Kibana breaking changesedit

This list summarizes the most important breaking changes in Kibana 7.0.0. For the complete list, go to Kibana breaking changes.

Saved object structure changeedit

Details: Saved objects no longer contain ids of other saved objects under attributes. They have been moved under references with a named reference in attributes.

Example structure before:

{
  ...
  "attributes": {
    ...
    "panelsJSON": [{
      ...
      "type": "visualization",
      "id": "dbf71bb0-ffad-11e8-acfd-d359b3d9069"
    }]
  }
}

Example structure after:

{
{
  ...
  "attributes": {
    ...
    "panelsJSON": [{
      ...
      "panelRefName": "panel_0"
    }]
  },
  "references": [{
    "name": "panel_0",
    "type": "visualization",
    "id": "dbf71bb0-ffad-11e8-acfd-d359b3d9069"
  }]
}

Impact: Users who query directly for ids will have to use the new hasReference in the find API. Users who save ids within attributes will have to move them into the references attribute and have a named reference to it.

Removed support for using PhantomJS browser for screenshots in Reportingedit

Details: Since the first release of Kibana Reporting, PhantomJS was used as the headless browser to capture screenshots of Kibana dashboards and visualizations. In that short time, Chromium has started offering a new headless browser library and the PhantomJS maintainers abandoned their project. We started planning for a transition in 6.5.0, when we made Chromium the default option, but allowed users to continue using Phantom with the xpack.reporting.capture.browser.type: phantom setting. In 7.0, that setting will still exist for compatibility, but the only valid option will be chromium.

Impact: Before upgrading to 7.0, if you have xpack.reporting.capture.browser.type set in kibana.yml, make sure it is set to chromium.

Note

Reporting 7.0 uses a version of the Chromium headless browser that RHEL 6, CentOS 6.x, and other old versions of Linux derived from RHEL 6. This change effectively removes RHEL 6 OS server support from Kibana Reporting. Users with RHEL 6 must upgrade to RHEL 7 to use Kibana Reporting starting with version 7.0.0 of the Elastic stack.

Legacy browsers (namely IE11) will see a security warning message whenever they load Kibanaedit

Details: Kibana now has a Content Security Policy, but it’s only effective if browsers enforce it, and since older browsers like Internet Explorer 11 do not support CSP, we show them a warning message whenever they load Kibana.

Impact: Nothing needs to be done necessarily, but if you don’t need to support legacy browsers like IE11, we recommend that you set csp.strict: true in your kibana.yml to block access to those browsers entirely. If your organization requires users to use IE11, you might like to disable the warning entirely with csp.warnLegacyBrowsers: false in your kibana.yml.

Optimization step deferred until server startedit

Details: Prior versions of Kibana would run the optimization step after each plugin installation. This is now run on server start when necessary.

Impact: Users can trigger a standalone optimization after all plugins have been installed with bin/kibana --optimize or let the server manage it on startup.

Removed support for users relying on direct index privileges to the Kibana index in Elasticsearchedit

Details: With the introduction of Kibana RBAC in 6.4, users no longer require privileges to the Kibana index in Elasticsearch. Instead, users should be granted Kibana privileges. Prior to 7.0, when a user that relies upon direct index privileges logs into Kibana, a deprecation warning is logged. The only role that should have privileges to the Kibana index in Elasticsearch is the kibana_system role, or a custom role which the Kibana server uses. If you are using the kibana_user or kibana_dashboard_only_user role to grant access to Kibana, or a custom role using Kibana privileges, no changes are required.

Impact: You must change any roles which grant access to Kibana using index privileges to instead use Kibana privileges. Watcher jobs using the Reporting attachment type must be updated as well.

elasticsearch.ssl.ca is no longer validedit

Details: The deprecated elasticsearch.ssl.ca setting in the kibana.yml file has been removed.

Impact: Use elasticsearch.ssl.certificateAuthorities instead.

elasticsearch.ssl.cert is no longer validedit

Details: The deprecated elasticsearch.ssl.cert setting in the kibana.yml file has been removed.

Impact: Use elasticsearch.ssl.certificate instead.

elasticsearch.ssl.verify is no longer validedit

Details: The deprecated elasticsearch.ssl.verify setting in the kibana.yml file has been removed.

Impact: Use elasticsearch.ssl.verificationMode instead. If you set elasticsearch.ssl.verify to true, that is equal to setting elasticsearch.ssl.verificationMode to full.

elasticsearch.url is no longer validedit

Details: The deprecated elasticsearch.url setting in the kibana.yml file has been removed.

Impact: Use elasticsearch.hosts instead. In prior versions of Kibana, if no port was specified in elasticsearch.url, a default of 9200 was chosen. The port in elasticsearch.hosts is protocol dependent: https ports will use 443, and http ports will use 80. If your elasticsearch.url setting was dependent on an unspecified port set to 9200, append :9200 to the url in the elasticsearch.hosts setting.