Elastic 9.4 Launches Workflows and PromQL Support

Elastic 9.4 Delivers Major Platform Upgrades for AI and Observability

Elastic has officially released Elastic 9.4, the latest version of its Elasticsearch Platform, introducing generally available Workflows, an upgraded Agent Builder, and native Prometheus/PromQL support. The release targets developers building AI-driven applications, infrastructure monitoring pipelines, and security operations workflows — marking one of the most feature-rich updates to the platform in recent memory.

Unlike previous incremental updates, Elastic 9.4 spans all 3 of the company's core product pillars: Elastic Search & AI, Elastic Observability, and Elastic Security. The update arrives as enterprise demand for context engineering, agentic AI tooling, and unified observability platforms continues to accelerate across the industry.

Key Takeaways at a Glance

• Workflows reaches general availability (GA), enabling orchestrated multi-step automation across Elastic's platform
• Agent Builder receives significant updates for constructing AI-powered agents with improved context engineering
• Prometheus and PromQL support is now natively integrated into Elastic Observability
• New capabilities span Search & AI, Observability, and Security product lines
• The release emphasizes context engineering as a core paradigm for AI application development
• Enhanced AI-driven security operations features aim to reduce mean time to response (MTTR)

Workflows Goes GA: Orchestrating Multi-Step Automation

Workflows, one of the headline features of Elastic 9.4, has moved from preview to general availability. This capability allows developers and operations teams to build orchestrated, multi-step automation sequences directly within the Elastic platform. Rather than relying on external orchestration tools or custom scripts, teams can now define complex operational logic that spans data ingestion, analysis, alerting, and response.

The GA release of Workflows is particularly significant for security operations centers (SOCs) and DevOps teams. These groups frequently need to chain together multiple actions — from detecting an anomaly to enriching it with contextual data to triggering a remediation step. Workflows codifies these sequences into repeatable, auditable processes.

For enterprise customers, this means fewer integration points to maintain and a more cohesive operational experience. The move also positions Elastic more competitively against platforms like Splunk (now part of Cisco) and Datadog, both of which have invested heavily in workflow automation capabilities over the past 18 months.

Agent Builder Gets Smarter with Context Engineering

The updated Agent Builder in Elastic 9.4 reflects a broader industry shift toward what Elastic calls context engineering — the practice of carefully curating and structuring the contextual information that AI agents receive when processing queries or making decisions. This concept has gained traction as enterprises realize that the quality of AI outputs depends heavily on the relevance and structure of input context, not just model capability.

Agent Builder now offers improved tools for developers to:

• Define and manage context windows more precisely for AI agents
• Integrate retrieval-augmented generation (RAG) pipelines with Elasticsearch's vector search capabilities
• Test and iterate on agent behaviors within a unified development environment
• Connect agents to enterprise knowledge bases, APIs, and real-time data streams
• Monitor agent performance and trace decision-making pathways

This update places Elastic squarely in the growing agentic AI infrastructure market, competing with offerings from LangChain, Microsoft Azure AI, and Amazon Bedrock. The key differentiator for Elastic is its deep integration with search infrastructure — the company argues that search-native context engineering produces more accurate and relevant AI agent responses than bolting retrieval onto a separate AI framework.

Context engineering as a discipline has been gaining momentum throughout 2025, with prominent AI researchers and practitioners arguing it is equally important — if not more so — than prompt engineering alone. Elastic's investment in this area signals that the company sees it as a long-term strategic priority rather than a passing trend.

Native Prometheus and PromQL Support Arrives

Perhaps the most technically significant addition for observability practitioners is the introduction of native Prometheus and PromQL support within Elastic Observability. Prometheus has long been the de facto standard for metrics collection in cloud-native and Kubernetes environments, and PromQL is its widely adopted query language for analyzing time-series metrics data.

