Start free trial Contact Sales

The Search AI Company

Search, Security, Observability

Build tailored experiences with Elastic.

Elastic Search AI Platform overview

Scale your business with Elastic Partners

Partner overview

ELK Stack

Search and analytics, data ingestion, and visualization – all at your fingertips.

ELK Stack overview

By developers, for developers

Elastic Cloud

Unlock the power of real-time insights with Elastic on your preferred cloud provider.

Elastic Cloud overview

Generative AI

Prototype and integrate with LLMs faster using search AI.

Generative AI overview

Search

Discover a world of AI possibilities — built with the power of search.

Search Labs

Search overview

Security

Protect, investigate, and respond to cyber threats with AI-driven security analytics.

Security Labs

Security overview

Observability

Unify app and infrastructure visibility to proactively resolve issues.

Observability Labs

Observability overview

By solution

See how customers search, solve, and succeed — all on one Search AI Platform.

All customer stories

Industries

Exceed customer expectations and go to market faster.

Industries overview

Customer spotlight

Cisco saves 5,000 support engineer hours per month

Sitecore automates 96 percent of security workflows with Elastic

Comcast transforms customer experiences with Elastic Observability

Research

Stay at the forefront of innovation with technical tips from the experts.

Build

Code with other developers to create a better Elastic, together.

Learn

Unleash the possibilities of your data and grow your skill set.

Connect

Keep informed about the latest tech and news from Elastic.

Have questions?

New

The executive guide to generative AI

About us Partners Support|Login

This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.

« Installing in an air-gapped environment Breaking changes »

›

Elastic Cloud Serverless changelog

Elastic Cloud Serverless changelog

Review the latest improvements and changes to Elastic Cloud Serverless.

For serverless API changes, refer to APIs Changelog.

For serverless changes in Cloud Console, refer to Elasticsearch Service Documentation: Release notes.

March 24, 2025

Features and enhancements

Enables smoother scrolling in Kibana (#214512).
Adds context.grouping action variable in Custom threshold and APM rules (#212895).
Adds the ability to create an APM availability or latency SLO for all services (#214653).
Enables editing central config for EDOT Agents / SDKs (#211468).
Uses Data View name for Rule Data View display (#214495).
Highlights the code examples in our inline docs (#214915).
Updates data feeds for anomaly detection jobs to exclude Elastic Agent and Beats processes (#213927).
Adds Mustache lambdas for alerting action (#213859).
Adds page reload screen reader warning (#214822).

Fixes

Fixes color by value for Last value array mode (#213917).
Fixes can edit check (#213887).
Fixes opening a rollup data view in Discover (#214656).
Fixes entry item in waterfall shouldn’t be orphan (#214700).
Filters out upstream orphans in waterfall (#214704).
Fixes KB bulk import UI example (#214970).
Ensures that when an SLO is created, its ID is verified across all spaces (#214496).
Fixes contextual insights scoring (#214259).
Prevents getChildrenGroupedByParentId from including the parent in the children list (#214957).
Fixes ID overflow bug (#215199).
Removes unnecessary field service.environment from top dependency spans endpoint (#215321).
Fixes missing user_agent version field and shows it on the trace summary (#215403).
Fixes rule preview works for form’s invalid state (#213801).
Fixes session view error on the alerts tab (#214887).
Adds index privileges check to applyDataViewIndices (#214803).
Changes the default Risk score lookback period from 30m to 30d (#215093).
Fixes issue with alert grouping re-render (#215086).
Limits the transformID length to 36 characters (#213405).
Fixes Data view refresh not supporting the indexPattern parameter (#215151).
Uses Risk Engine SavedObject intead of localStorage on the Risk Score web page (#215304).
Fixes autocomplete for comments when there is a space (#214696).
Makes sure that the variables in the editor are always up to date (#214833).
Calculates the query for retrieving the values correctly (#214905).
Fixes overlay in integrations on mobile (#215312).
Fixes chart in single metric anomaly detection wizard (#214837).
Fixes regression that caused the cases actions to disappear from the detections engine alerts table bulk actions menu (#215111).
Changes "Close project" to "Log out" in nav menu in serverless mode (#211463).
Fixes search profiler index reset field when query is changed (#215420).

