Kibana 7.10.0edit

For detailed information about the 7.10.0 release, review the following sections.

Breaking changesedit

Breaking changes can prevent your application from optimal operation and performance. Before you upgrade to 7.10.0, review the breaking changes, then mitigate the impact to your application.

Breaking changes for usersedit

Legacy plugins support removededit

The legacy plugin system and the legacy plugin API have been removed. Legacy plugin owners should migrate their plugins to the Kibana Platform plugin API.

via #77599

Support added for Kibana Platform pluginsedit

The bin/kibana-plugin CLI has been updated to work with the new Kibana Platform plugin format instead of the legacy plugin format.

via #74604

Vega visualizations without $schema property no longer supportededit

Previously, if you did not provide the $schema property, the default value was set and hardcoded in the Vega code. The visualization was then rendered with a warning message. This introduced difficulties when updating the version of the Vega library.

Now all Vega specs must contain the $schema param. In no $schema param exists, an error message is returned. Refer to the Vega docs for more information about this property.

via #73805

Breaking changes for plugin developersedit

Config moved from xpack.ingestManager to xpack.fleet

To rename the Ingest Manger plugin to Fleet:

  • The Kibana config for Ingest Manager moved from xpack.ingestManager.* to xpack.fleet.*.
  • The config options specific to agents moved to xpack.ingestManager.fleet.* and xpack.fleet.agents.*.

via #79406

Plugins server code no longer transpiled with Babel

Kibana plugins can no longer rely on their server code being automatically transpiled with Babel. The @kbn/plugin-helpers provide a build task that will transform a plugin’s server code to plain JS via Babel, but plugin authors can use a tool of their choosing to accomplish the same result.

via #79176 and #79379*

Ingest Manager APIs moved to Fleet

The following Ingest Manager API routes changed:

  • All API routes moved from /api/ingest_manager/* to /api/fleet/*
  • All previous Fleet routes moved from /api/ingest_manager/fleet/* to /api/fleet/*. This includes:

    • /api/ingest_manager/fleet/agents/api/fleet/agents
    • /api/ingest_manager/fleet/enrollment-api-keys/api/fleet/enrollment-api-keys
  • The Fleet setup API moved from /api/ingest_manager/fleet/setup to /api/fleet/agents/setup

via #79193

SearchSource is now exposed on the server

The high-level search API SearchSource is now available on the server:

function async myRouteHandler(context, request, response) {
  const searchSource = await data.search.searchSource.asScoped(request);
  searchSource.createEmpty(); // API after calling `asScoped` matches the client-side service
}

via #78383

Response status helpers added

This release introduces the following search helpers:

  • isCompleteResponse
  • isErrorResponse
  • isPartialResponse

via #78006

The index pattern factory and crud methods refactored

The refactoring includes the following changes:

  • Create new indexPattern instance (unsaved) - indexPatternService.make() => indexPatternService.create(indexPatternSpec, skipFetchFields)
  • Save new index pattern - indexPattern.create() => indexPatternService.createSavedObject(indexPattern)
  • Setting the default index pattern is done as part of indexPatternService.createSavedObject, but can also be called individually- uiSettings.set('defaultIndex', id) => indexPatternService.setDefault(indexPatternId, force)
  • Update index pattern - indexPattern.save() => indexPatternService.updateSavedObject(indexPattern)
  • Additional changes:

    • indexPatternService.get(); no longer returns a new IndexPattern instance
    • indexPattern.fieldsFetcher is replaced by indexPatternService.getFieldsForWildcard and indexPatternService.getFieldsForIndexPattern
    • indexPattern.originalBodyindexPattern.originalSavedObjectBody updates via indexPattern.resetOriginalSavedObjectBody
    • indexPattern.refreshFields => indexPatternService.refreshFields(indexPattern)
    • indexPatternService.createAndSave(indexPatternSpec) convenience method added
    • indexPatternService.getFieldsForWildcard can be called directly. Previously a temp index pattern had to be created.

via #77791

Error notifications now aligned

The data.search service now includes these explicit error types:

  • AbortError if the request was canceled by the application or by calling cancelPending.
  • SearchTimeoutError if the request has timed out on the client or on the server.
  • PainlessError if there’s an painless script error inside the response
  • If the error is unidentified, it throws the error as is.