Until now, teams using Elastic for observability had to either convert Prometheus metrics into Elastic-compatible formats or maintain separate systems. With Elastic 9.4, organizations can:

• Ingest Prometheus metrics directly into Elasticsearch without transformation
• Query those metrics using native PromQL syntax within Kibana
• Unify Prometheus-based metrics alongside logs, traces, and other telemetry in a single platform
• Reduce operational overhead by consolidating monitoring tool sprawl

This move directly addresses one of the most common friction points for teams evaluating Elastic as an observability platform. Many engineering organizations have years of investment in Prometheus-based dashboards, alerts, and runbooks. By supporting PromQL natively, Elastic removes a significant migration barrier and makes it practical for teams to consolidate onto a single observability backend.

The timing is strategic. Grafana Labs, which has built much of its business around the Prometheus ecosystem, recently raised $300 million at a $6 billion valuation. By embracing rather than competing with the Prometheus ecosystem, Elastic is positioning itself as a complementary — and potentially superior — backend for organizations that want unified observability without abandoning their existing Prometheus workflows.

AI-Driven Security Operations Expand

Elastic Security also receives notable enhancements in version 9.4. The release introduces new AI-driven security operations capabilities designed to help security analysts detect, investigate, and respond to threats more efficiently. These features leverage the same context engineering principles introduced in Agent Builder but apply them specifically to security use cases.

Key security improvements include automated threat enrichment, where detected security events are automatically correlated with threat intelligence feeds and historical incident data. This reduces the manual research burden on analysts and accelerates the triage process. Elastic reports that early adopters of these features have seen measurable reductions in investigation time.

The security updates also integrate tightly with the new Workflows capability. Security teams can now build automated response playbooks that trigger specific actions based on threat severity, asset criticality, and organizational policy. This kind of orchestrated response has traditionally required separate SOAR (Security Orchestration, Automation, and Response) platforms — tools that can cost $100,000 or more annually for enterprise deployments.

Industry Context: Elastic Positions for the Agentic AI Era

Elastic 9.4 arrives at a pivotal moment in the enterprise software landscape. The convergence of large language models, agentic AI frameworks, and unified data platforms is reshaping how organizations build and operate software systems. Companies like Microsoft, Google, Amazon, and Salesforce are all racing to embed AI agent capabilities into their platforms.

Elastic's approach is distinctive because it starts from the search layer. The company's argument is straightforward: AI agents are only as good as the information they can access, and search infrastructure is the most efficient way to surface relevant information at scale. This 'search-first' philosophy differentiates Elastic from competitors who are retrofitting search capabilities onto AI frameworks.

The broader market validates this direction. According to recent analyst estimates, the enterprise AI platform market is expected to exceed $150 billion by 2028. Within that market, context-aware AI systems — those that can dynamically retrieve and synthesize information from multiple sources — represent the fastest-growing segment.

What This Means for Developers and Enterprises

For developers, Elastic 9.4 offers a more integrated toolkit for building AI-powered applications. The combination of Agent Builder, vector search, and Workflows means teams can prototype, test, and deploy intelligent agents without stitching together multiple third-party services. This reduces architectural complexity and accelerates time to production.

For enterprise IT and operations teams, the Prometheus/PromQL integration is arguably the most immediately impactful feature. Organizations running hybrid observability stacks can begin consolidating their monitoring infrastructure, potentially reducing licensing costs and operational overhead. The native PromQL support means existing dashboards and alerting rules can be migrated with minimal rework.

For security teams, the combination of AI-driven analytics and automated Workflows creates a path toward more autonomous security operations. While fully autonomous SOCs remain aspirational, Elastic 9.4 moves the needle by automating routine investigation and enrichment tasks that currently consume significant analyst time.

Looking Ahead: What Comes Next for Elastic

Elastic has signaled that context engineering and agentic AI will remain central themes in future releases. The company is expected to deepen its Agent Builder capabilities with support for multi-agent collaboration — scenarios where multiple specialized AI agents work together to solve complex problems.

The Prometheus integration is also likely to expand. Future releases may include support for additional PromQL functions, deeper integration with Kubernetes-native monitoring workflows, and enhanced compatibility with the broader OpenTelemetry ecosystem.

With Elastic 9.4, the company is making a clear strategic statement: the future of enterprise search, observability, and security is AI-native, context-aware, and deeply integrated. Whether this vision translates into market share gains against well-funded competitors like Datadog, Splunk, and Grafana Labs will depend on execution — but the technical foundation laid in this release is undeniably ambitious.