March 17, 2025

Features and enhancements

Enables read-only editor mode in Lens to explore panel configuration (#208554).
Allows sharing of Observability AI Assistant conversations (#211854).
Adds context-aware logic to Logs view in Discover (#211176).
Replaces the Alerts status filter with filter controls (#198495).
Adds SSL fields to agent binary source settings (#213211).
Allows users to create a snooze schedule for rules via API (#210584).
Splits up the top dependencies API for improved speed and response size (#211441).
Adds working default metrics dashboard for Python OTel (#213599).
Includes spaceID in SLI documents (#214278).
Adds support for the MV_EXPAND command with the ES|QL rule type (#212675).
Enables endpoint actions for events (#206857).
The semantic_text field type is now GA on {Elastic Cloud Serverless}.
Adds the ability for users to customize prebuilt rules. Users can modify most rule parameters, export and import prebuilt rules — including customized ones — and upgrade prebuilt rules while retaining customization settings (#212761).

Fixes

Fixes a bug with ServiceNow where users could not create the connector from the UI form using OAuth (#213658).
Prevents unnecessary re-render when switching between View and Edit modes (#213902).
Adds event-annotation-group to saved object privileges for dashboards (#212926).
Makes the Inspect configuration button permanently visible (#213619).
Fixes service maps not building paths when the trace’s root transaction has a parent.id (#212998).
Fixes span links with OTel data (#212806).
Makes Kibana retrieval namespace-specific (#213505).
Ensures semantic queries contribute to scoring when retrieving knowledge from search connectors (#213870).
Passes telemetry.sdk* data when loading a dashboard (#214356).
Fixes checkPrivilege to query with indices (#214002).
Adds support for rollup data views that reference aliases (#212592).
Fixes an issue with the Save button not working when editing event filters (#213805).
Fixes dragged elements becoming invisible when dragging-and-dropping in Lens (#213928).
Fixes alignment of the Alerts table in the Rule Preview panel (#214028).
Fixes Bedrock defaulting region to us-east-1 (#214251).
Fixes an issue with the Agent binary download field being blank when a policy uses the default download source (#214360).
Fixes navigation issues with alert previews (#213455).
Fixes an issue with changing the width of a Timeline column width bug (#214178).
Reworks the enforce_registry_filters advanced option in Elastic Defend to align with Endpoint (#214106).
Ensures cell actions are initialized in Event Rendered view and fixes cell action handling for nested event renderers (#212721).
Supports date_nanos in BUCKET in the ES|QL editor (#213319).
Fixes appearance of warnings in the ES|QL editor (#213685).
Makes the Apply time range switch visible in the Job selection flyout when opened from the Anomaly Explorer (#213382).

March 10, 2025

New features and enhancements

The Create Rule flyout, used by solutions, now features the improved rule form in Elastic Observability Serverless (#206685).
Resolves duplicate conversations in Elastic Observability Serverless (#208044).
Split the SLO Details view from the Overview page in Elastic Observability Serverless (#212826).
Adds the reason message to the rules recovery context in Elastic Observability Serverless (#211411).
Runtime metrics dashboards now support different ingest paths in Elastic Observability Serverless (#211822).
Adds SSL options for Fleet Server hosts settings in Fleet (#208091).
Introduces globe projection for Dashboards and visualizations (#212437).
Registered a custom integrations search provider in Fleet (#213013).
Adds support for searchAfter and PIT (point-in-time) parameters in the Get Agents List API in Fleet (#213486).
Adds the ability for users to manage detection rules externally by utilizing the Detection-as-Code principles. To get started, refer to the Elastic detection-rules repository DaC documentation.

