- Kibana Guide: other versions:
- What is Kibana?
- What’s new in 8.17
- Kibana concepts
- Quick start
- Set up
- Install Kibana
- Configure Kibana
- AI Assistant settings
- Alerting and action settings
- APM settings
- Banners settings
- Cases settings
- Enterprise Search settings
- Fleet settings
- i18n settings
- Logging settings
- Logs settings
- Metrics settings
- Monitoring settings
- Reporting settings
- Search sessions settings
- Secure settings
- Security settings
- Spaces settings
- Task Manager settings
- Telemetry settings
- URL drilldown settings
- Start and stop Kibana
- Access Kibana
- Securing access to Kibana
- Add data
- Upgrade Kibana
- Configure security
- Configure reporting
- Configure logging
- Configure monitoring
- Command line tools
- Production considerations
- Discover
- Dashboards
- Canvas
- Maps
- Build a map to compare metrics by country or region
- Track, visualize, and alert on assets in real time
- Map custom regions with reverse geocoding
- Heat map layer
- Tile layer
- Vector layer
- Plot big data
- Search geographic data
- Configure map settings
- Connect to Elastic Maps Service
- Import geospatial data
- Troubleshoot
- Reporting and sharing
- Machine learning
- Graph
- Alerting
- Observability
- Search
- Security
- Dev Tools
- Fleet
- Osquery
- Stack Monitoring
- Stack Management
- Cases
- Connectors
- Amazon Bedrock
- Cases
- CrowdStrike
- D3 Security
- Google Gemini
- IBM Resilient
- Index
- Jira
- Microsoft Teams
- Observability AI Assistant
- OpenAI
- Opsgenie
- PagerDuty
- SentinelOne
- Server log
- ServiceNow ITSM
- ServiceNow SecOps
- ServiceNow ITOM
- Swimlane
- Slack
- TheHive
- Tines
- Torq
- Webhook
- Webhook - Case Management
- xMatters
- Preconfigured connectors
- License Management
- Maintenance windows
- Manage data views
- Numeral Formatting
- Rollup Jobs
- Manage saved objects
- Security
- Spaces
- Advanced Settings
- Tags
- Upgrade Assistant
- Watcher
- REST API
- Get features API
- Kibana spaces APIs
- Kibana role management APIs
- User session management APIs
- Saved objects APIs
- Data views API
- Index patterns APIs
- Alerting APIs
- Action and connector APIs
- Cases APIs
- Import and export dashboard APIs
- Logstash configuration management APIs
- Machine learning APIs
- Osquery manager API
- Short URLs APIs
- Get Task Manager health
- Upgrade assistant APIs
- Synthetics APIs
- Uptime APIs
- Kibana plugins
- Troubleshooting
- Accessibility
- Release notes
- Upgrade notes
- Kibana 8.17.1
- Kibana 8.17.0
- Kibana 8.16.3
- Kibana 8.16.2
- Kibana 8.16.1
- Kibana 8.16.0
- Kibana 8.15.5
- Kibana 8.15.4
- Kibana 8.15.3
- Kibana 8.15.2
- Kibana 8.15.1
- Kibana 8.15.0
- Kibana 8.14.3
- Kibana 8.14.2
- Kibana 8.14.1
- Kibana 8.14.0
- Kibana 8.13.4
- Kibana 8.13.3
- Kibana 8.13.2
- Kibana 8.13.1
- Kibana 8.13.0
- Kibana 8.12.2
- Kibana 8.12.1
- Kibana 8.12.0
- Kibana 8.11.4
- Kibana 8.11.3
- Kibana 8.11.2
- Kibana 8.11.1
- Kibana 8.11.0
- Kibana 8.10.4
- Kibana 8.10.3
- Kibana 8.10.2
- Kibana 8.10.1
- Kibana 8.10.0
- Kibana 8.9.2
- Kibana 8.9.1
- Kibana 8.9.0
- Kibana 8.8.2
- Kibana 8.8.1
- Kibana 8.8.0
- Kibana 8.7.1
- Kibana 8.7.0
- Kibana 8.6.1
- Kibana 8.6.0
- Kibana 8.5.2
- Kibana 8.5.1
- Kibana 8.5.0
- Kibana 8.4.3
- Kibana 8.4.2
- Kibana 8.4.1
- Kibana 8.4.0
- Kibana 8.3.3
- Kibana 8.3.2
- Kibana 8.3.1
- Kibana 8.3.0
- Kibana 8.2.3
- Kibana 8.2.2
- Kibana 8.2.1
- Kibana 8.2.0
- Kibana 8.1.3
- Kibana 8.1.2
- Kibana 8.1.1
- Kibana 8.1.0
- Kibana 8.0.0
- Kibana 8.0.0-rc2
- Kibana 8.0.0-rc1
- Kibana 8.0.0-beta1
- Kibana 8.0.0-alpha2
- Kibana 8.0.0-alpha1
- Developer guide
Kibana 8.3.0
editKibana 8.3.0
editReview the following information about the Kibana 8.3.0 release.
Known issues
editAlerting users who are running 8.2 should not upgrade to either 8.3.0 or 8.3.1. Both 8.3.0 and 8.3.1 have a bug where alerting rules that were created or edited in 8.2 will stop running on upgrade. If you have upgraded to 8.3.0 or 8.3.1 and your alerting rules have stopped running with an error similar to the following example, you will need to go to Stack Management > Rules and Connectors, multi-select the failed rules, click on Manage rules > Disable and then click on Manage rules > Enable. Disabling and re-enabling the rule will generate a new API key using the credentials of the user performing these actions and reset the rule state. For more details about API key authorization, refer to API keys.
