Kibana 7.10.0
editKibana 7.10.0
editFor detailed information about the 7.10.0 release, review the following sections.
Known issue | Deprecations | Breaking changes | Enhancements | Bug fixes
Known issue
edit- Dashboard
-
If you are using Kibana 7.9.x and earlier, and you upgrade to 7.10.0 to 7.17.2, all hidden panel titles now appear on your dashboards.
To resolve the known issue, upgrade to Kibana 7.17.3 or later.
Deprecations
edit- Monitoring
-
- "Internal Monitoring" deprecation warning #72020
- Platform
-
- The /api/status endpoint response format is now deprecated and will change in 8.0 #76054
- These two config keys have been renamed and the old names will no longer work as of 8.0: cpu.cgroup.path.override ⇒ ops.cGroupOverrides.cpuPath and cpuacct.cgroup.path.override ⇒ ops.cGroupOverrides.cpuAcctPath #76730
- Security
-
-
Deprecates the
xpack.security.authc.providers.saml.<provider-name>.maxRedirectURLSize
setting for SAML authentication #68117
-
Deprecates the
- Visualizations
-
-
In 7.0 and later, Timelion app is deprecated. In 7.16 and later, Timelion app is removed from Kibana #74660
To prepare for the removal of Timelion app, you must migrate Timelion app worksheets to a dashboard.
Only Timelion app is deprecated. Kibana continues to support Timelion visualizations in Dashboard, Visualize, and Canvas.
To migrate a Timelion worksheet to a dashboard:
- Open the main menu, click Dashboard, then click Create dashboard.
-
For each Timelion app worksheet, complete the following steps.
- On the dashboard, click Create New, then click Timelion on the New Visualization window.
-
Open a new tab, open the Timelion app, select the chart you want to copy, then copy the chart expression.
-
Go to Timelion, paste the chart expression in the Timelion expression field, then click Update.
- In the toolbar, click Save.
-
On the Save visualization window, enter the visualization Title, then click Save and return.
The Timelion visualization panel appears on the dashboard.
-
Breaking changes
edit- Lens and visualizations
-
- Deprecates schema-less specs in Vega #73805
- Operations
-
- The bin/kibana-plugin CLI has been updated to work with the new Kibana Platform plugin format instead of the legacy plugin format #74604
- Platform
-
- The legacy plugin system and the legacy plugin API have been removed. It is no longer possible to use third parties legacy Kibana plugins. Legacy plugin owners should migrate their plugins to the Kibana Platform plugin API #77599
For more information, refer to breaking changes in 7.10.
Enhancements
edit- Alerting
-
- Batches the update operations in Task Manager #71470
- Actions add proxy support #74289
- Exempt Alerts pre 7.10 from RBAC on their Action execution until updated #75563
- Improves performance of the authorization filter in AlertsClient.find by skipping KQL parsing #77040
- Adds a Test Connector tab in the Connectors list #77365
- Adds a "Test Connector" button on the Connectors List to make discovery of the Test tab easier #78746
- The high-level search API SearchSource is now available on the server #78383
- Adds Role Based Access-Control to the Alerting & Action plugins based on Kibana Feature Controls #67157
- APM
-
- Metrics-powered UI #73953
- Uses platform history #74328
- Immediately returns terms for unbound queries #74543
- Implements nest level expand/collapse toggle for each span row #75259
- Removes additional "No data" message and re-ordering charts #75399
- Uses the outcome field to calculate the transaction error rate chart #75528
- Improves breakdown data gaps #75534
- UI filters: Change transaction type selector from dropdown to radio buttons #75625
- Language-specific stacktrace formatting #75924
- Service maps layout enhancements #76481
- Service inventory redesign #76744
- Shows accurate metrics for containerized applications #76768
- Anomaly detection Settings page: Link directly to ML jobs management to filter for the select environment #77875
-
Removes
max
validation for transaction_max_spans #77987 - Service maps grouped external resource nodes #78136
- Alerting: Add global option to create all alert types #78151
- Empty prompt and loading spinner for service map #78382
- Adds default message to alerts. #78930
- Persists time range between APM and other apps #79090
- Sets service map cursors #80920
- Persists time range across apps #79258
- Dashboard
-
- Lens By Value With AttributeService #77561
- Discover
- Ingest Manager
-
- Agent bulk actions UI #77690
- Supports multiple kibana urls #75712
- Adds upgrade action #77412
- User experience metrics #77384
-
Uses optional
registryProxyUrl
setting when contacting Registry #78648 - Upgrades Agents in Fleet #78810