Fixes

Fixes an issue where Korean characters were split into two characters with a space in between when typing in the options list search input in Dashboards and visualizations (#213164).
Prevented crashes when editing a Lens chart with a by-reference annotation layer in Dashboards and visualizations (#213090).
Improves instructions for the summarize function in Elastic Observability Serverless (#212936).
Fixes a "Product Documentation function not available" error in Elastic Observability Serverless (#212676).
Fixes conversation tests in Elastic Observability Serverless (#213338).
Allowed wildcard filters in SLO queries in Elastic Observability Serverless (#213119).
Fixes missing summary data in error samples in Elastic Observability Serverless (#213430).
Fixes a failing test: Stateful Observability - Deployment-agnostic A… in Elastic Observability Serverless (#213530).
Reduced the review rule upgrade endpoint response size in Elastic Security Serverless (#211045).
Refactors conversation pagination in Elastic Security Serverless (#211831).
Fixes alert insights color order in Elastic Security Serverless (#212980).
Prevented empty conversation IDs in the chat/complete route in Elastic Security Serverless (#213049).
Fixes issues with unstructured syslog flow in Elastic Security Serverless (#213042).
Adds bulkGetUserProfiles privilege to Security Feature in Elastic Security Serverless (#211824).
Fixes a Risk Score Insufficient Privileges warning due to missing cluster privileges in Elastic Security Serverless (#212405).
Updates Bedrock prompts in Elastic Security Serverless (#213160).
Adds organizationId and projectId OpenAI headers, along with support for arbitrary headers in Elastic Security Serverless (#213117).
Ensures dataview selections persist reliably in timeline for Elastic Security Serverless (#211343).
Fixes incorrect validation when a named parameter was used as a function in ES|QL (#213355).
Fixes incorrect overall swim lane height in Machine Learning (#213245).
Prevented a crash when applying a filter in the Machine Learning anomaly table (#213075).
Fixes suppressed alerts alignment in the alert flyout in Elastic Security Serverless (#213029).
Fixes an issue in solution project navigation where panels sometimes failed to toggle closed (#211852).
Updates wording for options in the sortBy dropdown component (#206464).
Allowed EU hooks hostname in the Torq connector for Elastic Security Serverless (#212563).

March 3, 2025

New features

Introduces a background task that streamlines the upgrade process for agentless deployments in Elastic Security Serverless (#207143).
Improves asset inventory onboarding with better context integration in Elastic Security Serverless (#212315).
Adds syntax highlighting for working with ES|QL queries in Elastic Observability Serverless (#212669).
Updates the delete confirmation modal in Elastic Observability Serverless (#212695).
Removes the enablement check in PUT /api/streams/{id} for classic streams (#212289).

Fixes

Fixes issues affecting popularity scores in Discover (#211201).
Corrects sorting behavior in the profiler storage explorer for Elastic Observability Serverless (#212583).
Adds a loader to prevent flickering in the KB settings tab in Elastic Observability Serverless (#212678).
Resolves incorrect enable button behavior in the Entity Store modal in Elastic Security Serverless (#212078).
Converts the isolate host action into a standalone flyout in Elastic Security Serverless (#211853).
Ensures model responses are correctly persisted to the chosen conversation ID in Elastic Security Serverless (#212122).
Corrects image resizing issues for xpack.security.loginAssistanceMessage in Elastic Security Serverless (#212035).
Fixes automatic import to correctly generate pipelines for parsing CSV files with special characters in Elastic Security Serverless column names (#212513).
Fixes validation issues for empty EQL queries in Elastic Security Serverless (#212117).
Resolves dual hover actions in the table tab in Elastic Security Serverless (#212316).
Updates structured log processing to support multiple log types in Elastic Security Serverless (#212611).
Ensures the delete model dialog prevents accidental multiple clicks in Machine Learning (#211580).

February 24, 2025

Features and enhancements

Exposes SSL options for Elasticsearch and remote Elasticsearch outputs in the UI (#208745).
Displays a warning and a tooltip for the _score column in the Discover grid (#211013).
Allows command/ctrl click for the "New" action in the top navigation (#210982).
Adds the ability for a user to create an API Key in synthetics settings that applies only to specified space(s) (#211816).
Adds "unassigned" as an asset criticality level for bulk_upload (#208884).
Sets the Enable visualizations in flyout advanced setting to "On" by default (#211319).
Preserves user-made chart configurations when changing the query if the actions are compatible with the current chart, such as adding a "where" filter or switching compatible chart types. (#210780).
Adds effects when clicking the favorite button in the list of dashboards and ES|QL queries, and adds favorite button to breadcrumb trails (#201596).
Enable /api/streams/{id}/_group endpoints for GroupStreams (#210114).

