Kibana X-Pack 6.0.0 Release Notesedit

The lists below cover changes between 5.6.4 and 6.0.0 only.

Breaking Changesedit

  • When X-Pack security is enabled, reports will only be accessible to the user that created them.
  • When X-Pack security is enabled, user authorization is controlled by the xpack.reporting.roles.allow setting in the kibana.yml which defaults to ['reporting_user']. Users will no longer have access to the underlying X-Pack reporting indices in Elasticsearch when assigned to the built-in reporting_user role. If using custom reporting roles, the privileges to the indices will need to be removed, and the role will need to be added to the xpack-reporting.roles.allow setting.
  • The built-in users (elastic, kibana, and logstash_system) no longer have default passwords. You must create passwords for these users and configure Kibana to use this information. For more information, see Setting Up User Authentication.
  • The built-in HTTP client used in webhooks, the http input and the http email attachment has been replaced. This results in the need to always escape all parts of an URL.
  • The new built-in HTTP client also enforces a maximum request size, which defaults to 10mb.
  • The watch _status field has been renamed to status, as underscores in field names will not be allowed.


  • If you had a chance to check out the new Dashboard Only Mode in 6.0.0-beta1, we’ve changed things up a bit for 6.0.0-beta2. Previously we required you to flag every role a user belonged to as being in the View dashboards only mode in order for that user to be flagged as a Dashboard only mode user. In this new set up, we created a reserved role, kibana_dashboard_only_user, that is already pre-configured with read only access to the .kibana index, and set up to be in Dashboard Only Mode. All you have to add is this one role to any user and they will now be a Dashboard Only Mode user. We also got rid of this new setting in the Roles UI, as this one role should suffice for most user’s setups. If you have a more complicated setup, such as multi-tenancy with multiple .kibana indexes, you can create more dashboard only mode roles by adding role names to the xpackDashboardMode:roles advanced setting. For more information, see Kibana Dashboard Only Mode.
Machine Learning
  • Added a Datefeed Preview tab to expanded rows in the jobs list under Job Management. This displays the JSON response from the preview endpoint.
  • Added an option to create a watch when you start a datafeed in Kibana. After the datafeed starts, you are prompted to specify details such as the interval and the anomaly severity threshold. If Watcher is disabled, this option does not appear.
  • Updated the bucket span estimator, which suggests bucket span values when you create jobs in Kibana. The estimator now suggests a minimum bucket span value of 15 minutes.
  • The Logstash Pipeline viewer in Kibana displays an information icon and a corresponding tip for every plugin that does not define an ID explicitly. Defining an ID for plugins enables you to track differences across pipeline changes. For more information, see Pipeline Viewer UI.
  • Added an alert in clusters that have trial licenses and have enabled X-Pack security but do not have TLS/SSL configured. The message provides information about the steps that are required to enable X-Pack security when they obtain a non-trial license.
  • Added support for cluster alerts, for example to provide information about license expiration.
  • Added an advanced setting for a default admin e-mail, which is the recipient of X-Pack admin operations such as cluster alert e-mail notifications.
  • Enabled export as CSV.
  • Added a View Dashboards Only setting to the roles section under Security management. If a user is assigned a role that has this setting enabled, when they access Kibana it presents Dashboard Only mode.
  • Added reserved kibana_dashboard_only_user role. For more information, see Kibana Dashboard Only Mode.
  • Watcher indices no longer use multiple types.

Bug Fixesedit

Dev Tools
  • Clarified field labels in the Grok Debugger.
  • Added auto-sizing to the input, pattern, and output text areas in the Grok Debugger.
  • Added auto-sizing of the custom patterns text area in the Grok Debugger.
  • Enabled users to specify custom patterns in a well-known format in the Grok Debugger.
  • Fixed issue with input not being accepted in the Sample Data or Grok Pattern fields in the Grok Debugger.
  • Reinstated _xpack/graph/_explore as the correct graph endpoint. _xpack/_graph/_explore is deprecated and will be removed in v7.0.
Machine Learning
  • Fixed the position of text that appears when you hover over anomalies in machine learning charts in a Safari web browser.
  • Fixed machine learning charts so that they plot nulls as gaps rather than zeroes. This change provides a more accurate visual indication of gaps in the data.
  • Added support for periods in field names when you create jobs or datafeeds in Kibana.
  • Fixed job creation failure that occurred when using saved searches with filters.
  • Fixed generated reports such that they show the time zone on the client, as specified in the dateFormat field in the Advanced Settings.
  • Resolved intermittent issue with Firefox logging users out of Kibana after they download a PDF report.
  • Ensured that privileged information does not appear in the error message when a Kibana login attempt fails.
  • Fixed problem related to creating a threshold-based alert in Kibana with a Safari web browser. For example, the dialogs related to choosing fields and aggregations were not shown in that browser.
  • Fixed incorrect watch states in Kibana. In particular, the UI now respects the actual state of the watch when exceptions occur in its input or condition.
  • The HTTP client respects timeouts now and does not get stuck leading to stuck watches.