- Configures Elasticsearch output with YAML in global output settings #79019
- Kibana UI
- Lens and visualizations
-
- Lens is GA #75574
- Lens legend improvements #70619
- Lens added stack as percentage #70703
- Lens adds styling options for x and y axes #71829
- Lens adds filters aggregation #75635
- Lens supports drag to replace #75895
- Lens adds histogram/range aggregation for numbers #76121
- Lens settings panel redesign and separate settings per y axis #76373
- Lens field stats for IP fields and scripted fields #76457
- Adds Lens to Recently Accessed #77249
- Navigate from discover to lens #77873
- Lens shows runtime fields in field list and improve performance #79167
- Drilldowns for TSVB / Vega / Timelion #74848
- TSVB filter ratio now supports KQL #75033
- Vega is now GA #75157
- Uses prefix search in visualize editor’s field and aggregation select #75290
- TSVB Markdown now handles the case when a field has key_as_string value. Common case is the value is a date string (e.x. 2020-08-21T20:36:58.000Z) or a boolean stringified value ("true"/"false"). Such a value will be first converted into a moment object and formatted with dateFormat from Kibana UI settings. If the key_as_string value is not recognized by a known format in Moments.js, a formatted value from elasticsearch will be returned #75555
-
Agg-based histograms now have
auto
interval option #76001 - The search.aggs service in the data plugin is now available on the server. Usage is the same as on the client, except that a scoped saved objects client must be provided on the server in order to retrieve the start contract #74472
- Logs
- Machine Learning
-
- Adds combined job and datafeed JSON editing #72117
- Dat frame analytics creation wizard: default destination index to job id #72758
- Adds decision path charts to exploration results table #73561
- Data frame analytics creation wizard: ensures user can switch back to form from JSON editor #73752
- Adds datafeed query reset button #73958
- Data frame analytics creation wizard: shows link to results #74025
- Adds initial file analysis overrides #74376
- Add ability to pass a group ID filter to job management page #74533
- Adds memory status to data frame analytics job list #74570
- Switching to new Elasticsearch client #74965
- Inference models management #74978
- Adds indicator if there are stopped partitions in categorization job wizard #75709
- Adds Metadata and Discovery Analysis Jobs to Security Integration #76023
- Adds option to Advanced Settings to set default time range filter for anomaly detection jobs #76347
- Adds machine learning modules for Metrics UI Integration #76460
- Collapsable sections on data frame analytics job result pages #76641
- Improves client side error handling #76743
- Adds geo point combined field to CSV import #77117
- Adds option to create anomaly detection jobs without starting the datafeed #77484
- Adds feature importance summary charts #78238
-
Default filter of data frame analytics results page by
defaultIsTraining
value in url #78303 - Replaces use of rest_total_hits_as_int with track_total_hits #78423
- Adds runtime fields support #78700
-
Adds
ml.is_training
filter to regression/classification views #78702 - Data frame analytics creation wizard: replaces select input with job type cards with icons #78872
- Data frame analytics results view: ensures boolean values in charts shown without formatting #78888
- Only adjust the bounds of Single Metric Viewer if annotations are visible #79210
- Data frame analytics creation wizard: ensures job creation possible when model memory lower than estimate #79229
- Expandable sections for classification and regression #79414
- Management
-
- Empty index patterns page re-design #68819
- Adds inspector for VEGA #70941
- Adds links to "wait for snapshot policy" combobox that navigate to the snapshot policy creation wizard, when there no policies created yet or the value doesn’t match any existing policies #72473
- Adds the possibility to preview the final composite of a composable template. The user will be able to see this preview from the creation or editing wizard flow, or when looking at the details of a composable template #72598
- Refines the debugging user experience when creating or editing an ingest node pipeline in the existing Ingest Node Pipelines UI. Once a sample document(s) is provided, the pipeline is executed. The UI highlights the status of each processor, and shows the user how their sample documents change shape at each step in the pipeline #74964
- The Data Streams tab in Index Management now allows users to view additional information for data streams #75107