Fixes

Fixes Discover session embeddable drilldown (#211678).
Passes system message to inferenceCliente.chatComplete (#211263).
Ensures system message is passed to the inference plugin (#209773).
Adds automatic re-indexing when encountering semantic_text bug (#210386).
Removes unnecessary breadcrumbs in profiling (#211081).
Adds minHeight to profiler flamegraphs (#210443).
Adds system message in copy conversation JSON payload (#212009).
Changes the confirmation message after RiskScore Saved Object configuration is updated (#211372).
Adds a no data message in the flyout when an analyzer is not enabled (#211981).
Fixes the Fleet Save and continue button (#211563).
Suggest triple quotes when the user selects the KQL / QSTR (#211457).
Adds remote cluster instructions for syncing integrations (#211997).
Allows deploying a model after a failed deployment in Machine Learning (#211459).
Ensures the members array is unique for GroupStreamDefinitions (#210089).
Improves function search for easier navigation and discovery (#210437).

February 17, 2025

Features and enhancements

Adds alert status management to the AI Assistant connector (#203729).
Enables the new Borealis theme (#210468).
Applies compact Display options Popover layout (#210180).
Increases search timeout toast lifetime to 1 week (#210576).
Improves performance in dependencies endpoints to prevent high CPU usage (#209999).
Adds "Logs" tab to mobile services (#209944).
Adds "All logs" data view to the Classic navigation (#209042).
Changes default to "native" function calling if the connector configuration is not exposed (#210455).
Updates entity insight badge to open entity flyouts (#208287).
Standardizes actions in Alerts KPI visualizations (#206340).
Allows the creation of dynamic aggregations controls for ES|QL charts (#210170).
Fixes the values control FT (#211159).
Trained models: Replaces the download button by extending the deploy action (#205699).
Adds the useCustomDragHandle property (#210463).

Fixes

Fixes an issue where clicking on the name badge for a synthetics monitor on an SLO details page would lead to a page that failed to load monitor details (#210695).
Fixes an issue where the popover in the rules page may get stuck when being clicked more than once (#208996).
Fixes an error in the cases list when the case assignee is an empty string (#209973).
Fixes an issue with assigning color mappings when multiple layers are defined (#208571).
Fixes an issue where behind text colors were not correctly assigned, such as in Pie, Treemap and Mosaic charts. (#209632).
Fixes an issue where dynamic coloring has been disabled from Last value aggregation types (#209110).
Fixes panel styles (#210113).
Fixes incorrectly serialized searchSessionId attribute (#210765).
Fixes the "Save to library" action that could break the chart panel (#210125).
Fixes link settings not persisting (#211041).
Fixes "Untitled" export title when exporting CSV from a dashboard (#210143).
Missing items in the trace waterfall shouldn’t break it entirely (#210210).
Removes unused error.id in getErrorGroupMainStatistics queries (#210613).
Fixes connector test in MKI (#211235).
Clicking a link in the host/user flyout does not refresh details panel (#209863).
Makes 7.x signals/alerts compatible with 8.18 alerts UI (#209936).
Handle empty categorization results from LLM (#210420).
Remember page index in Rule Updates table (#209537).
Adds concurrency limits and request throttling to prebuilt rule routes (#209551).
Fixes package name validation on the Datastream page (#210770).
Makes entity store description more generic (#209130).
Deletes critical services count from the Entity Analytics Dashboard header (#210827).
Disables sorting IP ranges in value list modal (#210922).
Updates entity store copies (#210991).
Fixes generated name for integration title (#210916).
Fixes formatting and sorting for custom ES|QL vars (#209360).
Fixes WHERE autocomplete with MATCH before LIMIT (#210607).
Updates install snippets to include all platforms (#210249).
Updates component templates with deprecated setting (#210200).
Hides saved query controls in AIOps (#210556).
Fixes unattended Transforms in integration packages not automatically restarting after reauthorizing (#210217).
Reinstates switch to support generating public URLs for embed when supported (#207383).
Provides a fallback view to recover from Stack Alerts page filters bar errors (#209559).

February 10, 2025

Features and enhancements

Rule connector - handle multiple prompt (#209221).
Added max_file_size_bytes advanced option to malware for all operating systems (#209541).
Introduce GroupStreams (#208126).
Service example added to entity store upload (#209023).
Update the bucket_span for ML jobs in the security_host module (#209663).
Improved handling for operator-defined role mappings (#208710).
Added object_src directive to Content-Security-Policy-Report-Only header (#209306).

