Kibana highlights

This list summarizes the most important enhancements in Kibana 7.15.

Check out our simplified home page, which has a new design that helps you get to the solutions and your data faster.

In the solutions section, the previously titled Kibana group has been renamed Analytics, and we’ve given equal prominence to each solution card, in addition to reducing and simplifying the descriptions.

In the Add data section, we’ve reduced and simplified the available actions to the primary Add your data action, and secondary Try sample data action.

In the drag-and-drop visualization editor, you can now apply color pallettes and custom colors to heatmaps, and fine tune the opacity of individual colors.

We’ve added more options to customize the legends in the drag-and-drop visualization editor, TSVB, and the Aggregation Based area, line, bar, and pie charts.

You can choose to view, or not to view, the full name of your data series by enabling legend text truncation. When enabled, you can control the exact number of lines before truncation to make sure your legend isn’t cutting off the important part of your data labels.

In the drag-and-drop visualization editor, you can save panel space by choosing to embed the legend in the visualization.

When your dashboard contains time series panels, hovering on one panel also hovers on the same time period as the other panels, regardless of the index pattern.

When your dashboard contains non-time series panels, hovering on one value now highlights the same value on the other panels, as long as the data is from the same index pattern.

Synchronized cursor hover is supported in the following visualization editors:

The drag-and-drop Lens visualization editor now supports Inspect, which allows you to view the data in visualizations that contain multiple index patterns.

In the drag-and-drop visualization editor, you can now orient your axis. While it’s better to rotate your visualization to improve readability, axis orientation can help when you need the extra space on the horizontal axis.

In TSVB, you can now visualize multiple percentiles as their own sereies, and apply a color to each series to easily distinguish between them.

Maps now has the ability to highlight a single layer with the Show this layer only action.

Choropleth layers now provide you with tooltip feedback for errors when you join data to a layer. The tooltip feedback is helpful for underlying configuration issues in the term-join, or when there are inconsistencies in the underlying data.

To help you determine if the data incrementally refreshes as you pan and zoom, the layer-entry in the table of contents now indicates when the layer data is dynamically retrieved based on the current extent of the map.

Discover now includes an improved No results match your search criteria screen with clear next steps and guidance on how you can get relevant results faster.

The new anomaly detection job alert monitors the job health and notifies when an operational issue is detected. Four types of checks can be enabled: datafeed is not started, model memory limit has been hit, the job is experiencing delayed data, and errors in job messages.

To copy jobs more easily across clusters, you can now import and export jobs in Stack Management > Machine Learning Jobs. The exported file contains configuration details for data frame analytics jobs or anomaly detection jobs and datafeeds. For more information, refer to Export and import machine learning jobs.

Multiple index templates can refer to the same index lifecycle policy. This makes editing an index lifecycle policy an uncertain process — how do you know which index templates will be affected by a change? Now you can answer this question by reviewing a list of the affected index templates directly in the Index Lifecycle Policies app. Whenever you edit a policy, you’ll know exactly which index templates will be affected.

Getting your Painless script just right doesn’t always happen on the first try. The new Preview pane in the Create field editor provides a real-time preview, and improved error handling to make it easier to troubleshoot as scripts get more complex. Now you can evaluate your script against multiple documents, and browse the available fields without leaving the editor.

7.15.0 gives security teams more control over who can access Osquery and view results. Previously, only superusers could use Osquery, but now you can grant any users access to sensitive Osquery data, and specify run, save, and scheduled query privileges.

When defining scheduled queries, you can now map query results to ECS fields to standardize your Osquery data for use across detections, machine learning, and any other areas that rely on ECS-compliant data. With standardized scheduled query results, you greatly increase the value of the queries you run by making the results more readily usable across the Elastic Stack.

Scheduled query groups now show the status of individual queries within a group, enabling you to understand at a glance if there are results to review or issues to address. Surfacing this information can also help you tune the queries you’re running. For example, you can identify queries that run too frequently or errors you need to resolve.