- Example error message
<rule-type>:<UUID>: execution failed - security_exception: [security_exception] Reason: missing authentication credentials for REST request [/_security/user/_has_privileges], caused by: ""
Breaking change
editBreaking changes can prevent your application from optimal operation and performance. Before you upgrade, review the breaking change, then mitigate the impact to your application.
Removes Quandl and Graphite integrations
Details
The experimental .quandl
and .graphite
functions and advanced settings are removed from Timelion. For more information, check #129581.
Impact
When you use the vis_type_timelion.graphiteUrls
kibana.yml setting, Kibana successfully starts, but logs a [WARN ][config.deprecation] You no longer need to configure "vis_type_timelion.graphiteUrls".
warning.
To leave your feedback about the removal of .quandl
and .graphite
, go to the discuss forum.
Makes Osquery All with All base privilege
Details
The Osquery Kibana privilege has been updated, so that when the Privileges for all features level is set to All, this now applies All to Osquery privileges as well. Previously, users had to choose the Customize option to grant any access to Osquery. For more information, refer to #130523.
Impact
This impacts user roles that have Privileges for all features set to All. After this update, users with this role will have access to the Osquery page in Kibana. However, to use the Osquery feature fully, these requirements remain the same: users also need Read access to the logs-osquery_manager.result* index and the Osquery Manager integration must be deployed to Elastic Agents.
To review the breaking changes in previous versions, refer to the following:
8.2.0 | 8.1.0 | 8.0.0 | 8.0.0-rc2 | 8.0.0-rc1 | 8.0.0-beta1 | 8.0.0-alpha2 | 8.0.0-alpha1
Deprecations
editThe following functionality is deprecated in 8.3.0, and will be removed in 9.0.0. Deprecated functionality does not have an immediate impact on your application, but we strongly recommend you make the necessary updates after you upgrade to 8.3.0.
Removes apm_user
Details
Removes the apm_user
role. For more information, check #132790.
Impact
The apm_user`role is replaced with the `viewer
and editor
built-in roles.
Deprecates input controls
Details
The input control panels, which allow you to add interactive filters to dashboards, are deprecated. For more information, check #132562.
Impact
To add interactive filters to your dashboards, use the new controls.
Deprecates anonymous authentication credentials
Details
The apiKey, including key and ID/key pair, and elasticsearch_anonymous_user
credential types for anonymous authentication providers are deprecated. For more information, check #131636.
Impact
If you have anonymous authentication provider configured with apiKey or elasticsearch_anonymous_user
credential types, a deprecation warning appears, even when the provider is not enabled.
Deprecates v1 and v2 security_linux and security_windows jobs
Details
The v1 and v2 job configurations for security_linux and security_windows are deprecated. For more information, check #131166.
Impact
The following security_linux and security_windows job configurations are updated to v3:
-
security_linux:
- v3_linux_anomalous_network_activity
- v3_linux_anomalous_network_port_activity_ecs
- v3_linux_anomalous_process_all_hosts_ecs
- v3_linux_anomalous_user_name_ecs
- v3_linux_network_configuration_discovery
- v3_linux_network_connection_discovery
- v3_linux_rare_metadata_process
- v3_linux_rare_metadata_user
- v3_linux_rare_sudo_user
- v3_linux_rare_user_compiler
- v3_linux_system_information_discovery
- v3_linux_system_process_discovery
- v3_linux_system_user_discovery
- v3_rare_process_by_host_linux_ecs
-
security_windows:
- v3_rare_process_by_host_windows_ecs
- v3_windows_anomalous_network_activity_ecs
- v3_windows_anomalous_path_activity_ecs
- v3_windows_anomalous_process_all_hosts_ecs
- v3_windows_anomalous_process_creation
- v3_windows_anomalous_script
- v3_windows_anomalous_service
- v3_windows_anomalous_user_name_ecs
- v3_windows_rare_metadata_process
- v3_windows_rare_metadata_user
- v3_windows_rare_user_runas_event
- v3_windows_rare_user_type10_remote_login
Updates the default legend size
Details
In the Lens visualization editor, the Auto default for Legend width has been deprecated. For more information, check #130336.
Impact
When you create Lens visualization, the default for the Legend width is now Medium.
Deprecates xpack.data_enhanced.*
Details
In kibana.yml, the xpack.data_enhanced.*
setting is deprecated. For more information, check #122075.
Impact
Use the data.*
configuration parameters instead.
Features
editKibana 8.3.0 adds the following new and notable features.
- Alerting
- Cases
- Dashboard
- Enables the new controls by default #131341
- Discover
- Elastic Security
- For the Elastic Security 8.3.0 release information, refer to Elastic Security Solution Release Notes.
- Fleet
- Changes to agent upgrade modal to allow for rolling upgrades #132421
- Lens & Visualizations
- Machine Learning
- Management
- Monitoring
- Adds the Stack monitoring health API #132705
- Observability
- Platform
-
Adds
xyVis
andlayeredXyVis
#128255 - Querying & Filtering
- Improves the current filter/search experience #128401
- Sharing
- Adds method to re-link visualizations with missing index-pattern #132336
For more information about the features introduced in 8.3.0, refer to What’s new in 8.3.
On this page