Fixes

Fixes highlight for HJSON (#208858).
Disable pointer events on drag + resize (#208647).
Restore show missing dataView error message in case of missing datasource (#208363).
Fixes issue with Amsterdam theme where charts render with the incorrect background color (#209595).
Fixes an issue in Lens Table where a split-by metric on a terms rendered incorrect colors in table cells (#208623).
Force return 0 on empty buckets on count if null flag is disabled (#207308).
Fixes all embeddables rebuilt on refresh (#209677).
Fixes using data view runtime fields during rule execution for the custom threshold rule (#209133).
Running processes missing from processes table (#209076).
Fixes missing exception stack trace (#208577).
Fixes the preview chart in the Custom Threshold rule creation form when the field name has slashes (#209263).
Display No Data in Threshold breached component (#209561).
Fixes an issue where APM charts were rendered without required transaction type or service name, causing excessive alerts to appear (#209552).
Fixed bug that caused issues with loading SLOs by status, SLI type, or instance id (#209910).
Update colors in the AI Assistant icon (#210233).
Update the simulate function calling setting to support "auto" (#209628).
Fixes structured log template to use single quotes (#209736).
Fixes ES|QL alert on alert (#208894).
Fixes issue with multiple ip addresses in strings (#209475).
Keeps the histogram config on time change (#208053).
WHERE replacement ranges correctly generated for every case (#209684).
Updates removed params of the Fleet → Logstash output configurations (#210115).
Fixes log rate analysis, change point detection, and pattern analysis embeddables not respecting filters from Dashboard’s controls (#210039).

February 3, 2025

Deprecation

Rename plugin to automatic import (#207325).

Features and enhancements

Rework saved query privileges (#202863).
In-table search (#206454).
Refactor RowHeightSettings component to EUI layout (#203606).
Chat history details in conversation list (#207426).
Cases assignees sub feature (#201654).
Adds preview logged requests for new terms, threshold, query, ML rule types (#203320).
Adds in-text citations to security solution AI assistant responses (#206683).
Remove Tech preview badge for GA (#208523).
Adds new View job detail flyouts for Anomaly detection and Data Frame Analytics (#207141).
Adds a default "All logs" temporary data view in the Observability Solution view (#205991).
Adds Knowledge Base entries API (#206407).
Adds Kibana Support for Security AI Prompts Integration (#207138).
Changes to support event.ingested as a configurable timestamp field for init and enable endpoints (#208201).
Adds Spaces column to Anomaly Detection, Data Frame Analytics and Trained Models management pages (#206696).
Adds simple flyout based file upload to Search (#206864).
Bump kube-stack Helm chart onboarding version (#208217).
Log deprecated api usages (#207904).
Added support for human readable name attribute for saved objects audit events (#206644).
Enhanced Role management to manage larger number of roles by adding server side filtering, pagination and querying (#194630).
Added Entity Store data view refresh task (#208543).
Increase maximum Osquery timeout to 24 hours (#207276).

Fixes

Remove use of fr unit (#208437).
Fixes load more request size (#207901).
Persist runPastTimeout setting (#208611).
Allow panel to extend past viewport on resize (#208828).
Knowledge base install updates (#208250).
Fixes conversations test in MKI (#208649).
Fixes ping heatmap regression when Inspect flag is turned off !! (#208726).
Fixes monitor status rule for empty kql query results !! (#208922).
Fixes multiple flyouts (#209158).
Adds missing fields to input manifest templates (#208768).
"Select a Connector" popup does not show up after the user selects any connector and then cancels it from Endpoint Insights (#208969).
Logs shard failures for eql event queries on rule details page and in event log (#207396).
Adds filter to entity definitions schema (#208588).
Fixes missing ecs mappings (#209057).
Apply the timerange to the fields fetch in the editor (#208490).
Update java.ts - removing serverless link (#204571).

January 27, 2025

Deprecation

Deprecates a subset of Elastic Security Serverless endpoint management APIs (#206903).

