github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-25 02:09:32 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/docs/upgrade-notes.asciidoc
Nikita Indik e69e783724
[8.x] [Security Solution] Show deprecated bulk endpoints in Upgrade Assistant (#207091) (#207882) 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[Security Solution] Show deprecated bulk endpoints in Upgrade
Assistant (#207091)](https://github.com/elastic/kibana/pull/207091)

<!--- Backport version: 9.6.4 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Nikita
Indik","email":"nikita.indik@elastic.co"},"sourceCommit":{"committedDate":"2025-01-22T16:36:24Z","message":"[Security
Solution] Show deprecated bulk endpoints in Upgrade Assistant
(#207091)\n\n**Partially addresses:
https://github.com/elastic/kibana/issues/193184**\n\n## Summary\nWe are
going to remove our deprecated [bulk
action\nendpoints](https://github.com/elastic/kibana/issues/193184) in
v9.0.0.\nThey are already unavailable in `main`.\n\nThis PR makes
deprecated bulk endpoints visible in Upgrade Assistant.\nAlso, it adds
an upgrade guide to the documentation to help users\ntransition to
supported endpoints.\n\n⚠️ This PR temporarily adds the deprecated
endpoints back to\n`register_routes.ts`. This is needed to make merging
changes easier.\nI'll open up a follow up PR for `main` that will delete
these endpoints\nfrom `9.0`. Will do it once this PR is merged.\n\n##
Screenshots\n**Deprecated endpoints visible in Upgrade Assistant
table**\n<img width=\"1276\" alt=\"Scherm­afbeelding 2025-01-21 om 11 27
53\"\nsrc=\"https://github.com/user-attachments/assets/909c7a20-31d9-46bb-89ec-b409550074e4\"\n/>\n\n**Clicking
on a table item opens a flyout with more info**\n<table>\n <tr>\n
<td>\n<img width=\"1270\"
alt=\"patch_update\"\nsrc=\"https://github.com/user-attachments/assets/8e99459d-1ea1-40c4-936c-23074c02cd6f\"\n/>\n
</td>\n <td>\n<img width=\"1270\"
alt=\"post_create\"\nsrc=\"https://github.com/user-attachments/assets/6e734e97-4cf4-4d96-9f8d-51efeb3977ad\"\n/>\n
</td>\n </tr>\n <tr>\n <td>\n<img width=\"1270\"
alt=\"put_update\"\nsrc=\"https://github.com/user-attachments/assets/d5b08e16-bf49-475d-81a9-fe5654483e1d\"\n/>\n
</td>\n <td>\n<img width=\"1271\"
alt=\"post_delete\"\nsrc=\"https://github.com/user-attachments/assets/ccb74552-50a4-4bdb-b04e-06857caa8f38\"\n/>\n
</td>\n </tr>\n</table>\n\n**Clicking on \"Learn more\" in the flyout
takes you to the
[upgrade\nguide](https://kibana_bk_207091.docs-preview.app.elstc.co/guide/en/kibana/master/breaking-changes-summary.html#breaking-207091)**\n<img
width=\"731\"
alt=\"upgrade_notes\"\nsrc=\"https://github.com/user-attachments/assets/b8b471ea-98c7-4b07-91db-b1630c382554\"\n/>\n\n\n##
Testing\nOnce you send a request to one of the deprecated endpoints it
should\nshow up in Upgrade Assistant
at\n`<basePath>/app/management/stack/upgrade_assistant/kibana_deprecations`.\nPlease
refer to [this\nticket](https://github.com/elastic/kibana/issues/193184)
for the list of\ndeprecated endpoints.\n\nWork started on:
16-Jan-2025","sha":"33145379e57825f022dffa8405ded308d5eba8d0","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Feature:Rule
Management","Team:Detection Rule
Management","ui-copy","ci:cloud-deploy","ci:project-deploy-security","backport:version","v8.18.0"],"title":"[Security
Solution] Show deprecated bulk endpoints in Upgrade
Assistant","number":207091,"url":"https://github.com/elastic/kibana/pull/207091","mergeCommit":{"message":"[Security
Solution] Show deprecated bulk endpoints in Upgrade Assistant
(#207091)\n\n**Partially addresses:
https://github.com/elastic/kibana/issues/193184**\n\n## Summary\nWe are
going to remove our deprecated [bulk
action\nendpoints](https://github.com/elastic/kibana/issues/193184) in
v9.0.0.\nThey are already unavailable in `main`.\n\nThis PR makes
deprecated bulk endpoints visible in Upgrade Assistant.\nAlso, it adds
an upgrade guide to the documentation to help users\ntransition to
supported endpoints.\n\n⚠️ This PR temporarily adds the deprecated
endpoints back to\n`register_routes.ts`. This is needed to make merging
changes easier.\nI'll open up a follow up PR for `main` that will delete
these endpoints\nfrom `9.0`. Will do it once this PR is merged.\n\n##
Screenshots\n**Deprecated endpoints visible in Upgrade Assistant
table**\n<img width=\"1276\" alt=\"Scherm­afbeelding 2025-01-21 om 11 27
53\"\nsrc=\"https://github.com/user-attachments/assets/909c7a20-31d9-46bb-89ec-b409550074e4\"\n/>\n\n**Clicking
on a table item opens a flyout with more info**\n<table>\n <tr>\n
<td>\n<img width=\"1270\"
alt=\"patch_update\"\nsrc=\"https://github.com/user-attachments/assets/8e99459d-1ea1-40c4-936c-23074c02cd6f\"\n/>\n
</td>\n <td>\n<img width=\"1270\"
alt=\"post_create\"\nsrc=\"https://github.com/user-attachments/assets/6e734e97-4cf4-4d96-9f8d-51efeb3977ad\"\n/>\n
</td>\n </tr>\n <tr>\n <td>\n<img width=\"1270\"
alt=\"put_update\"\nsrc=\"https://github.com/user-attachments/assets/d5b08e16-bf49-475d-81a9-fe5654483e1d\"\n/>\n
</td>\n <td>\n<img width=\"1271\"
alt=\"post_delete\"\nsrc=\"https://github.com/user-attachments/assets/ccb74552-50a4-4bdb-b04e-06857caa8f38\"\n/>\n
</td>\n </tr>\n</table>\n\n**Clicking on \"Learn more\" in the flyout
takes you to the
[upgrade\nguide](https://kibana_bk_207091.docs-preview.app.elstc.co/guide/en/kibana/master/breaking-changes-summary.html#breaking-207091)**\n<img
width=\"731\"
alt=\"upgrade_notes\"\nsrc=\"https://github.com/user-attachments/assets/b8b471ea-98c7-4b07-91db-b1630c382554\"\n/>\n\n\n##
Testing\nOnce you send a request to one of the deprecated endpoints it
should\nshow up in Upgrade Assistant
at\n`<basePath>/app/management/stack/upgrade_assistant/kibana_deprecations`.\nPlease
refer to [this\nticket](https://github.com/elastic/kibana/issues/193184)
for the list of\ndeprecated endpoints.\n\nWork started on:
16-Jan-2025","sha":"33145379e57825f022dffa8405ded308d5eba8d0"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/207091","number":207091,"mergeCommit":{"message":"[Security
Solution] Show deprecated bulk endpoints in Upgrade Assistant
(#207091)\n\n**Partially addresses:
https://github.com/elastic/kibana/issues/193184**\n\n## Summary\nWe are
going to remove our deprecated [bulk
action\nendpoints](https://github.com/elastic/kibana/issues/193184) in
v9.0.0.\nThey are already unavailable in `main`.\n\nThis PR makes
deprecated bulk endpoints visible in Upgrade Assistant.\nAlso, it adds
an upgrade guide to the documentation to help users\ntransition to
supported endpoints.\n\n⚠️ This PR temporarily adds the deprecated
endpoints back to\n`register_routes.ts`. This is needed to make merging
changes easier.\nI'll open up a follow up PR for `main` that will delete
these endpoints\nfrom `9.0`. Will do it once this PR is merged.\n\n##
Screenshots\n**Deprecated endpoints visible in Upgrade Assistant
table**\n<img width=\"1276\" alt=\"Scherm­afbeelding 2025-01-21 om 11 27
53\"\nsrc=\"https://github.com/user-attachments/assets/909c7a20-31d9-46bb-89ec-b409550074e4\"\n/>\n\n**Clicking
on a table item opens a flyout with more info**\n<table>\n <tr>\n
<td>\n<img width=\"1270\"
alt=\"patch_update\"\nsrc=\"https://github.com/user-attachments/assets/8e99459d-1ea1-40c4-936c-23074c02cd6f\"\n/>\n
</td>\n <td>\n<img width=\"1270\"
alt=\"post_create\"\nsrc=\"https://github.com/user-attachments/assets/6e734e97-4cf4-4d96-9f8d-51efeb3977ad\"\n/>\n
</td>\n </tr>\n <tr>\n <td>\n<img width=\"1270\"
alt=\"put_update\"\nsrc=\"https://github.com/user-attachments/assets/d5b08e16-bf49-475d-81a9-fe5654483e1d\"\n/>\n
</td>\n <td>\n<img width=\"1271\"
alt=\"post_delete\"\nsrc=\"https://github.com/user-attachments/assets/ccb74552-50a4-4bdb-b04e-06857caa8f38\"\n/>\n
</td>\n </tr>\n</table>\n\n**Clicking on \"Learn more\" in the flyout
takes you to the
[upgrade\nguide](https://kibana_bk_207091.docs-preview.app.elstc.co/guide/en/kibana/master/breaking-changes-summary.html#breaking-207091)**\n<img
width=\"731\"
alt=\"upgrade_notes\"\nsrc=\"https://github.com/user-attachments/assets/b8b471ea-98c7-4b07-91db-b1630c382554\"\n/>\n\n\n##
Testing\nOnce you send a request to one of the deprecated endpoints it
should\nshow up in Upgrade Assistant
at\n`<basePath>/app/management/stack/upgrade_assistant/kibana_deprecations`.\nPlease
refer to [this\nticket](https://github.com/elastic/kibana/issues/193184)
for the list of\ndeprecated endpoints.\n\nWork started on:
16-Jan-2025","sha":"33145379e57825f022dffa8405ded308d5eba8d0"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
2025-01-22 20:18:33 +00:00

2057 lines
73 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[[breaking-changes-summary]]
== Upgrade notes
////
USE THE FOLLOWING TEMPLATE to add entries to this document, from "[discrete]" to the last "====" included.
