This list summarizes the most important enhancements in Kibana 8.1.

Discoveredit

Field statistics on by defaultedit

Find fields to visualize and learn more about the shape of your data with Field statistics. This view is similar to the Index Data Visualizer in Machine Learning. For details, check Explore the fields in your data.

New $ field syntax for Painless scriptsedit

Creating runtime fields is now easier and more reliable. Kibana has a shortcut for the field method when a script context supports the scripting fields API. This shortcut replaces field('fieldname').get(defaultValue) with $('fieldname', defaultValue). For more information, check Explore your data with runtime fields.

Before

if (!doc.containsKey('myfield') || doc['myfield'].empty) { return "unavailable" } else { return doc['myfield'].value }

After

$('myfield', 'unavailable')

Calling all Document Explorersedit

Try the new Document Explorer, which helps you quickly sort, select, and compare data, resize columns, and view documents in fullscreen. The Document Explorer is in beta in 8.1.

Dashboardedit

Synchronized ML anomaly visualizationsedit

Machine Learning visualizations now synchronize your cursor position with the visualization panels you create with Lens, TSVB, Timelion, and Aggregation-based editors. Highlight an anomaly in time and see a visual indication of this time on other panels. The reverse is also true—hovering in another editor highlights the same point-in-time in Machine Learning panels.

Canvasedit

Add heatmap elements to workpadsedit

Create heatmaps in workpads using Canvas-only functionality to fetch data, such as Elasticsearch SQL. Configure your heatmap with flexible legend, axis, and visual controls.

New filter capabilitiesedit

Use the new Filter panel on any object to see which objects are filtering it. This helps you author your workpad with the right behavior.

Lens & visualizationsedit

Combine fields with drag and dropedit

Combine multiple fields with drag and drop to view the top combinations in Lens. You’ll find the combinations that contribute most to your metrics' performance.

Top values by rarityedit

Take advantage of the Elasticsearch rare terms aggregations in Lens and view the top values by rarity. You’ll find answers to "What’s not normal here?"

Horizontal and vertical gaugesedit

Use the gauge visualization to add extra context to your metrics. Show minimum and maximum values dynamically by using a quick function or custom formula, or set a static value for known metric ranges. Include a goal value to see if a metric is above or below the goal. Set color bands to show ranges visually—similar to reference lines in bar, line, and area visualizations. The gauge visualization is in technical preview in 8.1.

Mosaic visualizationedit

Add a mosaic visualization, also known as marimekko or mekko, for side-by-side comparison of two dimensions against a single metric. Treemaps and two-layered pies do this as well, but the mosaic can be more effective for visual comparisons by aligning the colors for the terms side-by-side. For the best mosaic visualizations, create with low cardinality dimensions. The mosaic visualization is in technical preview in 8.1.

Waffle visualizationedit

Create proportional waffle visualizations, which make more efficient use of space than pie charts. Waffles are designed for square spaces, which aligns well with how most dashboards are created. Because waffles display the data in 1% blocks, they are best for low cardinality breakdowns, and are not recommended for small partitions. You might be surprised how small you can make a waffle visualization and maintain readability. The waffle visualization is in technical preview in 8.1.

Color by value in metricsedit

Apply color to the text and background of metric visualizations based on the value of the metric. Set up color stops for multiple colors, similar to what you can do in Lens tables, heatmaps, and gauge.

Sort tables in dashboard view modeedit

Enable users with view-only dashboard privileges to sort data tables on the fly, similar to the existing visualization editor behavior.

Filter formulas globallyedit

Filter each part of your formula with KQL without copying or pasting to all the aggregations in the formula.

Configurable donut visualizationsedit

Configure the inner area size (or donut hole) in the donut visualization. The inner area is a smaller size by default to allow maximize space for labels. You can change this option in Lens.

Collapsable Suggestions paneledit

Get back some vertical space in Lens and save on the query cost of suggestions by collapsing the Suggestions panel. Kibana remembers when you collapse your suggestions the next time you use the editor with the same browser.

Improved color controlsedit

The revised color stop editing experience offers a more streamlined way to specify what happens outside of the defined ranges (above and below the minimum and maximum). These revised controls also add the ability to evenly distribute color stops in one click. Look for the new functionality in Lens tables, heatmaps, metrics, and gauges.

Mapsedit

Shapefile uploadedit

Load shapefiles into Elastic with this simple but powerful uploader built right into the Maps application. Easily load local open data and boundaries for analysis and comparison.

Vector tiles now the defaultedit

All new polygon layers now enable Use vector tiles by default. Vector tiles offer the best performance and smooth zooming over the alternative methods. You can change the scaling options in layer settings if you prefer the previous approach.

Machine learningedit

Machine learning UI enhancements: easier anomaly investigation, new side navigationedit

8.1 contains a couple of enhancements on the machine learning UI. One of the enhancements helps the user interpret the results of their anomaly detection jobs and explore what else is happening around the time of an anomaly. In the anomalies table a drilldown link to Discover is automatically available to investigate the anomaly in the context of the source data. For the charts in the Anomaly Explorer, synchronized crosshair lines are provided on hover so that you can see what other anomalous behavior is occurring at a point in time.

The top navigation bar is now replaced with side navigation. The side navigation is collapsible, so views such as the Anomaly Explorer and Single Metric Viewer can benefit from being viewed at full width if desired.

Transform enhancementsedit

You can now reset and re-run your transform from the beginning. Transform counters will be reset to zero and if the destination index was created by the transform it will also be deleted.

Other features previously only available to API users are also added to the UI for 8.1: the ability to configure an ingest pipeline to enrich the data persisted to the destination index, and the terms aggregation is available in the list of options when building the aggregations in the pivot transform wizard.

Machine learning anomaly layers in Mapsedit

Maps introduces a new vector layer–you can add layers to your maps that display points or lines for the anomalies in your geographic data.

ResponseOpsedit

Summary stats bar in Casesedit

The new section at the top of the Cases view displays summary statistics for the case, such as total numer of alerts, and counts of associated users and hosts. The summarized information in the stats bar help the analyst to determine the priority of a case and indicate effectiveness.