Enhancements and bug fixesedit

The following changes are included in this release.


Faster recovery Depending on instance type and container size, Elasticsearch instances will now recover faster. This applies to Elasticsearch version 8.1 and later.

Added an API endpoint where organizations can claim their private link Added an API endpoint where organizations can claim their private link (AWS PrivateLink, Azure Private Link, or GCP Private Service Connect). Only the owner of the private link can use the private link in a traffic filter, reducing the risk of data exfiltration.


Set default APM client timeout to 1800s (30m). The default APM client timeout is now to 1800s (30m).

Add Kibana server.compression.brotli.enabled setting to allowlist. For version 8.6 and higher of the Elastic Stack, you can now enable brotli compression format for the Kibana server by using the server.compression.brotli.enabled Kibana user setting.

Avoid App.tsx mounting on URL change. Avoid App.tsx mounting on URL change. This resolves an issue with the appearance of breadcrumbs in the Elasticsearch Service UI.

vCPU information available in autoscaling user interface for Machine Learning. The autoscaling user interface now shows the minimum vCPU values for Machine Learning instances, plus the amount it can be boosted up to for small instances.

Email notifications use a default connector. Kibana can send notifications to users in multiple scenarios. Some examples include case assignment and @mentioning. To that end, Kibana version 8.6.0 and later includes a new 'notifications' plugin, which exposes a simple email service to send email notifications. This service uses the default email service that is provided by the Elasticsearch Service.

Compile glossaries To make all Elastic terminology easier to find, we’ve compiled the multiple glossaries into a single comprehensive glossary that compiles entries from across all Elastic products and solutions, including those from the former Elasticsearch Service glossary.

Bug fixesedit

Convert int_server to APM when vacating those nodes from the Deployment page. Fixed a bug whereby Integrations Server instances were not able to be moved from one allocator to another, if the action was taken from the Deployment page.

Support extensions with compressed zip entries. Fixed a bug in uploading extensions compressed by Mac OS Finder.

Rewrite the helper function to take into account the current plan. Fixed a bug where removing a topology element in the Edit page would lead to a warning about elements already existing in the deployment. This was a false positive.

The v1/logs/_search endpoint now shows total search hits. A total field has been added to the deployment log search responses. This indicates the pagination required to get through the results.

Rename JVM keystore configs in Elasticsearch cluster data. The trust.jvm_trust_store and trust.jvm_store_pass Elasticsearch cluster data settings have been renamed to jvm_trust_store.name and jvm_trust_store.password, respectively.

Add step to remove route-server certs on disk prior to recreating route-server and restarting proxy. The certificate rotation script has been updated to remove proxy/route-server certificates on disk when they are expiring to allow newly created certs to be written back to disk upon route-server start-up.

Breaking changesedit

Remove elevate endpoint. The /api/v1/users/auth/_elevate endpoint has been removed in this release.


End of Cloud UI Support for managing Shield users. For Elasticsearch versions before 5.0, users and roles are configured in the Cloud UI Shield user editor. However, in order to support our upcoming changes for role-based access control (RBAC), we are planning to discontinue the legacy APIs that this editor uses. As of the end of January 2023, version 2.4 deployments will no longer be able to edit these users and roles via the Cloud UI.