[discrete]
[[REPO-PR]]
.[FEATURE] TITLE TO DESCRIBE THE CHANGE. (VERSION)
[%collapsible]
====
*Details* +
ADD MORE DETAILS ON WHAT IS CHANGING AND A LINK TO THE PR INTRODUCING THE CHANGE
*Impact* +
ADD INFORMATION ABOUT WHAT THIS CHANGE WILL BREAK FOR USERS
*Action* +
ADD INSTRUCTIONS FOR USERS LOOKING TO UPGRADE. HOW CAN THEY WORK AROUND THIS?
====
1. Copy and edit the template in the right area section of this file. Most recent entries should be at the top of the section.
2. Edit the anchor ID [[REPO-PR]] of the template with proper values.
3. Don't hardcode the link to the new entry. Instead, make it available through the doc link service files:
- https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-doc-links/src/get_doc_links.ts
- https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-doc-links/src/types.ts
The entry in the main links file should look like this:
id: `${KIBANA_DOCS}breaking-changes-summary.html#REPO-PR`
Where:
- `id` is the ID of your choice.
- `REPO-PR` is the anchor ID that you assigned to the entry in this upgrade document.
4. You can then call the link from any Kibana code. For example: `href: docLinks.links.upgradeAssistant.id`
Check https://docs.elastic.dev/docs/kibana-doc-links (internal) for more details about the Doc links service.
////
Before you upgrade, review the breaking changes and deprecations introduced in {kib} 8.x, then mitigate the impact.
For Elastic Security release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_].
[float]
=== Breaking changes
[float]
==== Kibana APIs
[discrete]
[[breaking-207091]]
.Removed legacy security rules bulk endpoints (9.0.0)
[%collapsible]
====
*Details* +
--
* `POST /api/detection_engine/rules/_bulk_create` has been replaced by `POST /api/detection_engine/rules/_import`
* `PUT /api/detection_engine/rules/_bulk_update` has been replaced by `POST /api/detection_engine/rules/_bulk_action`
* `PATCH /api/detection_engine/rules/_bulk_update has been replaced by `POST /api/detection_engine/rules/_bulk_action`
* `DELETE /api/detection_engine/rules/_bulk_delete` has been replaced by `POST /api/detection_engine/rules/_bulk_action`
* `POST api/detection_engine/rules/_bulk_delete` has been replaced by `POST /api/detection_engine/rules/_bulk_action`
--
These changes were introduced in {kibana-pull}197422[#197422].
*Impact* +
Deprecated endpoints will fail with a 404 status code starting from version 9.0.0
*Action* +
--
Update your implementations to use the new endpoints:
* **For bulk creation of rules:**
- Use `POST /api/detection_engine/rules/_import` (link:{api-kibana}/operation/operation-importrules[API documentation]) to create multiple rules along with their associated entities (for example, exceptions and action connectors).
- Alternatively, create rules individually using `POST /api/detection_engine/rules` (link:{api-kibana}/operation/operation-createrule[API documentation]).
* **For bulk updates of rules:**
- Use `POST /api/detection_engine/rules/_bulk_action` (link:{api-kibana}/operation/operation-performrulesbulkaction[API documentation]) to update fields in multiple rules simultaneously.
- Alternatively, update rules individually using `PUT /api/detection_engine/rules` (link:{api-kibana}/operation/operation-updaterule[API documentation]).
* **For bulk deletion of rules:**
- Use `POST /api/detection_engine/rules/_bulk_action` (link:{api-kibana}/operation/operation-performrulesbulkaction[API documentation]) to delete multiple rules by IDs or query.
- Alternatively, delete rules individually using `DELETE /api/detection_engine/rules` (link:{api-kibana}/operation/operation-deleterule[API documentation]).
--
====
[discrete]
[[breaking-199598]]
.Remove deprecated endpoint management endpoints (9.0.0)
[%collapsible]
====
*Details* +
--
* `POST /api/endpoint/isolate` has been replaced by `POST /api/endpoint/action/isolate`
* `POST /api/endpoint/unisolate` has been replaced by `POST /api/endpoint/action/unisolate`
* `GET /api/endpoint/policy/summaries` has been deprecated without replacement. Will be removed in v9.0.0
* `POST /api/endpoint/suggestions/{suggestion_type}` has been deprecated without replacement. Will be removed in v9.0.0
* `GET /api/endpoint/action_log/{agent_id}` has been deprecated without replacement. Will be removed in v9.0.0
* `GET /api/endpoint/metadata/transforms` has been deprecated without replacement. Will be removed in v9.0.0
--
*Impact* +
Deprecated endpoints will fail with a 404 status code starting from version 9.0.0
*Action* +
--
* Remove references to `GET /api/endpoint/policy/summaries` endpoint.
* Remove references to `POST /api/endpoint/suggestions/{suggestion_type}` endpoint.
* Remove references to `GET /api/endpoint/action_log/{agent_id}` endpoint.
* Remove references to `GET /api/endpoint/metadata/transforms` endpoint.
* Replace references to deprecated endpoints with the replacements listed in the breaking change details.
--
====
[discrete]
[[breaking-201550]]
.Removed legacy alerting endpoints (9.0.0)
[%collapsible]
====
*Details* +
--
* `POST /api/alerts/alert/{id?}` has been replaced by `POST /api/alerting/rule/{id?}`
* `GET /api/alerts/alert/{id}` has been replaced by `GET /api/alerting/rule/{id}`
* `PUT /api/alerts/alert/{id}` has been replaced by `PUT /api/alerting/rule/rule/{id}`
* `DELETE: /api/alerts/alert/{id}` has been replaced by `DELETE /api/alerting/rule/{id}`
* `POST /api/alerts/alert/{id}/_disable` has been replaced by `POST /api/alerting/rule/{id}/_disable`
* `POST /api/alerts/alert/{id}/_enable` has been replaced by `POST /api/alerting/rule/{id}/_enable`
* `GET /api/alerts/_find` has been replaced by `GET /api/alerting/rules/_find`
* `GET /api/alerts/_health` has been replaced by `GET /api/alerting/rule/_health`
* `GET /api/alerts/list_alert_types` has been replaced by `GET /api/alerting/rule_types`
* `POST /api/alerts/alert/{alert_id}/alert_instance/{alert_instance_id}/_mute` has been replaced by `POST /api/alerting/rule/{rule_id}/alert/{alert_id}/_mute`
* `POST /api/alerts/alert/{alert_id}/alert_instance/{alert_instance_id}/_unmute` has been replaced by `POST /api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute`
* `POST /api/alerts/alert/{id}/_mute_all` has been replaced by `POST /api/alerting/rule/{id}/_mute_all`
* `POST /api/alerts/alert/{id}/_unmute_all` has been replaced by `POST /api/alerting/rule/{id}/_unmute_all`
* `POST /api/alerts/alert/{id}/_update_api_key` has been replaced by `POST /api/alerting/rule/{id}/_update_api_key`
* `GET /api/alerts/{id}/_instance_summary` has been deprecated without replacement. Will be removed in v9.0.0
* `GET /api/alerts/{id}/state` has been deprecated without replacement. Will be removed in v9.0.0
--
*Impact* +
Deprecated endpoints will fail with a 404 status code starting from version 9.0.0
*Action* +
Remove references to `GET /api/alerts/{id}/_instance_summary` endpoint.
Remove references to `GET /api/alerts/{id}/state` endpoint.
Replace references to endpoints listed as deprecated by it's replacement. See `Details` section.
The updated APIs can be found here https://www.elastic.co/docs/api/doc/kibana/v8/group/endpoint-alerting
====
[[breaking-201004]]
.Removed legacy cases endpoints (9.0.0)
[%collapsible]
====
*Details* +
--
* `GET /api/cases/status` has been deprecated with no replacement. Deleted in v9.0.0
* `GET /api/cases/{case_id}/comments` has been replaced by `GET /api/cases/{case_id}/comments/_find` released in v7.13
* `GET /api/cases/<case_id>/user_actions` has been replaced by `GET /api/cases/<case_id>/user_actions/_find` released in v8.7
* `includeComments` parameter in `GET /api/cases/{case_id}` has been deprecated. Use `GET /api/cases/{case_id}/comments/_find` instead, released in v7.13
--
*Impact* +
Deprecated endpoints will fail with a 404 status code starting from version 9.0.0
*Action* +
Remove references to `GET /api/cases/status` endpoint.
Replace references to deprecated endpoints with the replacements listed in the breaking change details.
====
[[breaking-199656]]
.Removed all security v1 endpoints (9.0.0)
[%collapsible]
====
*Details* +
All `v1` Kibana security HTTP endpoints have been removed.
`GET /api/security/v1/logout` has been replaced by `GET /api/security/logout`
`GET /api/security/v1/oidc/implicit` has been replaced by `GET /api/security/oidc/implicit`
`GET /api/security/v1/oidc` has been replaced by GET `/api/security/oidc/callback`
`POST /api/security/v1/oidc` has been replaced by POST `/api/security/oidc/initiate_login`
`POST /api/security/v1/saml` has been replaced by POST `/api/security/saml/callback`
`GET /api/security/v1/me` has been removed with no replacement.
For more information, refer to {kibana-pull}199656[#199656].
*Impact* +
Any HTTP API calls to the `v1` Kibana security endpoints will fail with a 404 status code starting from version 9.0.0.
Third party OIDC and SAML identity providers configured with `v1` endpoints will no longer work.
*Action* +
Update any OIDC and SAML identity providers to reference the corresponding replacement endpoint listed above.
Remove references to the `/api/security/v1/me` endpoint from any automations, applications, tooling, and scripts.
====
[discrete]
[[breaking-193792]]
.Access to all internal APIs is blocked (9.0.0)
[%collapsible]
====
*Details* +
Access to internal Kibana HTTP APIs is restricted from version 9.0.0. This is to ensure
that HTTP API integrations with Kibana avoid unexpected breaking changes.
Refer to {kibana-pull}193792[#193792].
*Impact* +
Any HTTP API calls to internal Kibana endpoints will fail with a 400 status code starting
from version 9.0.0.
*Action* +
**Do not integrate with internal HTTP APIs**. They may change or be removed without notice,
and lead to unexpected behaviors. If you would like some capability to be exposed over an
HTTP API, https://github.com/elastic/kibana/issues/new/choose[create an issue].
We would love to discuss your use case.
====
[discrete]
[[breaking-162506]]
.Get case metrics APIs became internal. (8.10)
[%collapsible]
====
*Details* +
The get case metrics APIs are now internal. For more information, refer to ({kibana-pull}162506[#162506]).