- Data tiers for 7.10 #76126
- The mappings editor in the Index Templates UI now supports configuring the constant_keyword field type #76564
- The mappings editor in the Index Templates UI now supports configuring the wildcard field type #76574
- The mappings editor in the Index Templates UI now supports configuring the histogram field type. Support for the meta parameter was also added to the boolean, binary, completion, date, flattened, geo_point, numeric, range, search_as_you_type, token_count and text field types #76671
- Time suffix for duration formatter #76729
- The ingest node pipeline editor now has the ability to move processors into an empty tree #76885
- The ILM UI now allows attaching a lifecycle policy to both a composable index template and a legacy index templatee #77077
- Adds forcemerge action to hot phase with a rollover enabled #77193
- Transforms: Extend editing and creation options #77370
- The mappings editor in the Index Templates UI now supports configuring the point field type #77543
- Adds an option to select a higher compression codec for force merge action in ILM #78175
- The mappings editor in the Index Templates UI now supports configuring the version field type #78206
- Updates transform cloning to include description and new fields #78364
- Optimises keyboard navigation of the ingest processors component #79122
- Maps
-
- Auto-fits to data bounds #72129
- Implements save and return from dashboard #74303
- Adds initial location option that fits to data bounds #74583
- Adds drilldown support map embeddable #75598
- Originating App Breadcrumb #75692
- Adds mvt support for ES doc sources #75698
- Adds message to empty add tooltip card #75809
- Introduces geo-threshold alerts #76285
- Removes alias icon for Lens and Maps #76418
- Adds deprecated message to tile_map and region_map visualizations. #77683
- Adds super-fine option to grid/cluster layer #78201
- Enables auto fit to bounds by default #79296
- Metrics
-
- Supports percentage format in threshold alerts #72701
- Uses Notify Every in Alert Preview #74401
- Gets custom metrics working in inventory alerts with limited UI #75073
- Anomaly Detection setup flow for Metrics #76787
- Adds inventory view timeline #77804
- Adds anomalies to timeline #78602
- Adds ability to override datafeeds and job config for partition field #78875
- Overrides anomaly detection partition field #79214
- Monitoring
-
- Fixes the messaging around needing TLS enabled #72310
- Adds loading page #75362
- Disk usage alerting #75419
- Design/UI improvements #76946
- Alert Telemetry for the Security app #77200
- Adds new elasticsearch client to telemetry plugin #78046
- Missing data alert #78208
- [Telemetry] Display collected security event sample #78963
- JVM memory usage alert #79039
- Navigational search UI metrics #79238
- Operations
-
- Kibana no longer needs to optimize plugins for use in the browser when a plugin is installed. This means the --optimize flag is now deprecated and does nothing now. It will be removed in 8.0 #73154
- Docker containers now use CentOS 8.2 as the base image, upgrading from 7. #74656
- Docker images now include CJK fonts built in #74806
- Platform
-
- Adds support for reading request ID from X-Opaque-Id header #71019
- Adds Kea.js support to Enterprise Search plugin #72160
- Adds solution-level side navigation #74705
- Adds Workplace Search side navigation #74894
- Adds support for version on create & bulkCreate when overwriting a document #75172
- Monitors the Task Manager Poller and automatically recovers from failure #75420
- Adds a new Enterprise Search overview plugin, which introduces and guides users to the App Search and Workplace Search plugins #76734
- The deprecated Dashboard Import API (POST /api/kibana/dashboards/import) now accepts filesizes up to the savedObjects.maxImportPayloadBytes configuration which is 10MB by default #77409
- Reporting
-
- Reporting configuration settings for time duration values allow "time unit" strings to be specified as well as number of milliseconds. For byte size values, "byte size" strings are allowed as well as number of bytes. See the Reporting configuration documentation for more details #74202
- Reporting/diagnostics #74314
- Removes the light gray border around the image in PDF reports #78036
- Increases capture.timeouts.openUrl to 1 minute #75207
- Security
-
- Hides management sections based on cluster/index privileges #67791