Features and enhancements

Breaks out timeline and note privileges in Elastic Security Serverless (#201780).
Adds service enrichment to the detection engine in Elastic Security Serverless (#206582).
Updates the Entity Store Dashboard to prompt for the Service Entity Type in Elastic Security Serverless (#207336).
Adds enrichPolicyExecutionInterval to entity enablement and initialization APIs in Elastic Security Serverless (#207374).
Introduces a lookback period configuration for the Entity Store in Elastic Security Serverless (#206421).
Allows pre-configured connectors to opt into exposing their configurations by setting exposeConfig in Alerting (#207654).
Adds selector syntax support to log source profiles in Elastic Observability Serverless (#206937).
Displays stack traces in the logs overview tab in Elastic Observability Serverless (#204521).
Enables the use of the rule form to create rules in Elastic Observability Serverless (#206774).
Checks only read privileges of existing indices during rule execution in Elastic Security Serverless (#177658).
Updates KNN search and query template autocompletion in Elasticsearch Serverless (#207187).
Updates JSON schemas for code editors in Machine Learning (#207706).
Reindexes the .kibana_security_session_1 index to the 8.x format in Security (#204097).

Fixes

Fixes editing alerts filters for multi-consumer rule types in Alerting (#206848).
Resolves an issue where Chrome was no longer hidden for reports in Dashboards and Visualizations (#206988).
Updates library transforms and duplicate functionality in Dashboards and Visualizations (#206140).
Fixes an issue where drag previews are now absolutely positioned in Dashboards and Visualizations (#208247).
Fixes an issue where an accessible label now appears on the range slider in Dashboards and Visualizations (#205308).
Fixes a dropdown label sync issue when sorting by "Type" (#206424).
Fixes an access bug related to user instructions in Elastic Observability Serverless (#207069).
Fixes the Open Explore in Discover link to open in a new tab in Elastic Observability Serverless (#207346).
Returns an empty object for tool arguments when none are provided in Elastic Observability Serverless (#207943).
Ensures similar cases count is not fetched without the proper license in Elastic Security Serverless (#207220).
Fixes table leading actions to use standardized colors in Elastic Security Serverless (#207743).
Adds missing fields to the AWS S3 manifest in Elastic Security Serverless (#208080).
Prevents redundant requests when loading Discover sessions and toggling chart visibility in ES|QL (#206699).
Fixes a UI error when agents move to an orphaned state in Fleet (#207746).
Restricts non-local Elasticsearch output types for agentless integrations and policies in Fleet (#207296).
Fixes table responsiveness in the Notifications feature of Machine Learning (#206956).

January 13, 2025

Deprecations

Remove all legacy risk engine code and features (#201810).

Features and enhancements

Adds last alert status change to Elastic Security Serverless flyout (#205224).
Case templates are now GA (#205940).
Adds format to JSON messages in Elastic Observability Serverless Logs profile (#205666).
Adds inference connector in Elastic Security Serverless AI features (#204505).
Adds inference connector for Auto Import in Elastic Security Serverless (#206111).
Adds Feature Flag Support for Cloud Security Posture Plugin in Elastic Security Serverless (#205438).
Adds the ability to sync Machine Learning saved objects to all spaces (#202175).
Improves messages for recovered alerts in Machine Learning Transforms (#205721).

Fixes

Fixes an issue where "KEEP" columns are not applied after an Elasticsearch error in Discover (#205833).
Resolves padding issues in the document comparison table in Discover (#205984).
Fixes a bug affecting bulk imports for the knowledge base in Elastic Observability Serverless (#205075).
Enhances the Find API by adding cursor-based pagination (search_after) as an alternative to offset-based pagination (#203712).
Updates Elastic Observability Serverless to use architecture-specific Elser models (#205851).
Fixes dynamic batching in the timeline for Elastic Security Serverless (#204034).
Resolves a race condition bug in Elastic Security Serverless related to OpenAI errors (#205665).
Improves the integration display by ensuring all policies are listed in Elastic Security Serverless (#205103).
Renames color variables in the user interface for better clarity and consistency (#204908).
Allows editor suggestions to remain visible when the inline documentation flyout is open in ES|QL (#206064).
Ensures the same time range is applied to documents and the histogram in ES|QL (#204694).
Fixes validation for the "required" field in multi-text input fields in Fleet (#205768).
Fixes timeout issues for bulk actions in Fleet (#205735).
Handles invalid RRule parameters to prevent infinite loops in alerts (#205650).
Fixes privileges display for features and sub-features requiring "All Spaces" permissions in Fleet (#204402).
Prevents password managers from modifying disabled input fields (#204269).
Updates the listing control in the user interface (#205914).
Improves consistency in the help dropdown design (#206280).