====
[discrete]
[[breaking-155470]]
.Removed legacy project monitor API. (8.8)
[%collapsible]
====
*Details* +
The project monitor API for Synthetics in Elastic Observability has been removed. For more information, refer to {kibana-pull}155470[#155470].
*Impact* +
In 8.8.0 and later, an error appears when you use the project monitor API.
====
[discrete]
[[breaking-147616]]
.Removed the `current_upgrades` endpoint. (8.7)
[%collapsible]
====
*Details* +
The `/api/fleet/current_upgrades` endpoint has been removed. For more information, refer to {kibana-pull}147616[#147616].
*Impact* +
When you upgrade to 8.7.0, use the `api/fleet/agents/action_status` endpoint.
====
[discrete]
[[breaking-147199]]
.Removed the `preconfiguration` API route. (8.7)
[%collapsible]
====
*Details* +
The `/api/fleet/setup/preconfiguration` API, which was released as generally available by error, has been removed. For more information, refer to {kibana-pull}147199[#147199].
*Impact* +
Do not use `/api/fleet/setup/preconfiguration`. To manage preconfigured agent policies, use kibana.yml. For more information, check link:https://www.elastic.co/guide/en/kibana/current/fleet-settings-kb.html#_preconfiguration_settings_for_advanced_use_cases[Preconfigured settings].
====
[discrete]
[[breaking-141757]]
.Updated bulk action API to return actionId instead of agent success. (8.5)
[%collapsible]
====
*Details* +
To make bulk action responses consistent, returns `actionId` instead of agent ids with `success: True` or `success: False` results. For more information, refer to {kibana-pull}141757[#141757].
*Impact* +
When you use `FleetBulkResponse`, you now receive only `actionId` responses.
====
[discrete]
[[breaking-116821]]
.Removed deprecated config fields from Logs and Metrics APIs and saved objects. (8.0)
[%collapsible]
====
*Details* +
On the Logs and Metrics UIs, references to the following API and saved object deprecated fields have been removed:
* `timestamp`
* `tiebreaker`
* `container`
* `pod`
* `host`
For more information, refer to {kibana-pull}116821[#116821] and {kibana-pull}115874[#115874].
*Impact* +
When you upgrade to 8.0.0, you are unable to use references to the deprecated fields.
====
[discrete]
[[breaking-114730]]
.Removed `/api/settings`. (8.0)
[%collapsible]
====
*Details* +
The `/api/settings` REST API has been removed. For more information, refer to {kibana-pull}114730[#114730].
*Impact* +
Use `/api/stats`.
====
[discrete]
[[breaking-110830]]
.Changed the `GET /api/status` default behavior. (8.0)
[%collapsible]
====
*Details* +
`GET /api/status` reports a new and more verbose payload. For more information, refer to {kibana-pull}110830[#110830].
*Impact* +
To retrieve the {kib} status in the previous format, use `GET /api/status?v7format=true`.
====
[float]
==== Kibana platform
// Alerting
[discrete]
[[breaking-170635]]
.[Alerting] A new sub-feature privilege to control user access to the cases settings. (8.12)
[%collapsible]
====
*Details* +
Roles with at least a sub-feature privilege configured will not have access to the cases setting like they had previously. All roles without a sub-feature privilege configured will not be affected. For more information, refer to ({kibana-pull}170635[#170635]).
====
[discrete]
[[breaking-162492]]
.[Alerting] New case limits. (8.10)
[%collapsible]
====
*Details* +
Limits are now imposed on the number of objects cases can process or the amount of data those objects can store.
////
For example:
* Updating a case comment is now included in the 10000 user actions restriction. ({kibana-pull}163150[#163150])
* Updating a case now fails if the operation makes it reach more than 10000 user actions. ({kibana-pull}161848[#161848])
* The total number of characters per comment is limited to 30000. ({kibana-pull}161357[#161357])
* The getConnectors API now limits the number of supported connectors returned to 1000. ({kibana-pull}161282[#161282])
* There are new limits and restrictions when retrieving cases. ({kibana-pull}162411[#162411]), ({kibana-pull}162245[#162245]), ({kibana-pull}161111[#161111]), ({kibana-pull}160705[#160705])
* A case can now only have 100 external references and persistable state(excluding files) attachments combined. ({kibana-pull}162071[#162071]).
* New limits on titles, descriptions, tags and category. ({kibana-pull}160844[#160844]).
* The maximum number of cases that can be updated simultaneously is now 100. The minimum is 1. ({kibana-pull}161076[#161076]).
* The Delete cases API now limits the number of cases to be deleted to 100.({kibana-pull}160846[#160846]).
////
For the full list, refer to {kib-issue}146945[#146945].
====
[discrete]
[[breaking-147985]]
.[Alerting] Changed privileges for alerts and cases. (8.8)
[%collapsible]
====
*Details* +
The privileges for attaching alerts to cases has changed. For more information, refer to {kibana-pull}147985[#147985].
*Impact* +
To attach alerts to cases, you must have `Read` access to an {observability} or Security feature that has alerts and `All` access to the **Cases** feature. For detailed information, check link:https://www.elastic.co/guide/en/kibana/current/kibana-privileges.html[{kib} privileges] and link:https://www.elastic.co/guide/en/kibana/current/setup-cases.html[Configure access to cases].
====
[discrete]
.[Alerting] Removed support for `monitoring.cluster_alerts.allowedSpaces`. (8.0)
[%collapsible]
====
*Details* +
The `monitoring.cluster_alerts.allowedSpaces` setting, which {kib} uses to create Stack Monitoring alerts, has been removed. For more information, refer to {kibana-pull}123229[#123229].
*Impact* +
Before you upgrade to 8.0.0, remove `monitoring.cluster_alerts.allowedSpaces` from kibana.yml.
====
[discrete]
[[breaking-114558]]
.[Alerting] Removed `xpack.task_manager.index` setting. (8.0)
[%collapsible]
====
*Details* +
The `xpack.task_manager.index` setting has been removed. For more information, refer to {kibana-pull}114558[#114558].
*Impact* +
Before you upgrade to 8.0.0, remove `xpack.task_manager.index` from kibana.yml.
====
[discrete]
[[breaking-113461]]
.[Alerting] Removed ability to remove Elastic-managed plugins. (8.0)
[%collapsible]
====
*Details* +
The `xpack.actions.enabled` setting has been removed. For more information, refer to {kibana-pull}113461[#113461].
*Impact* +
Before you upgrade to 8.0.0, remove `xpack.actions.enabled` from kibana.yml.
====
[discrete]
[[breaking-legacy-rbac]]
.[Alerting] Legacy RBAC exemption (9.0.0)
[%collapsible]
====
*Details* +
The legacy role-based action control exemption for alerting rules has been removed in version 9.0.0.
*Impact* +
Any alerting rules that rely on the legacy exemption will fail to trigger actions for alerts starting
from version 9.0.0.
*Action* +
To identify the affected rules run the following query in *{dev-tools-app}*:
[source,js]
----------------------------------
GET .kibana*/_search
{
"runtime_mappings": {
"apiKeyVersion": {
"type": "keyword",
"script": {
"source": "def alert = params._source['alert']; if (alert != null) { def meta = alert.meta; if (meta != null) { emit(meta.versionApiKeyLastmodified); } else { emit('');}}"
}
}
},
"size": 10000,
"query": {
"bool": {
"filter": [
{
"term": {
"type": "alert"
}
},
{
"term": {
"apiKeyVersion": "pre-7.10.0"
}
}
]
}
},
"_source": ["alert.name", "namespaces"]
}
----------------------------------
To use normal RBAC authorization, edit each affected rule to update the API key.
====
// Data views
[discrete]
[[breaking-139431]]
.[Data views] Removed filter validation for ad-hoc data views (8.5)
[%collapsible]
====
*Details* +
Filters associated with unknown data views, such as deleted data views, are no longer automatically disabled. For more information, refer to {kibana-pull}139431[#139431].
*Impact* +
Filters associated with unknown data views now display a warning message instead of being automatically disabled.
====
// Dev tools
[discrete]
[[breaking-159041]]
.[Dev tools] The `addProcessorDefinition` function was removed from Console. (8.10)
[%collapsible]
====
*Details* +
The function `addProcessorDefinition` is removed from the Console plugin start contract (server side). For more information, refer to ({kibana-pull}159041[#159041]).
====
[discrete]
[[breaking-123754]]
.[Dev tools] Removed the `console.ssl` setting. (8.0)
[%collapsible]
====
*Details* +
The `console.ssl` setting has been removed. For more information, refer to {kibana-pull}123754[#123754].
*Impact* +
Before you upgrade to 8.0.0, remove `console.ssl` from kibana.yml.
====
// ECS
[discrete]
.[Elastic Common Schema] Moved `doc_root.vulnerability.package` to doc_root.package (ECS). (8.11)
[%collapsible]
====
*Details* +
This change updates all instances of `vulnerability.package` to the ECS standard package fieldset. For more information, refer to ({kibana-pull}164651[#164651]).
====
// ESQL
[discrete]
[[breaking-182074]]
.[ES|QL] Renamed an advanced setting to enable {esql}. (8.14)
[%collapsible]
====
*Details* +
The advanced setting which hides {esql} from the UI has been renamed from `discover:enableESQL` to `enableESQL`. It is enabled by default and must be switched off to disable {esql} features from your {kib} applications. For more information, refer to ({kibana-pull}182074[#182074]).
====
[discrete]
[[breaking-174674]]
.[ES|QL] Removed `is_nan`, `is_finite`, and `is_infinite` functions from {esql}. (8.13)
[%collapsible]
====
*Details* +
These functions have been removed from {esql} queries as they are not supported. Errors would be thrown when trying to use them. For more information, refer to ({kibana-pull}174674[#174674]).
====
// Fleet
[discrete]
[[breaking-184036]]
.[Fleet] Added rate limiting to install by upload endpoint. (8.15)
[%collapsible]
====
*Details* +
Rate limiting was added to the upload `api/fleet/epm/packages` endpoint. For more information, refer to {kibana-pull}184036[#184036].
*Impact* +
If you do two or more requests in less than 10 seconds, the subsequent requests fail with `429 Too Many Requests`.
Wait 10 seconds before uploading again.
This change could potentially break automations for users that rely on frequent package uploads.
====
[discrete]
[[breaking-176879]]
.[Fleet]Removed conditional topics for Kafka outputs. (8.13)
[%collapsible]
====
*Details* +
The Kafka output no longer supports conditional topics. For more information, refer to ({kibana-pull}176879[#176879]).
