Elasticsearch 8.18 introduces a new feature, the ES|QL’s LOOKUP JOIN command, marking the first SQL-style JOIN capability within the platform, available in a tech preview. This feature allows for data correlation and enrichment by using easily updatable lookup datasets, enabling users to integrate additional information such as host and asset details into events without significant data preparation. Unlike previous attempts like nested and _parent join field types, LOOKUP JOIN utilizes a new index mode called 'lookup', which is limited to a single shard with a maximum of 2 billion documents to enhance performance and scalability. This new capability simplifies the process of managing relational data without the need for denormalization and allows for more comprehensive analytical functions, such as grouping and aggregating data. Elastic plans to further develop this feature, enabling more join types and improving the user experience.