January 6, 2025

Deprecations

Disables Elastic Observability Serverless log stream and settings pages (#203996).
Removes Logs Explorer in Elastic Observability Serverless (#203685).

Features and enhancements

Introduces case observables in Elastic Security Serverless (#190237).
Adds a JSON field called "additional fields" to ServiceNow cases when sent using connector, containing the internal names of the ServiceNow table columns (#201948).
Adds the ability to configure the appearance color mode to sync dark mode with the system value (#203406).
Makes the "Copy" action visible on cell hover in Discover (#204744).
Updates the EnablementModalCallout name to AdditionalChargesMessage in Elastic Security Serverless (#203061).
Adds more control over which Elastic Security Serverless alerts in Attack Discovery are included as context to the large language model (#205070).
Adds a consistent layout and other UI enhancements for machine learning pages (#203813).

Fixes

Fixes an issue that caused dashboards to lag when dragging the time slider (#201885).
Updates the CloudFormation template to the latest version and adjusts the documentation to reflect the use of a single Firehose stream created by the new template (#204185).
Fixes Integration and Datastream name validation in Elastic Security Serverless (#204943).
Fixes an issue in the Automatic Import process where there is now inclusion of the @timestamp field in ECS field mappings whenever possible (#204931).
Allows Automatic Import to safely parse Painless field names that are not valid Painless identifiers in if contexts (#205220).
Aligns the Box Native Connector configuration fields with the source of truth in the connectors codebase, correcting mismatches and removing unused configurations (#203241).
Fixes the "Show all agent tags" option in Fleet when the agent list is filtered (#205163).
Updates the Results Explorer flyout footer buttons alignment in Data Frame Analytics (#204735).
Adds a missing space between lines in the Data Frame Analytics delete job modal (#204732).
Fixes an issue where the Refresh button in the Anomaly Detection Datafeed counts table was unresponsive (#204625).
Fixes the inference timeout check in File Upload (#204722).
Fixes the side bar navigation for the Data Visualizer (#205170).

December 16, 2024

Deprecations

Deprecates the discover:searchFieldsFromSource setting (#202679).
Disables scripted field creation in the Data Views management page (#202250).
Removes all logic based on the following settings: xpack.reporting.roles.enabled, xpack.reporting.roles.allow (#200834).
Removes the legacy table from Discover (#201254).
Deprecates ephemeral tasks from action and alerting plugins (#197421).

Features and enhancements

Optimizes the Kibana Trained Models API (#200977).
Adds a Create Case action to the Log rate analysis page (#201549).
Improves AI Assistant’s response quality by giving it access to Elastic’s product documentation (#199694).
Adds support for suppressing EQL sequence alerts (#189725).
Adds an Advanced settings section to the SLO form (#200822).
Adds a new sub-feature privilege under Synthetics and Uptime Can manage private locations (#201100).

Fixes

Fixes point visibility regression (#202358).
Improves help text of creator and view count features on dashboard listing page (#202488).
Highlights matching field values when performing a KQL search on a keyword field (#201952).
Supports "Inspect" in saved search embeddables (#202947).
Fixes your ability to clear the user-specific system prompt (#202279).
Fixes error when opening rule flyout (#202386).
Fixes to Ops Genie as a default connector (#201923).
Fixes actions on charts (#202443).
Adds flyout to table view in Infrastructure Inventory (#202646).
Fixes service names with spaces not being URL encoded properly for context.viewInAppUrl (#202890).
Allows access query logic to handle user ID and name conditions (#202833).
Fixes APM rule error message for invalid KQL filter (#203096).
Rejects CEF logs from Automatic Import and redirects you to the CEF integration instead (#201792).
Updates the install rules title and message (#202226).
Fixes error on second entity engine init API call (#202903).
Restricts unsupported log formats (#202994).
Removes errors related to Enterprise Search nodes (#202437).
Improves web crawler name consistency (#202738).
Fixes editor cursor jumpiness (#202389).
Fixes rollover datastreams on subobjects mapper exception (#202689).
Fixes spaces sync to retrieve 10,000 trained models (#202712).
Fixes log rate analysis embeddable error on the Alerts page (#203093).
Fixes Slack API connectors not displayed under Slack connector type when adding new connector to rule (#202315).