====
[discrete]
[[breaking-176443]]
.[Fleet]Most Fleet installed integrations are now read-only and labelled with a *Managed* tag in the Kibana UI. (8.13)
[%collapsible]
====
*Details* +
Integration content installed by {fleet} is no longer editable. This content is tagged with *Managed* in the {kib} UI, and is Elastic managed. This content cannot be edited or deleted. However, managed visualizations, dashboards, and saved searches can be cloned. The clones can be customized.
When cloning a dashboard the cloned panels become entirely independent copies that are unlinked from the original configurations and dependencies.
For managed content relating to specific visualization editors such as Lens, TSVB, and Maps, the clones retain the original reference configurations. The same applies to editing any saved searches in a managed visualization.
For more information, refer to ({kibana-pull}172393[#172393]).
====
[discrete]
[[breaking-167085]]
.[Fleet] Improved config output validation for default output. (8.11)
[%collapsible]
====
*Details* +
Improve config output validation to not allow to defining multiple default outputs in {kib} configuration. For more information, refer to ({kibana-pull}167085[#167085]).
====
[discrete]
[[breaking-138677]]
.[Fleet] Removed the `package_policies` field from the agent policy saved object. (8.5)
[%collapsible]
====
*Details* +
The bidirectional foreign key between agent policy and package policy has been removed. For more information, refer to {kibana-pull}138677[#138677].
*Impact* +
The agent policy saved object no longer includes the `package_policies` field.
====
[discrete]
[[breaking-135669]]
.[Fleet] xpack.agents.* are now uneditable in UI when defined in kibana.yml. (8.4)
[%collapsible]
====
*Details* +
When you configure `xpack.fleet.agents.fleet_server.hosts` and `xpack.fleet.agents.elasticsearch.hosts` in kibana.yml, you are unable to update the fields on the Fleet UI.
For more information, refer to {kibana-pull}135669[#135669].
*Impact* +
To configure `xpack.fleet.agents.fleet_server.hosts` and `xpack.fleet.agents.elasticsearch.hosts` on the Fleet UI, avoid configuring the settings in kibana.yml.
====
[discrete]
[[breaking-118854]]
.[Fleet] Split package policy `upgrade` endpoint for Fleet. (8.0)
[%collapsible]
====
*Details* +
For package policy upgrades, the packagePolicy `upgrade` endpoint format supports a mutative upgrade operation (when `dryRun: false`) and a read-only dry run operation (when `dryRun: true`):
[source,text]
--
POST /package_policies/upgrade
{
packagePolicyIds: [...],
dryRun: false
}
--
For more information, refer to {kibana-pull}118854[#118854].
*Impact* +
The endpoint is now split into two separate endpoints:
[source,text]
--
POST /package_policies/upgrade
{
packagePolicyIds: [...]
}
POST /package_policies/upgrade/dry_run
{
packagePolicyIds: [...]
}
--
====
// General settings
[discrete]
[[breaking-180986]]
.[General settings] Updated request processing during shutdown. (8.16)
[%collapsible]
====
*Details* +
During shutdown, {kib} now waits for all the ongoing requests to complete according to the `server.shutdownTimeout` setting. During that period, the incoming socket is closed and any new incoming requests are rejected. Before this update, new incoming requests received a response with the status code 503 and body `{"message": "Kibana is shutting down and not accepting new incoming requests"}`. For more information, refer to {kibana-pull}180986[#180986].
====
[discrete]
[[breaking-111535]]
.[General settings] Removed `CONFIG_PATH` and `DATA_PATH` environment variables. (8.0)
[%collapsible]
====
*Details* +
The `CONFIG_PATH` and `DATA_PATH` environment variables have been removed. For more information, refer to {kibana-pull}111535[#111535].
*Impact* +
Replace the `CONFIG_PATH` environment variable with `KBN_PATH_CONF`, and replace `DATA_PATH` with the `path.data` setting.
====
[discrete]
[[breaking-114379]]
.[General settings] Removed support for csp.rules configuration. (8.0)
[%collapsible]
====
*Details* +
Support for the `csp.rules` configuration property has been removed. For more information, refer to {kibana-pull}114379[#114379].
*Impact* +
Configuring the default `csp.script_src`, `csp.workers_src`, and `csp.style_src` values is not required.
====
[discrete]
[[breaking-113653]]
.[General settings] Changed and removed deprecated core settings and deprecated settings from core plugins. (8.0)
[%collapsible]
====
*Details* +
The deprecation notice for `server.cors` has changed from `level:critical` to `level:warning`.
The following settings have changed:
* The `xpack.banners.placement` value of `header` has been renamed to `top`
Support for the following configuration settings has been removed:
* `newsfeed.defaultLanguage`
* `cpu.cgroup.path.override`
* `cpuacct.cgroup.path.override`
* `server.xsrf.whitelist`
* `xpack.xpack_main.xpack_api_polling_frequency_millis`
* `KIBANA_PATH_CONF`
For more information, refer to {kibana-pull}113653[#113653].
*Impact* +
* The `header` value provided to the `xpack.banners.placement` configuration has been renamed to 'top'
* The `newsfeed.defaultLanguage` newsfeed items are retrieved based on the browser locale and default to English
* Replace `cpu.cgroup.path.override` with `ops.cGroupOverrides.cpuPath`
* Replace `cpuacct.cgroup.path.override` with `ops.cGroupOverrides.cpuAcctPath`
* Replace `server.xsrf.whitelist` with `server.xsrf.allowlist`
* Replace `xpack.xpack_main.xpack_api_polling_frequency_millis` with `xpack.licensing.api_polling_frequency`
* Replace `KIBANA_PATH_CONF` path to the {kib} configuration file using the `KBN_PATH_CONF` environment variable
====
[discrete]
[[breaking-113495]]
.[General settings] Removed `enabled` settings from plugins. (8.0)
[%collapsible]
====
*Details* +
Using `{plugin_name}.enabled` to disable plugins has been removed. Some plugins, such as `telemetry`, `newsfeed`, `reporting`, and the various `vis_type` plugins will continue to support this setting. All other {kib} plugins will not support this setting. Any new plugin will support this setting only when specified in the `configSchema`. For more information, refer to {kibana-pull}113495[#113495].
The `xpack.security.enabled` setting has been removed. For more information, refer to {kibana-pull}111681[#111681].
*Impact* +
Before you upgrade to 8.0.0:
* Remove `{plugin_name}.enabled` from kibana.yml. If you use the setting to control user access to {kib} applications, use <<tutorial-secure-access-to-kibana,*Features* controls>> instead.
* Replace `xpack.security.enabled` with {ref}/security-settings.html#general-security-settings[`xpack.security.enabled`] in elasticsearch.yml.
====
[discrete]
[[breaking-113367]]
.[General settings] Removed `--plugin-dir` cli option. (8.0)
[%collapsible]
====
*Details* +
The `plugins.scanDirs` setting and `--plugin-dir` cli option have been removed. For more information, refer to {kibana-pull}113367[#113367].
*Impact* +
Before you upgrade to 8.0.0, remove `plugins.scanDirs` from kibana.yml.
====
[discrete]
[[breaking-113296]]
.[General settings] Removed support for `optimize.*` settings. (8.0)
[%collapsible]
====
*Details* +
The legacy `optimize.*` settings have been removed. If your configuration uses the following legacy `optimize.*` settings, {kib} fails to start:
* `optimize.lazy`
* `optimize.lazyPort`
* `optimize.lazyHost`
* `optimize.lazyPrebuild`
* `optimize.lazyProxyTimeout`
* `optimize.enabled`
* `optimize.bundleFilter`
* `optimize.bundleDir`
* `optimize.viewCaching`
* `optimize.watch`
* `optimize.watchPort`
* `optimize.watchHost`
* `optimize.watchPrebuild`
* `optimize.watchProxyTimeout`
* `optimize.useBundleCache`
* `optimize.sourceMaps`
* `optimize.workers`
* `optimize.profile`
* `optimize.validateSyntaxOfNodeModules`
For more information, refer to {kibana-pull}113296[#113296].
*Impact* +
To run the `@kbn/optimizer` separately in development, pass `--no-optimizer` to `yarn start`. For more details, refer to {kibana-pull}73154[#73154].
====
[discrete]
[[breaking-113173]]
.[General settings] Removed `so/server/es` settings. (8.0)
[%collapsible]
====
*Details* +
Some of the `savedObjects`, `server`, and `elasticsearch` settings have been removed. If your configuration uses the following settings, {kib} fails to start:
* `savedObjects.indexCheckTimeout`
* `server.xsrf.token`
* `elasticsearch.preserveHost`
* `elasticsearch.startupTimeout`
For more information, refer to {kibana-pull}113173[#113173].
*Impact* +
Before you upgrade to 8.0.0., remove these settings from kibana.yml.
====
[discrete]
[[breaking-113068]]
.[General settings] Added requirement for inline scripting. (8.0)
[%collapsible]
====
*Details* +
To start {kib}, you must enable inline scripting in {es}. For more information, refer to {kibana-pull}113068[#113068].
*Impact* +
Enable {ref}/modules-scripting-security.html[inline scripting].
====
[discrete]
[[breaking-112773]]
.[General settings] Removed `kibana.index` settings. (8.0)
[%collapsible]
====
*Details* +
The `kibana.index`, `xpack.reporting.index`, and `xpack.task_manager.index` settings have been removed. For more information, refer to {kibana-pull}112773[#112773].
*Impact* +
Use spaces, cross-cluster replication, or cross-cluster search. To migrate to <<xpack-spaces,spaces>>, export your <<managing-saved-objects, saved objects>> from a tenant into the default space. For more details, refer to link:https://github.com/elastic/kibana/issues/82020[#82020].
====
[discrete]
[[breaking-112305]]
.[General settings] Removed legacy logging. (8.0)
[%collapsible]
====
*Details* +
The logging configuration and log output format has changed. For more information, refer to {kibana-pull}112305[#112305].
*Impact* +
Use the new <<logging-configuration,logging system configuration>>.
====
[discrete]
[[breaking-109798]]
.[General settings] Removed `kibana.defaultAppId` setting. (8.0)
[%collapsible]
====
*Details* +
The deprecated `kibana.defaultAppId` setting in kibana.yml, which is also available as `kibana_legacy.defaultAppId`, has been removed. For more information, refer to {kibana-pull}109798[#109798].
*Impact* +
When you upgrade, remove `kibana.defaultAppId` from your kibana.yml file. To configure the default route for users when they enter a space, use the <<defaultroute,`defaultRoute`>> in *Advanced Settings*.