- xpack.encryptedSavedObjects.encryptionKey can now be rotated without losing access to existing encrypted Saved Objects (alerts, actions etc.). Old key(s) can be moved to xpack.encryptedSavedObjects.keyRotation.decryptionOnlyKeys to be used only to decrypt existing objects while new or updated objects will be encrypted using new primary encryption key. Administrators can also use dedicated API endpoint /api/encrypted_saved_objects/_rotate_key to trigger re-encryption of all existing objects with a new primary key so that old keys can be safely disposed #72420
- Groups features for space management #74151
- Allows passwords to be visible on security screens #77394
- Groups features for role management #78152
- Warns users when security is not configured #78545
- Sharing saved-objects phase 1.5 #75444
- [Detections] Handle conflicts on alert status update #75492
- Improves the experience when Kibana returns a 403 HTTP status code or the user tries to access a page/app they do not have access to. In those instances, a new user-friendly error page is shown. The user will get the option to go back to the page from where they came, or log in as a different user. Previously the user would just see a simple JSON document containing a short error message without the ability to do anything #75538
- Adds EQL search strategy #78645
- Fetches related events from the server #78780
- [Resolver] Requests data from new event api #78782
- Updates copy styling #79313
- Excludes cloud alias index from our query #81551
-
Implements server-side sessions. Kibana now stores user session information in a dedicated Elasticsearch index.
By default, expired and invalid sessions are cleaned from the index every hour.
You can configure the cleanup interval with the
xpack.security.session.cleanupInterval
setting. After the upgrade, all existing sessions are invalid and users must log back in to Kibana. It’s also no longer possible to host different Kibana tenants on different ports of the same host. Although this setup worked in the past, it was discouraged because browsers share cookies across all applications hosted using the same host name, ignoring ports. Cookies are now strictly tied to a particular tenant. #68117
- Uptime
-
- Pings Redirects #65292
-
Uses
service.name
to link from Uptime → APM where available #73618 - One click simple monitor down alert #73835
- Singular alert #74659
- Creates new path for client side monitoring #74740
- Adds rum core web vitals #75685
- Visitors by region map #77135
- Url search #77516
- Js errors #77919
- Synthetics UI #77960
- OpenTelemetry icons and data telemetry #78499
- Adds percentile selector #78562
- Adds core web vitals in obsv homepage #78976
- Makes uptime ping histogram bar clickable to improve filtering #79054
- Adds type row to monitor detail page #79556
- Allow add alert Flyout initial values like name, tags #76906
Bug fixes
edit- Alerting
-
- Overwrites SOs when updating instead of partially updating #73688
- Reloads the Alerts List when alerts are deleted #73715
- Fixes alerting_api_integration/security_and_spaces tests failing if actions proxy set on for parallel process running using commands scripts/functional_tests_server and scripts/functional_test_runner #75232
- Adds validation to display an error when creating index action in alert with invalid document. #75929
- Avoids setting a default dedupKey on PagerDuty #77773
- Fixes React warnings in Suspense usage during Alert creation #77777
- Fixes alert add and edit flyout to not close when user clicks outside #78860
- Fixes error in UI in the Edit Flyout for PreConfigured Connectors #78994
- Makes savedObjectId field optional #79186
- Renames "Built-In Alerts" feature to "Stack Alerts" and "Actions" feature to "Actions and Connectors" #79513
- Fixes sorting of Alert Instance in Details page #80103
- Fixes migration issue for case specific actions, by extending email action migrator checks #81673
- Fixes docs in trigger alerting UI #75363
- Populates alert instances view with event log data #68437
- Displays a banner to users when some alerts have failures, added alert statuses column and filters #79038
- Formalizes alert status and add status fields to alert saved object #75553
- APM
-
- Uses core.chrome to set window title #73232
- Chart units don’t update when toggling the chart legends #74931
- Fixes overlapping transaction names #76083
- Avoids negative offset for error marker on timeline #76638
-
Service Map:
Not Defined
option doesn’t work properly #77483 - Uses model_plot as a signal for anomaly scores #77756
- Fixes service maps ML link zoom value #77841
- Fixes APM header wrapping #78845
- Catches health status error from ML #80131
- Hides service if only data is from ML #80145
- Fixes link to trace #80993
- Service map handle timeout with messaging #82083
- Scale transaction rate correctly #82155
- Dashboard
- Discover
- Ingest Manager