December 9, 2024

Features and enhancements

Elastic Observability Serverless adds a new sub-feature for managing private locations (#201100).
Elastic Observability Serverless adds the ability to configure SLO advanced settings from the UI (#200822).
Elastic Security Serverless adds support for suppressing EQL sequence alerts (#189725).
Elastic Security Serverless adds a /trained_models_list endpoint to retrieve complete data for the Trained Model UI (#200977).
Machine Learning adds an action to include log rate analysis in a case (#199694).
Machine Learning enhances the Kibana API to optimize trained models (#201549).

Fixes

Fixes Slack API connectors not being displayed under the Slack connector type when adding a new connector to a rule in Alerting (#202315).
Fixes point visibility regression in dashboard visualizations (#202358).
Improves help text for creator and view count features on the Dashboard listing page (#202488).
Highlights matching field values when performing a KQL search on a keyword field in Discover (#201952).
Adds support for the Inspect option in saved search embeddables in Discover (#202947).
Enables the ability to clear user-specific system prompts in Elastic Observability Serverless (#202279).
Fixes an error when opening the rule flyout in Elastic Observability Serverless (#202386).
Improves handling of Opsgenie as the default connector in Elastic Observability Serverless (#201923).
Fixes issues with actions on charts in Elastic Observability Serverless (#202443).
Adds a flyout to the table view in Infrastructure Inventory in Elastic Observability Serverless (#202646).
Fixes service names with spaces not being URL-encoded properly for {{context.viewInAppUrl}} in Elastic Observability Serverless (#202890).
Enhances access query logic to handle user ID and name conditions in Elastic Observability Serverless (#202833).
Fixes an APM rule error message when a KQL filter is invalid in Elastic Observability Serverless (#203096).
Restricts and rejects CEF logs in automatic import and redirects them to the CEF integration in Elastic Security Serverless (#201792).
Updates the copy of the install rules title and message in Elastic Security Serverless (#202226).
Clears errors on the second entity engine initialization API call in Elastic Security Serverless (#202903).
Restricts unsupported log formats in Elastic Security Serverless (#202994).
Removes errors related to Enterprise Search nodes in Elasticsearch Serverless (#202437).
Ensures consistency in web crawler naming in Elasticsearch Serverless (#202738).
Fixes editor cursor jumpiness in ES|QL (#202389).
Implements rollover of data streams on subobject mapper exceptions in Fleet (#202689).
Fixes trained models to retrieve up to 10,000 models when spaces are synced in Machine Learning (#202712).
Fixes a Log Rate Analysis embeddable error on the Alerts page in AiOps (#203093).

December 3, 2024

Features and enhancements

Adds tabs for Import Entities and Engine Status to the Entity Store (#201235).
Adds status tracking for agentless integrations to Fleet (#199567).
Adds a new machine learning module that can detect anomalous activity in host-based logs (#195582).
Allows custom Mapbox Vector Tile sources to style map layers and provide custom legends (#200656).
Excludes stale SLOs from counts of healthy and violated SLOs (#201027).
Adds a Continue without adding integrations button to the Elastic Security Dashboards page that takes you to the Entity Analytics dashboard (#201363).
Displays visualization descriptions under their titles (#198816).

Fixes

Hides the Clear button when no filters are selected (#200177).
Fixes a mismatch between how wildcards were handled in previews versus actual rule executions (#201553).
Fixes incorrect Y-axis and hover values in the Service Inventory’s Log rate chart (#201361).
Disables the Add note button in the alert details flyout for users who lack privileges (#201707).
Fixes the descriptions of threshold rules that use cardinality (#201162).
Disables the Install All button on the Add Elastic Rules page when rules are installing (#201731).
Reintroduces a data usage warning on the Entity Analytics Enablement modal (#201920).
Improves accessibility for the Create a connector page (#201590).
Fixes a bug that could cause Elastic Agents to get stuck updating during scheduled upgrades (#202126).
Fixes a bug related to starting machine learning deployments with autoscaling and no active nodes (#201256).
Initializes saved objects when the Trained Model page loads (#201426).
Fixes the display of deployment stats for unallocated deployments of machine learning models (#202005).
Enables the solution type search for instant deployments (#201688).
Improves the consistency of alert counts across different views (#202188).

« Installing in an air-gapped environment Breaking changes »

Was this helpful?

Feedback