====
[discrete]
[[breaking-109350]]
.[General settings] Removed `courier:batchSearches` setting. (8.0)
[%collapsible]
====
*Details* +
The deprecated `courier:batchSearches` setting in *Advanced Settings* has been removed. For more information, refer to {kibana-pull}109350[#109350].
*Impact* +
When you upgrade, the `courier:batchSearches` setting will no longer be available.
====
[discrete]
[[breaking-106061]]
.[General settings] New session timeout defaults. (8.0)
[%collapsible]
====
*Details* +
The default values for the session timeout `xpack.security.session.{lifespan|idleTimeout}` settings have changed. For more information, refer to {kibana-pull}106061[#106061]
*Impact* +
The new default values are as follows:
* `xpack.security.session.idleTimeout: 3d`
* `xpack.security.session.lifespan: 30d`
====
[discrete]
[[breaking-87114]]
.[General settings] Removed support for setting `server.host` to '0'. (8.0)
[%collapsible]
====
*Details* +
Support for configuring {kib} with `0` as the `server.host` has been removed. Please use `0.0.0.0` instead. For more information, refer to {kibana-pull}87114[#87114]
*Impact* +
You are now unable to use `0` as the `server.host`.
====
[discrete]
[[breaking-38657]]
.[General settings] Removed `xpack.security.public` and `xpack.security.authProviders` settings. (8.0)
[%collapsible]
====
*Details* +
The `xpack.security.public` and `xpack.security.authProviders` settings have been removed. For more information, refer to {kibana-pull}38657[#38657]
*Impact* +
Use the `xpack.security.authc.saml.realm` and `xpack.security.authc.providers` settings.
====
[discrete]
[[breaking-22696]]
.[General settings] Removed `logging.useUTC` setting. (8.0)
[%collapsible]
====
*Details* +
The `logging.useUTC` setting has been removed. For more information, refer to {kibana-pull}22696[#22696]
*Impact* +
The default timezone is UTC. To change the timezone, set `logging.timezone: false` in kibana.yml. Change the timezone when the system, such as a docker container, is configured for a nonlocal timezone.
====
// Index management
[discrete]
[[breaking-35173]]
.[Index management] Removed support for time-based interval index patterns. (8.0)
[%collapsible]
====
*Details* +
Time-based interval index patterns were deprecated in 5.x. In 6.x, you could no longer create time-based interval index patterns, but they continued to function as expected. Support for these index patterns has been removed in 8.0. For more information, refer to {kibana-pull}35173[#35173]
*Impact* +
You must migrate your time_based index patterns to a wildcard pattern. For example, logstash-*.
====
// Logs
[discrete]
[[breaking-115974]]
.[Logs] Removed deprecated alias config entries. (8.0)
[%collapsible]
====
*Details* +
The deprecated `xpack.infra.sources.default.logAlias` and `xpack.infra.sources.default.logAlias` settings have been removed. For more information, refer to {kibana-pull}115974[#115974].
*Impact* +
Before you upgrade, remove the settings from kibana.yml, then configure the settings in <<logs-app,Logs>>.
====
[discrete]
[[breaking-61302]]
.[Logs] Removed configurable fields in settings. (8.0)
[%collapsible]
====
*Details* +
The *Logs* and *Metrics* configurable fields settings have been removed. For more information, refer to {kibana-pull}61302[#61302].
*Impact* +
Configure the settings in https://www.elastic.co/guide/en/ecs/current/ecs-reference.html[ECS].
====
// Machine Learning
[discrete]
[[breaking-119945]]
.[Machine learning] Removed APM jobs from Machine Learning. (8.0)
[%collapsible]
====
*Details* +
APM Node.js and RUM JavaScript anomaly detection job modules have been removed. For more information, refer to {kibana-pull}119945[#119945].
*Impact* +
When you upgrade to 8.0.0, you are unable to create and view the APM Node.js and RUM JavaScript jobs in Machine Learning.
====
[discrete]
[[breaking-115444]]
.[Machine learning] Granted access to machine learning features when base privileges are used. (8.0)
[%collapsible]
====
*Details* +
Machine learning features are included as base privileges. For more information, refer to {kibana-pull}115444[#115444].
*Impact* +
If you do not want to grant users privileges to machine learning features, update <<xpack-security,*Users* and *Roles*>>.
====
// Osquery
[discrete]
[[breaking-134855]]
.[Osquery] "All" base privilege option now also applies to Osquery. (8.3)
[%collapsible]
====
*Details* +
The Osquery {kib} privilege has been updated, so that when the *Privileges for all features level* is set to *All*, this now applies *All* to Osquery privileges as well. Previously, users had to choose the *Customize* option to grant any access to Osquery. For more information, refer to {kibana-pull}130523[#130523].
*Impact* +
This impacts user roles that have *Privileges for all features* set to *All*. After this update, users with this role will have access to the Osquery page in {kib}. However, to use the Osquery feature fully, these requirements remain the same: users also need Read access to the logs-osquery_manager.result* index and the Osquery Manager integration must be deployed to Elastic Agents.
====
// Saved objects
[discrete]
[[breaking-118300]]
.[Saved objects] Fail migrations for saved objects with unknown types. (8.0)
[%collapsible]
====
*Details* +
Unknown saved object types now cause {kib} migrations to fail. For more information, refer to {kibana-issue}107678[#107678].
*Impact* +
To complete the migration, re-enable plugins or delete documents from the index in the previous version.
====
[discrete]
[[breaking-110738]]
.[Saved objects] Removed support for legacy exports. (8.0)
[%collapsible]
====
*Details* +
In {kib} 8.0.0 and later, the legacy format from {kib} 6.x is unsupported. For more information, refer to {kibana-pull}110738[#110738]
*Impact* +
Using the user interface to import saved objects is restricted to `.ndjson` format imports.
====
// Security
[discrete]
[[breaking-116191]]
.[Security] Removed legacy audit logger. (8.0)
[%collapsible]
====
*Details* +
The legacy audit logger has been removed. For more information, refer to {kibana-pull}116191[#116191].
*Impact* +
Audit logs will be written to the default location in the new ECS format. To change the output file, filter events, and more, use the <<audit-logging-settings, audit logging settings>>.
====
[discrete]
[[breaking-41700]]
.[Security] Legacy browsers rejected by default. (8.0)
[%collapsible]
====
*Details* +
To provide the maximum level of protection for most installations, the csp.strict config is now enabled by default. Legacy browsers not supported by Kibana, such as Internet Explorer 11, are unable to access {kib} unless explicitly enabled. All browsers officially supported by Kibana do not have this issue. For more information, refer to {kibana-pull}41700[#41700]
*Impact* +
To enable support for legacy browsers, set `csp.strict: false` in kibana.yml. To effectively enforce the security protocol, we strongly discourage disabling `csp.strict` unless it is critical that you support Internet Explorer 11.
====
// Setup
[discrete]
[[breaking-93835]]
.[Setup] Removed platform from archive root directory. (8.0)
[%collapsible]
====
*Details* +
After you extract an archive, the output directory no longer includes the target platform. For example, `kibana-8.0.0-linux-aarch64.tar.gz` produces a `kibana-8.0.0` folder. For more information, refer to {kibana-pull}93835[#93835].
*Impact* +
To use the new folder, update the configuration management tools and automation.
====
[discrete]
[[breaking-90511]]
.[Setup] Removed default support for TLS v1.0 and v1.1. (8.0)
[%collapsible]
====
*Details* +
The default support for TLS v1.0 and v1.1 has been removed. For more information, refer to {kibana-pull}90511[#90511].
*Impact* +
To enable support, set `--tls-min-1.0` in the `node.options` configuration file. To locate the configuration file, go to the kibana/config folder or any other configuration with the `KBN_PATH_CONF` environment variable. For example, if you are using a Debian-based system, the configuration file is located in /etc/kibana.
====
[discrete]
[[breaking-74424]]
.[Setup] Removed support for sysv init. (8.0)
[%collapsible]
====
*Details* +
All supported operating systems use systemd service files. Any system that doesnt have `service` aliased to use kibana.service should use `systemctl start kibana.service` instead of `service start kibana`. For more information, refer to {kibana-pull}74424[#74424].
*Impact* +
If your installation uses .deb or .rpm packages with SysV, migrate to systemd.
====
[discrete]
[[breaking-42353]]
.[Setup] Disabled response logging as a default. (8.0)
[%collapsible]
====
*Details* +
In previous versions, all events are logged in `json` when `logging.json:true`. With the new logging configuration, you can choose the `json` and pattern output formats with layouts. For more information, refer to {kibana-pull}42353[#42353].
*Impact* +
To restore the previous behavior, configure the logging format for each custom appender with the `appender.layout property` in kibana.yml. There is no default for custom appenders, and each appender must be configured explicitly.
////
[source,yaml]
----
logging:
appenders:
custom_console:
type: console
layout:
type: pattern
custom_json:
type: console
layout:
type: json
loggers:
- name: plugins.myPlugin
appenders: [custom_console]
root:
appenders: [default, custom_json]
level: warn
----
////
====
// Sharing and reporting
[discrete]
[[breaking-162288]]
.[Sharing & Reporting] The Download CSV endpoint has changed. (8.10)
[%collapsible]
====
*Details* +
The API endpoint for downloading a CSV file from a saved search in the Dashboard application has changed to reflect the fact that this is an internal API. The previous API path of
`/api/reporting/v1/generate/immediate/csv_searchsource` has been changed to `/internal/reporting/generate/immediate/csv_searchsource`. For more information, refer to {kibana-pull}162288[#162288].
====
[discrete]
[[breaking-158338]]
.[Sharing & Reporting] CSV reports now use PIT instead of Scroll. (8.6)
[%collapsible]
====
*Details* +
CSV reports now use PIT instead of Scroll. Previously generated CSV reports that used an index alias with alias-only privileges, but without privileges on the alias referenced-indices will no longer generate. For more information, refer to {kibana-pull}158338[#158338].
*Impact* +
To generate CSV reports, grant `read` privileges to the underlying indices.
====
[discrete]
[[breaking-121435]]
.[Sharing & Reporting] Removed legacy CSV export type. (8.1)
[%collapsible]
====
*Details* +
The `/api/reporting/generate/csv` endpoint has been removed. For more information, refer to {kibana-pull}121435[#121435].
*Impact* +
If you are using 7.13.0 and earlier, {kibana-ref-all}/8.1/automating-report-generation.html[regenerate the POST URLs] that you use to automatically generate CSV reports.
====
[discrete]
[[breaking-121369]]
.[Sharing & Reporting]Removed legacy PDF shim. (8.1)
[%collapsible]
====
*Details* +
The POST URLs that you generated in {kib} 6.2.0 no longer work. For more information, refer to {kibana-pull}121369[#121369].
