastic blog post: https://www.elastic.co/cn/blog/whats-new-elastic-8-0-0