-
- Fixes removing ingest pipelines from elasticsearch #75092
- Installs previous version of package if update fails #76694
- Agent Policy names are unique #79201
- Index pattern installation uses requested package version #80079
- Removes fields from index pattern during package uninstall #80082
- Allows default packages to be deleted from the default agent policy #81535
- Kibana UI
-
- Removes duplicate string in search dropdown #77429
- Lens and visualizations
-
- Lens fixes inconsistencies when switching with empty layer #72809
- Lens fixes bug in saving #74483
- Lens fixes table sorting bug #74902
- Lens fixes rollup related bugs #75314
- Lens fixes dimension popover design on mobile #75866
- Shows meta field data in Lens #77210
- Lens fixes unclear UI for bucket aggregation grouping order #77331
- Lens handles missing fields gracefully #78173
- Lens removes Over time suggestions for numeric intervals #78442
- Lens fixes display of multiple un-stacked bar series #78525
- Lens prevents values outside of range for number of top values #78734
- Lens fixes empty callout for empty/meta fields accordion #79429
- Lens fixes debouncing in visualization settings UI #79625
- Lens fixes chart switching for XY charts #80297
- Lens fixes URL query loss on redirect #81475
- TSVB fixes inaccurate Group By #73683
- TSVB ffixes bug on TopN weird behavior with zero values #74942
- TSVB fixes panel updates with back button #75896
- TSVB allows string fields on value count aggregation #79267
- Prevents pageload on TSVB drilldown #78005
- Data table fixes download filename when using split table #74231
- Bar chart fixes rendering of non-stacked bar #74930
- Bar chart fixes overlapping percentiles #75315
- Fix crash in input controls if index pattern is not available #79431
- Vega fixes unexpected change in autosizing behavior post upgrade #77408
- Timelion hides app from search results when the setting is disabled #77763
- In some old TSVB visualization saved objects, queries and filters can be stored. This is not possible anymore for a while and there is no way to edit them besides changing the JSON of the saved object, but they were still applied to the rendered output. In 7.10, these leftover queries and filters will be removed automatically from the saved object. In almost all cases, no change is necessary. If a visualization contained these local queries and filters deliberately, they should be converted to panel filters in the "Panel options" of the TSVB interface #75137
- Logs
- Machine Learning
-
- Updates broken job config callout error #75481
- Replaces all use of date_histogram interval with fixed_interval #76876
- Data frame analytics creation wizard: Fixes field loading race condition #77326
- Improves calendar ics file parsing #78986
- Data frame analytics creation wizard: Resolves clone usability issues #79048
- Fixes jobs so it limit job menu actions for jobs that are closing #79303
- Data frame analytics: Ensures clear error when index pattern missing #79378
- Avoids full page reload for links following CSV import #79539
- Classification results: Ensures confusion matrix doesn’t span full width #79790
- Fixes anomaly detection jobs list load if call to load job messages fails #79792
- Sends secondary auth headers to _explain #79814
- Fixes job selection flyout #79850
- Datagrid: Ensures column content with boolean schema is not capitalized #80041
- Fixes Anomaly Explorer charts time range to obey time picker range #80317
- Data frame analytics results: Ensures boolean values in confusion matrix are not capitalized #80350
- Fixes values for decision path not showing correctly for regression due to rounding #80555
- Fixes regression with some links not opening in new tab #80785
- Fixes callout message for total feature importance #80881
- Fixes exclude frequent in advanced wizard #81121
- Management
-
- Fixes the copy of the success notification that displays after creating or saving a watch #73982
- Data frame analytics / Transforms: Fixes job row actions menu invalid DOM nesting warning #74499
- Transforms: Unset doc title when app unmounts #75539
- Fixes a bug in Snapshot and Restore when creating a Snapshot Lifecycle Management policy, where the form could become locked if the user enter an invalid value and navigated to a previous step #76540
- The mappings editor in Index Management now supports configuring the positive_score_impact parameter for the rank_feature field type #76824
- Transforms: Fixes styling of preview grid pagination in summary step #77789
- Fixes a bug in the index template wizard, which resulted in an incorrect validation error when a user toggles between the dynamic templates and advanced settings tabs without providing any values #78707