*Impact* +
{kibana-ref-all}/8.1/automating-report-generation.html[Regenerate the POST URLs] that you use to automatatically generate PDF reports.
====
[discrete]
[[breaking-114216]]
.[Sharing & Reporting] Removed reporting settings. (8.0)
[%collapsible]
====
*Details* +
The following settings have been removed:
* `xpack.reporting.capture.concurrency`
* `xpack.reporting.capture.settleTime`
* `xpack.reporting.capture.timeout`
* `xpack.reporting.kibanaApp`
For more information, refer to {kibana-pull}114216[#114216].
*Impact* +
Before you upgrade to 8.0.0, remove the settings from kibana.yml.
====
[discrete]
[[breaking-52539]]
.[Sharing & Reporting] Legacy job parameters are no longer supported. (8.0)
[%collapsible]
====
*Details* +
*Reporting* is no longer compatible with POST URL snippets generated with {kib} 6.2.0 and earlier. For more information, refer to {kibana-pull}52539[#52539]
*Impact* +
If you use POST URL snippets to automatically generate PDF reports, regenerate the POST URL strings.
====
// User management
[discrete]
[[breaking-122722]]
.[User management] Removed the ability to use `elasticsearch.username: elastic` in production. (8.0)
[%collapsible]
====
*Details* +
In production, you are no longer able to use the `elastic` superuser to authenticate to {es}. For more information, refer to {kibana-pull}122722[#122722].
*Impact* +
When you configure `elasticsearch.username: elastic`, {kib} fails.
====
// Visualizations and dashboards
[discrete]
[[breaking-149482]]
.[Visualizations] Removed the fields list sampling setting from Lens. (8.7)
[%collapsible]
====
*Details* +
`lens:useFieldExistenceSampling` has been removed from *Advanced Settings*. The setting allowed you to enable document sampling to determine the fields that are displayed in *Lens*. For more information, refer to {kibana-pull}149482[#149482].
*Impact* +
In 8.1.0 and later, {kib} uses the field caps API, by default, to determine the fields that are displayed in *Lens*.
====
[discrete]
[[breaking-146990]]
.[Visualizations] Removed legacy pie chart visualization setting. (8.7)
[%collapsible]
====
*Details* +
`visualization:visualize:legacyPieChartsLibrary` has been removed from *Advanced Settings*. The setting allowed you to create aggregation-based pie chart visualizations using the legacy charts library. For more information, refer to {kibana-pull}146990[#146990].
*Impact* +
In 7.14.0 and later, the new aggregation-based pie chart visualization is available by default. For more information, check <<add-aggregation-based-visualization-panels>>.
====
[discrete]
[[breaking-143081]]
.[Visualizations] Changed the `histogram:maxBars` default setting. (8.6)
[%collapsible]
====
*Details* +
To configure higher resolution data histogram aggregations without changing the *Advanced Settings*, the default histogram:maxBars setting is now 1000 instead of 100. For more information, refer to {kibana-pull}143081[#143081].
*Impact* +
For each {kibana-ref}/xpack-spaces.html[space], complete the following to change *histogram:maxBars* to the previous default setting:
. Open the main menu, then click *Stack Management > Advanced Settings*.
. Scroll or search for *histogram:maxBars*.
. Enter `100`, then click *Save changes*.
====
[discrete]
[[breaking-134336]]
.[Visualizations] Removed the legacy Timelion charts library. (8.4)
[%collapsible]
====
*Details* +
The legacy implementation of the *Timelion* visualization charts library has been removed. All *Timelion* visualizations now use the elastic-charts library, which was introduced in 7.15.0.
For more information, refer to {kibana-pull}134336[#134336].
*Impact* +
In 8.4.0 and later, you are unable to configure the *Timelion* legacy charts library advanced setting. For information about visualization Advanced Settings, check link:https://www.elastic.co/guide/en/kibana/8.4/advanced-options.html#kibana-visualization-settings[Visualization].
====
[discrete]
[[breaking-129581]]
.[Visualizations] Removed Quandl and Graphite integrations. (8.3)
[%collapsible]
====
*Details* +
The experimental `.quandl` and `.graphite` functions and advanced settings are removed from *Timelion*. For more information, check {kibana-pull}129581[#129581].
*Impact* +
When you use the `vis_type_timelion.graphiteUrls` kibana.yml setting, {kib} successfully starts, but logs a `[WARN ][config.deprecation] You no longer need to configure "vis_type_timelion.graphiteUrls".` warning.
To leave your feedback about the removal of `.quandl` and `.graphite`, go to the link:https://discuss.elastic.co/c/elastic-stack/kibana/7[discuss forum].
====
[discrete]
[[breaking-113516]]
.[Visualizations] Removed display options from legacy gauge visualizations. (8.0)
[%collapsible]
====
*Details* +
The *Display warnings* option has been removed from the aggregation-based gauge visualization. For more information, refer to {kibana-pull}113516[#113516].
*Impact* +
When you create aggregation-based gauge visualizations, the *Display warnings* option is no longer available in *Options > Labels*.
====
[discrete]
[[breaking-112643]]
.[Visualizations] Removed settings from visEditors plugins. (8.0)
[%collapsible]
====
*Details* +
The following deprecated visEditors plugin settings have been removed:
* `metric_vis.enabled`
* `table_vis.enabled`
* `tagcloud.enabled`
* `metrics.enabled`
* `metrics.chartResolution`
* `chartResolution`
* `metrics.minimumBucketSize`
* `minimumBucketSize`
* `vega.enabled`
* `vega.enableExternalUrls`
* `vis_type_table.legacyVisEnabled`
* `timelion_vis.enabled`
* `timelion.enabled`
* `timelion.graphiteUrls`
* `timelion.ui.enabled`
For more information, refer to {kibana-pull}112643[#112643].
*Impact* +
Before you upgrade, make the following changes in kibana.yml:
* Replace `metric_vis.enabled` with `vis_type_metric.enabled`
* Replace `table_vis.enabled` with `vis_type_table.enabled`
* Replace `tagcloud.enabled` with `vis_type_tagcloud.enabled`
* Replace `metrics.enabled` with `vis_type_timeseries.enabled`
* Replace `metrics.chartResolution` and `chartResolution` with `vis_type_timeseries.chartResolution`
* Replace `metrics.minimumBucketSize` and `minimumBucketSize` with `vis_type_timeseries.minimumBucketSize`
* Replace `vega.enabled` with `vis_type_vega.enabled`
* Replace `vega.enableExternalUrls` with `vis_type_vega.enableExternalUrls`
* Remove `vis_type_table.legacyVisEnabled`
* Replace `timelion_vis.enabled` with `vis_type_timelion.enabled`
* Replace `timelion.enabled` with `vis_type_timelion.enabled`
* Replace `timelion.graphiteUrls` with `vis_type_timelion.graphiteUrls`
* Remove `timelion.ui.enabled`
====
[discrete]
[[breaking-111704]]
.[Visualizations] Removed dimming opacity setting. (8.0)
[%collapsible]
====
*Details* +
The *Dimming opacity* setting in *Advanced Settings* has been removed. For more information, refer to {kibana-pull}111704[#111704].
*Impact* +
When you upgrade to 8.0.0, you are no longer able to configure the dimming opactiy for visualizations.
====
[discrete]
[[breaking-110985]]
.[Visualizations] Removes Less stylesheet support in TSVB. (8.0)
[%collapsible]
====
*Details* +
In *TSVB*, custom Less stylesheets have been removed. For more information, refer to {kibana-pull}110985[#110985].
*Impact* +
Existing less stylesheets are automatically converted to CSS stylesheets.
====
[discrete]
[[breaking-110571]]
.[Visualizations] Disabled the input string mode in TSVB. (8.0)
[%collapsible]
====
*Details* +
In *TSVB*, the *Index pattern selection mode* option has been removed. For more information, refer to {kibana-pull}110571[#110571].
*Impact* +
To use index patterns and {es} indices in *TSVB* visualizations:
. Open the main menu, then click *Stack Management > Advanced Settings*.
. Select *Allow string indices in TSVB*.
. Click *Save changes*.
====
[discrete]
[[breaking-116184]]
.[Visualizations] Removed proxyElasticMapsServiceInMaps Maps setting. (8.0)
[%collapsible]
====
*Details* +
The `map.proxyElasticMapsServiceInMaps` setting has been removed. For more information, refer to {kibana-pull}116184[#116184].
*Impact* +
Install the on-prem version of the <<maps-connect-to-ems,Elastic Maps Service>>, which is a Docker service that resides in the Elastic Docker registry, in an accessible location on your internal network. When you complete the installation, update kibana.yml to point to the service.
====
[discrete]
[[breaking-109896]]
.[Visualizations] Removed `map.regionmap.*`. (8.0)
[%collapsible]
====
*Details* +
The deprecated `map.regionmap.*` setting in kibana.yml has been removed. For more information, refer to {kibana-pull}109896[#109896].
*Impact* +
If you have maps that use `map.regionmap` layers:
. Remove the `map.regionmap` layer.
. To recreate the choropleth layer, use <<import-geospatial-data,GeoJSON upload>> to index your static vector data into {es}.
. Create a choropleth layer from the indexed vector data.
====
[discrete]
[[breaking-108103]]
.[Visualizations] Removed dashboard-only mode. (8.0)
[%collapsible]
====
*Details* +
The legacy dashboard-only mode has been removed. For more information, refer to {kibana-pull}108103[#108103].
*Impact* +
To grant users access to only dashboards, create a new role, then assign only the *Dashboard* feature privilege. For more information, refer to <<kibana-feature-privileges,{kib} privileges>>.
====
[discrete]
[[breaking-105979]]
.[Visualizations] Removed `xpack.maps.showMapVisualizationTypes` setting. (8.0)
[%collapsible]
====
*Details* +
The deprecated `xpack.maps.showMapVisualizationTypes` setting in kibana.yml has been removed. For more information, refer to {kibana-pull}105979[#105979]
*Impact* +
When you upgrade, remove `xpack.maps.showMapVisualizationTypes` from your kibana.yml file.
====
[float]
==== Elastic Observability solution
[discrete]
[[kibana-132790]]
.[APM] Removed `apm_user`. (8.3)
[%collapsible]
====
*Details* +
Removes the `apm_user` role. For more information, check {kibana-pull}132790[#132790].
*Impact* +
The `apm_user` role is replaced with the `viewer` and `editor` built-in roles.
====
[discrete]
[[breaking-172224]]
.[SLOs]New SLO architecture. (8.12)
[%collapsible]
====
*Details* +
We introduced a breaking change in the SLO features that will break any SLOs created before 8.12. These SLOs have to be manually reset through an API until we provide a UI for it. The data aggregated over time (rollup) is still available in the SLI v2 index, but won't be used for summary calculation when reset.
The previous summary transforms summarizing every SLOs won't be used anymore and can be stopped and deleted:
* slo-summary-occurrences-7d-rolling
* slo-summary-occurrences-30d-rolling
* slo-summary-occurrences-90d-rolling
* slo-summary-occurrences-monthly-aligned
* slo-summary-occurrences-weekly-aligned
* slo-summary-timeslices-7d-rolling
* slo-summary-timeslices-30d-rolling
* slo-summary-timeslices-90d-rolling
* slo-summary-timeslices-monthly-aligned
* slo-summary-timeslices-weekly-aligned
Be aware that when installing a new SLO (or after resetting an SLO), we install two transforms (one for the rollup data and one that summarize the rollup data). Do not delete the new `slo-summary-{slo_id}-{slo_revision}` transforms. For more information, refer to ({kibana-pull}172224[#172224]).
====
[discrete]
[[breaking-162665]]
.[SLO] Introduced new summary search capabilities that will cause SLOs created before 8.10 to stop working. (8.10)
[%collapsible]
====
*Details* +
* SLO find API body parameters have changed.
* The index mapping used by the rollup data has changed, and we have added a summary index that becomes the new source of truth for search.
* The rollup transforms have been updated, but existing SLO with their transforms won't be updated.
If some SLOs have been installed in a prior version at 8.10, they won't work after migrating to 8.10. There are two approaches to handle this breaking change. The recommended route is to delete all SLOs before migrating to 8.10. The alternative is to migrate to 8.10 and manually remove the SLOs.
*Removing SLOs before migrating to 8.10*
Use the SLO UI or the SLO delete API to delete all existing SLOs. This takes care of the saved object, transform and rollup data. When all SLOs have been deleted, then delete the residual rollup indices: `.slo-observability.sli-v1*`. Note that this is v1.
*Removing SLOs after migrating to 8.10*
After migrating to 8.10, the previously created SLOs wont appear in the UI because the API is using a new index. The previously created SLOs still exist, and associated transforms are still rolling up data into the previous index `.slo-observability.sli-v1*`. The SLO delete API can't be used now, so remove the resources resources manually:
. Find all existing transforms
All SLO related transforms start with the `slo-` prefix, this request returns them all:
+
[source, bash]
----
GET _transform/slo-*
----
+
Make a note of all the transforms IDs for later.
. Stop all transforms
+
[source, bash]
----
POST _transform/slo-*/_stop?force=true
----
. Remove all transforms
+
From the list of transforms returned during the first step, now delete them one by one:
+
[source, bash]
----
DELETE _transform/{transform_id}?force=true
----
. Find the SLO saved objects
+
This request lists all the SLO saved objects. The SLO IDs and the saved object IDs are not the same.
+
[source, bash]
----
GET kbn:/api/saved_objects/_find?type=slo
----
+
Make a note of all the saved object IDs from the response.
. Remove the SLO saved objects
+
For each saved object ID, run the following:
+
[source, bash]
----
DELETE kbn:/api/saved_objects/slo/{Saved_Object_Id}
----
. Delete the rollup indices v1
+
Note that this is v1.
+
[source, bash]
----
DELETE .slo-observability.sli-v1*
----
====
[discrete]
[[breaking-159118]]
.[Uptime] Uptime app now hidden when no data is available. (8.9)
[%collapsible]
====
*Details* +
The Uptime app now gets hidden from the interface when it doesn't have any data for more than a week. If you have a standalone Heartbeat pushing data to Elasticsearch, the Uptime app is considered active. You can disable this automatic behavior from the advanced settings in Kibana using the **Always show legacy Uptime app** option.
For synthetic monitoring, we now recommend to use the new Synthetics app. For more information, refer to {kibana-pull}159118[#159118]
====
[discrete]
[[breaking-159012]]
.[Uptime] Removed synthetics pattern from Uptime settings. (8.9)
[%collapsible]
====
*Details* +
Data from browser monitors and monitors of all types created within the Synthetics App or via the Elastic Synthetics Fleet Integration will no longer appear in Uptime. For more information, refer to {kibana-pull}159012[#159012]
====
[float]
==== Elastic Search solution
[discrete]
[[breaking-106307]]
.Required security plugin. (8.0)
[%collapsible]
====
*Details* +
Enterprise Search now requires that you enable X-Pack Security. For more information, refer to {kibana-pull}106307[#106307]
*Impact* +
Enable X-Pack Security.
====
[float]
==== Elastic Security solution
NOTE: For the complete Elastic Security solution release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_].
[discrete]
[[breaking-201810]]
.Remove original user and host risk scoring and all associated UIs (9.0.0)
[%collapsible]
====
*Details* +
--
The original host and risk score modules have been superseded since v8.10.0 by the Risk Engine.
In 9.0.0 these modules will no longer be supported, the scores will no longer display in the UI
and all UI controls associated with managing or upgrading the legacy modules will be removed.
--
*Impact* +
As well as the legacy risk scores not being shown in the UI, alerts will no longer have the legacy risk score added to them in the `<host|user>.risk.calculated_level`
and `<host|user>.risk.calculated_score_norm` fields.
The legacy risk scores are stored in the `ml_host_risk_score_<space_id>` and `ml_user_risk_score_<space_id>`
indices, these indices will not be deleted if the user chooses not to upgrade.
Legacy risk scores are generated by the following transforms:
- `ml_hostriskscore_pivot_transform_<space_id>`
- `ml_hostriskscore_latest_transform_<space_id>`
- `ml_userriskscore_pivot_transform_<space_id>`
- `ml_userriskscore_latest_transform_<space_id>`
If a user does not upgrade to use the Risk Engine, these transforms will continue to run in 9.0.0, but it will be up to the user to manage them.
*Action* +
Upgrade to use the Risk Engine in all spaces which use the legacy risk scoring modules:
- In the main menu, go to *Security > Manage > Entity Risk Score*.
- If the original user and host risk score modules are enabled, you'll see a button to "Start update". Click the button, and follow the instructions.
====
[discrete]
[[breaking-161806]]
.[Elastic Defend] Converted filterQuery to KQL.(8.11)
[%collapsible]
====
*Details* +
Converts `filterQuery` to a KQL query string. For more information, refer to ({kibana-pull}161806[#161806]).
====
[float]
=== Deprecation notices
The following functionality is deprecated and will be removed at a future date. Deprecated functionality
does not have an immediate impact on your application, but we strongly recommend you make the necessary
updates to avoid use of deprecated features.
Use the **Kibana Upgrade Assistant** to prepare for your upgrade to the next version of the Elastic Stack.
The assistant identifies deprecated settings in your configuration and guides you through the process of
resolving issues if any deprecated features are enabled.
To access the assistant, go to **Stack Management** > **Upgrade Assistant**.
[float]
==== Kibana APIs
[discrete]
[[kibana-152236]]
.Deprecated Agent reassign API PUT endpoint. (8.8)
[%collapsible]
====
*Details* +
The PUT endpoint for the agent reassign API is deprecated. For more information, refer to {kibana-pull}152236[#152236].
*Impact* +
Use the POST endpoint for the agent reassign API.
====
[discrete]
[[kibana-151564]]
.Deprecated `total` in `/agent_status` Fleet API. (8.8)
[%collapsible]
====
*Details* +
The `total` field in `/agent_status` Fleet API responses is deprecated. For more information, refer to {kibana-pull}151564[#151564].
*Impact* +
The `/agent_status` Fleet API now returns the following statuses:
* `all` &mdash; All active and inactive
* `active` &mdash; All active
====
[discrete]
[[kibana-150267]]
.Deprecated Saved objects APIs. (8.7)
[%collapsible]
====
*Details* +
The following saved objects APIs have been deprecated.
[source,text]
--
/api/saved_objects/{type}/{id}
/api/saved_objects/resolve/{type}/{id}
/api/saved_objects/{type}/{id?}
/api/saved_objects/{type}/{id}
/api/saved_objects/_find
/api/saved_objects/{type}/{id}
/api/saved_objects/_bulk_get
/api/saved_objects/_bulk_create
/api/saved_objects/_bulk_resolve
/api/saved_objects/_bulk_update
/api/saved_objects/_bulk_delete
--
For more information, refer to ({kibana-pull}150267[#150267]).
*Impact* +
Use dedicated public APIs instead, for example use <<data-views-api>> to manage Data Views.
====
[discrete]
[[deprecation-119494]]
.Updates Fleet API to improve consistency. (8.0)
[%collapsible]
====
*Details* +
The Fleet API has been updated to improve consistency:
* Hyphens are changed to underscores in some names.
* The `pkgkey` path parameter in the packages endpoint is split.
* The `response` and `list` properties are renamed to `items` or `item` in some
responses.
For more information, refer to {kibana-pull}119494[#119494].
*Impact* +
When you upgrade to 8.0.0, use the following API changes:
* Use `enrollment_api_keys` instead of `enrollment-api-keys`.
* Use `agent_status` instead of `agent-status`.
* Use `service_tokens` instead of `service-tokens`.
* Use `/epm/packages/{packageName}/{version}` instead of `/epm/packages/{pkgkey}`.
* Use `items[]` instead of `response[]` in:
+
[source,text]
--
/api/fleet/enrollment_api_keys
/api/fleet/agents
/epm/packages/
/epm/categories
/epm/packages/_bulk
/epm/packages/limited
/epm/packages/{packageName}/{version} <1>
--
<1> Use `items[]` when the verb is `POST` or `DELETE`. Use `item` when the verb
is `GET` or `PUT`.
For more information, refer to {fleet-guide}/fleet-api-docs.html[Fleet APIs].
====
[float]
==== Kibana platform
// Alerting
[discrete]
[[kibana-161136]]
.[Alerting] Action variables in the UI and in tests that were no longer used have been replaced. (8.10)
[%collapsible]
====
*Details* +
The following rule action variables have been deprecated. Use the recommended variables (in parentheses) instead:
* alertActionGroup (alert.actionGroup)
* alertActionGroupName (alert.actionGroupName)
* alertActionSubgroup (alert.actionSubgroup)
* alertId (rule.id)
* alertInstanceId (alert.id)
* alertName (rule.name)
* params (rule.params)
* spaceId (rule.spaceId)
* tags (rule.tags)
For more information, refer to ({kibana-pull}161136[#161136]).