- Checks for source indexPattern before opening clone wizard #79383
- Fixes an issue when editing the mappings of an index template and selecting the "Other" type #79434
- Transforms/Data frame analytics: Fixes data grid column sorting. #80618
- Transforms: Fixes tab ids for expanded row. #80666
- Fixes package upgrade breaking after first rollover before new data has arrived #79887
- Maps
-
- Fixes swap hidden/show icons in layer action panel #74549
- Fixes double fetch when filters are modified #74893
- Fixes read only badge is no longer shown in nav for users with read-only permission #76091
- Fixes Hotlink for EMS-add-data card do not working #76110
- Removes obsolete link #76419
- Exposes map title and description to reporting and embeddable container #79325
- Uses default format when proxying EMS-files #79760
- Fixes refreshing the page causes loss of unsaved change #81226
- Fixes top-level Map page is called Kibana #81238
- Fixes auto-refresh not auto fitting to bounds #81251
- Adds layer type preview icons #78650
- GeoJSON datasets #192
- Metrics
- Monitoring
-
- Ensures setup mode works on cloud but only for alerts #73127
- Fixes cluster link from cluster listing page #75016
- Only show Opt-In banner when user can change settings #76883
- Fixes dead links #78696
- Fixes cluster listing page in how it handles global state #78979
- Ensures alerting is optional #79168
- Adds in cluster version number for sec telemetry sender #80545
- Fixes sorting of alerts #80546
- Fixes a couple of issues with the cpu usage alert #80737
- Fixes alert defaults #81207
- Ensures some data is returned #81375
- Platform
-
- Simplifies buffer tests to reduce flakiness #73024
- Handles case where buffer receives multiple entities with the same ID #74943
- Time out work when it overruns in poller #74980
- Fixes a bug that caused some applications to not correctly render when a trailing slash was included at the end of their URLs #75074
- Prevents Task Manager from trying to claim invalid tasks #76891
- Leverages original http request error #79831
- Supports special characters in ES password #81564
- Querying & Filtering
-
- Fixes warning text doesn’t get displayed on filters with custom filter name #78617
- Reporting
-
- Allows any hostname for chromium proxy bypass #74693
- Fixes an issue with CSV Export where a job could fail if clearing the scroll ID failed in Elasticsearch #76014
- Fixes a bug where the downloading CSV from a saved search in a dashboard panel had no file name if the dashboard panels were hidden #76031
- Fixes the reporting exports to use the correct Space for advanced settings #76998
- Fixes a problem in the list of Reports jobs in Management would not refresh with the correct items immediately after deleting a report from the listing #78516
- Security
-
- Displays useful error when role creation fails #77600
- Previously when user started SAML or OpenID authentication handshake, but didn’t or couldn’t finish it they weren’t able to access Login Selector easily (e.g. to log in with another authentication provider) unless they used /login URL directly or manually cleared the session cookies. That was a very confusing user experience. The reason was that unauthenticated intermediate session that was created to support handshake forced Kibana to automatically restart the same handshake whenever user accessed Kibana. We fixed that and now in certain cases we ignore unauthenticated intermediate session allowing user to easily access Login Selector whenever they need it #79300
- Kibana can now properly handle values for xpack.security.session.idleTimeout and xpack.security.session.lifespan that are larger than ~24 days #79858
- Properly encodes links to edit user page #81562
- Fixes display of multiple roles in table views #81603
- Node list and node detail tests #74421
- Improves simulator. Add more click-through tests and panel tests. #74601
- [Detections] Refactors signal ancestry to allow multiple parents #76531
- Fixes for the Ticket 78375 #79004
- Resolver Tree Events tests #79344
- Adds the correct class to truncate the names in Endpoint list #79921
- [Detections] Fixes remaining render and validation bug with query preview + tests #80110
- New events resolver #80850
- enable_APM-ci branch fixes #81658
- Sharing
-
- Uses App Title for Display Instead of App Id #75457
- Spaces
-
- Fixes infinite loading spinner on the spaces selector screen. In the case an error occurs while trying to load the spaces that the current user has access to, an error message will now be shown instead of the loading spinner #79471
- Uptime