====
// Discover
[discrete]
[[deprecation-search-sessions]]
.[Discover] <<search-sessions,Search sessions>> are deprecated in 8.15.0 and will be removed in a future version. (8.15)
[%collapsible]
====
*Details* +
Search sessions are now deprecated and will be removed in a future version. By default, queries that take longer than 10 minutes (the default for the advanced setting `search:timeout`) will be canceled. To allow queries to run longer, consider increasing `search:timeout` or setting it to `0` which will allow queries to continue running as long as a user is waiting on-screen for results.
====
// General settings
[discrete]
[[kibana-154275]]
.[General settings] Deprecated ephemeral Task Manager settings (8.8)
[%collapsible]
====
*Details* +
The following Task Manager settings are deprecated:
* `xpack.task_manager.ephemeral_tasks.enabled`
* `xpack.task_manager.ephemeral_tasks.request_capacity`
* `xpack.alerting.maxEphemeralActionsPerAlert`
For more information, refer to {kibana-pull}154275[#154275].
*Impact* +
To improve task execution resiliency, remove the deprecated settings from the `kibana.yml` file. For detailed information, check link:https://www.elastic.co/guide/en/kibana/current/task-manager-settings-kb.html[Task Manager settings in {kib}].
====
[discrete]
[[kibana-122075]]
.[General settings] Deprecated `xpack.data_enhanced.*` setting. (8.3)
[%collapsible]
====
*Details* +
In kibana.yml, the `xpack.data_enhanced.*` setting is deprecated. For more information, check {kibana-pull}122075[#122075].
*Impact* +
Use the `data.*` configuration parameters instead.
====
[discrete]
[[deprecation-33603]]
.[General settings] Removed `xpack:defaultAdminEmail` setting. (8.0)
[%collapsible]
====
*Details* +
The `xpack:default_admin_email` setting for monitoring use has been removed. For more information, refer to {kibana-pull}33603[#33603]
*Impact* +
Use the `xpack.monitoring.clusterAlertsEmail` in kibana.yml.
====
// Security
[discrete]
[[kibana-136422]]
.[Security] Deprecated ApiKey authentication for interactive users. (8.4)
[%collapsible]
====
*Details* +
The ability to authenticate interactive users with ApiKey via a web browser has been deprecated, and will be removed in a future version.
For more information, refer to {kibana-pull}136422[#136422].
*Impact* +
To authenticate interactive users via a web browser, use <<kibana-authentication,another authentication method>>. Use API keys only for programmatic access to {kib} and {es}.
====
[discrete]
[[kibana-131636]]
.[Security] Deprecated anonymous authentication credentials. (8.3)
[%collapsible]
====
*Details* +
The apiKey, including key and ID/key pair, and `elasticsearch_anonymous_user` credential types for anonymous authentication providers are deprecated. For more information, check {kibana-pull}131636[#131636].
*Impact* +
If you have anonymous authentication provider configured with apiKey or `elasticsearch_anonymous_user` credential types, a deprecation warning appears, even when the provider is not enabled.
====
[discrete]
[[kibana-131166]]
.[Security] Deprecated v1 and v2 security_linux and security_windows jobs. (8.3)
[%collapsible]
====
*Details* +
The v1 and v2 job configurations for security_linux and security_windows are deprecated. For more information, check {kibana-pull}131166[#131166].
*Impact* +
The following security_linux and security_windows job configurations are updated to v3:
* security_linux:
** v3_linux_anomalous_network_activity
** v3_linux_anomalous_network_port_activity_ecs
** v3_linux_anomalous_process_all_hosts_ecs
** v3_linux_anomalous_user_name_ecs
** v3_linux_network_configuration_discovery
** v3_linux_network_connection_discovery
** v3_linux_rare_metadata_process
** v3_linux_rare_metadata_user
** v3_linux_rare_sudo_user
** v3_linux_rare_user_compiler
** v3_linux_system_information_discovery
** v3_linux_system_process_discovery
** v3_linux_system_user_discovery
** v3_rare_process_by_host_linux_ecs
* security_windows:
** v3_rare_process_by_host_windows_ecs
** v3_windows_anomalous_network_activity_ecs
** v3_windows_anomalous_path_activity_ecs
** v3_windows_anomalous_process_all_hosts_ecs
** v3_windows_anomalous_process_creation
** v3_windows_anomalous_script
** v3_windows_anomalous_service
** v3_windows_anomalous_user_name_ecs
** v3_windows_rare_metadata_process
** v3_windows_rare_metadata_user
** v3_windows_rare_user_runas_event
** v3_windows_rare_user_type10_remote_login
====
// Setup
[discrete]
[[deprecation-macos-x8664]]
.[Setup] New versions of Kibana for macOS x86_64 will end after 8.17.
[%collapsible]
====
*Details* +
New versions of Kibana builds for macOS x86_64 are deprecated and will no longer be released after 8.17. Kibana for macOS AArch64 is unaffected.
Use Docker to run new versions of Kibana on macOS 86x_64.
====
// Sharing & Reporting
[discrete]
[[kibana-178159]]
.[Sharing & Reporting] Downloading a CSV file from a saved search panel in a dashboard has become deprecated in favor of generating a CSV report. (8.14)
[%collapsible]
====
*Details* +
The mechanism of exporting CSV data from a saved search panel in a dashboard has been changed to generate a CSV report, rather than allowing the CSV data to be downloaded
without creating a report. To preserve the original behavior, it is necessary to update `kibana.yml` with the setting of `xpack.reporting.csv.enablePanelActionDownload:
true`. The scope of this breaking change is limited to downloading CSV files from saved search panels only; downloading CSV files from other types of dashboard panels is
unchanged. For more information, refer to {kibana-pull}178159[#178159].
====
// Visualizations
[discrete]
[[kibana-197227]]
.[Visualizations] Removed `metrics:allowCheckingForFailedShards` advanced setting. (8.17)
[%collapsible]
====
*Details* +
The `metrics:allowCheckingForFailedShards` advanced setting has been removed. With this change, it is no longer possible to suppress warnings about failed shards in TSVB. For more information, refer to ({kibana-pull}197227[#197227]).
====
[discrete]
[[kibana-156455]]
.[Visualizations] The ability to create legacy input controls was hidden. (8.9)
[%collapsible]
====
*Details* +
The option to create legacy input controls when creating a new visualization is hidden. For more information, refer to {kibana-pull}156455[#156455]
====
[discrete]
[[kibana-155503]]
.[Visualizations] Removed legacy field stats. (8.9)
[%collapsible]
====
*Details* +
Legacy felid stats that were previously shown within a popover have been removed. For more information, refer to {kibana-pull}155503[#155503]
====
[discrete]
.[Visualizations] Deprecated input control panels in dashboards. (8.3)
[%collapsible]
====
*Details* +
The input control panels, which allow you to add interactive filters to dashboards, are deprecated. For more information, check {kibana-pull}132562[#132562].
*Impact* +
To add interactive filters to your dashboards, use the link:https://www.elastic.co/guide/en/kibana/8.3/add-controls.html[new controls].
====
[discrete]
[[kibana-130336]]
.[Visualizations] Deprecated the `Auto` default legend size in Lens. (8.3)
[%collapsible]
====
*Details* +
In the *Lens* visualization editor, the *Auto* default for *Legend width* has been deprecated. For more information, check {kibana-pull}130336[#130336].
*Impact* +
When you create *Lens* visualization, the default for the *Legend width* is now *Medium*.
====
[float]
==== Elastic Observability solution
[discrete]
[[deprecation]]
.The Observability > Logs > Explorer app is now deprecated in favor of Discover. (8.17)
[%collapsible]
====
*Details* +
Both the Logs Explorer and Logs Stream applications are now deprecated and will be removed in 9.0. We continue to make enhancements to Discover to offer similar functionality in 9.x.
====
[discrete]
[[deprecation-192003]]
.Deprecated the Observability AI Assistant specific advanced setting `observability:aiAssistantLogsIndexPattern`. (8.16)
[%collapsible]
====
*Details* +
The Observability AI Assistant specific advanced setting for Logs index patterns `observability:aiAssistantLogsIndexPattern` is deprecated and no longer used. The AI Assistant will now use the existing **Log sources** setting `observability:logSources` instead. For more information, refer to ({kibana-pull}192003[#192003]).
====
[discrete]
[[deprecation-194519]]
.The Logs Stream was hidden by default in favor of the Logs Explorer app. (8.16)
[%collapsible]
====
*Details* +
You can find the Logs Explorer app in the navigation menu under Logs > Explorer, or as a separate tab in Discover. For more information, refer to ({kibana-pull}194519[#194519]).
*Impact* +
You can still show the Logs Stream app again by navigating to Stack Management > Advanced Settings and by enabling the `observability:enableLogsStream` setting.
====
[discrete]
[[deprecation-120689]]
.[APM] Renamed the `autocreate` data view APM setting. (8.0)
[%collapsible]
====
*Details* +
The `xpack.apm.autocreateApmIndexPattern` APM setting has been removed. For more information, refer to {kibana-pull}120689[#120689].
*Impact* +
To automatically create data views in APM, use `xpack.apm.autoCreateApmDataView`.
====
[discrete]
[[kibana-uptime-deprecation]]
.[Uptime] Uptime is deprecated in 8.15.0. (8.15)
[%collapsible]
====
*Details* +
The Uptime app is already hidden from Kibana when there is no recent Heartbeat data. Migrate to Synthetics as an alternative. For more details, refer to the {observability-guide}/uptime-intro.html[Uptime documentation].
====
[discrete]
[[kibana-154010]]
.[Uptime] Deprecated Synthetics and Uptime monitor schedules (8.8)
[%collapsible]
====
*Details* +
Synthetics and Uptime monitor schedules and zip URL fields are deprecated. For more information, refer to {kibana-pull}154010[#154010] and {kibana-pull}154952[#154952].
*Impact* +
When you create monitors in Uptime Monitor Management and the Synthetics app, unsupported schedules are automatically transferred to the nearest supported schedule. To use zip URLs, use project monitors.
====
[discrete]
[[kibana-149506]]
.[Uptime] Deprecated Elastic Synthetics integration. (8.8)
[%collapsible]
====
*Details* +
The Elastic Synthetics integration is deprecated. For more information, refer to {kibana-pull}149506[#149506].
*Impact* +
To monitor endpoints, pages, and user journeys, go to **{observability}** -> **Synthetics (beta)**.
====
[float]
==== Elastic Security solution
NOTE: For the complete Elastic Security solution release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_].
Reference in a new issue View git blame Copy permalink