The new showError function can be used with these errors to show customized toast messages. Applications may choose to handle errors differently. However, the SearchTimeoutError error notification is shown regardless.

data.search.search(...)
   .catchError((e: Error) => {
       data.search.showError(e);
   }

via #77788

className prop added to QueryStringInput component

A className prop was added to the main container of the QueryStringInput component.

via #76848

KibanaRequest now has a uuid property

KibanaRequest now has a uuid property, which is a UUID that uniquely identifies the request.

via #76822

Index pattern save moved to index pattern service

IndexPattern.save has been replaced with IndexPatternsService.save.

via #76706

FetchOptions replaced with ISearchOptions

The FetchOptions type was removed—use the ISearchOptions type instead. The ISearchOptions signal option was renamed to abortSignal.

via #76538

Legacy Elasticsearch client APIs removed

The __LEGACY APIs have been removed from the data plugin’s client-side search service. Specifically, data.search.__LEGACY.esClient is no longer exposed, and the legacy elasticsearch-browser package has been removed from the repo. If you rely on this client in your plugin, we recommend migrating to the new elasticsearch-js client.

via #75943

Plugin status API added

Kibana Platform plugins can now read the status of their dependencies, their plugin’s default status, and manually override that status as reported to the end user and on the /api/status endpoint.

class MyPlugin {
  setup(core) {
    // Override default behavior and only elevate severity when elasticsearch is not available
    core.status.set(
      core.status.core$.pipe(core => core.elasticsearch);
    );
  }
}

via #75819

New advanced setting searchTimeout added

The behavior of how search requests timeout changed:

  • The Kibana server uses the new Elasticsearch client. The client already uses all timeout configurations such as requestTimeout, shardTimeout, and maxRetries. Because the client can’t override those settings, in OSS, we removed the code governing the Elasticsearch timeout on the client. Instead, this change adds handling for a timeout error response. A nice side effect is being able to remove injectDefaultVars from the legacy core plugin.
  • With Basic+ licenses, users can control the maximum time for a search session (for example, a single re-load of a dashboard), per space. Aa new Advanced Setting can be set to a positive value, or to 0, allowing queries to run without a timeout, as long as a user stays on screen.

via #75728

IndexPattern class no longer uses getConfig or uiSettingsValues

The IndexPattern class now takes shortDotsEnable (boolean) and metaFields (string[]) as arguments. These were formerly provided by uiSettings

via #75717

The expressions plugin has removed its __LEGACY APIs

The expressions plugin has removed its __LEGACY APIs, which were designed for internal use in Canvas. In the unlikely event that you rely on the expressions.__LEGACY namespace, you will need to copy the relevant code into your plugin before updating.

Also removed is the createKibanaUtilsCore helper from the kibana_utils plugin, which was only used in the legacy Expressions APIs.

via #75517

The search service’s getParamsFromSearchRequest helper changed

The getParamsFromSearchRequest helper changed to prepare for exposing SearchSource on the server. If your plugin relies on this helper, update the dependencies passed to it as follows:

       import { getSearchParamsFromRequest } from '../../../src/plugins/data/public';

       const params = getSearchParamsFromRequest(request, {
-          injectedMetadata: core.injectedMetadata,
-          uiSettings: core.uiSettings,
+          esShardTimeout: core.injectedMetadata.getInjectedVar('esShardTimeout') as number,
+          getConfig: core.uiSettings.get.bind(core.uiSettings),
       });

via #75368

Dependencies removed from index pattern list and field list

The index pattern fields class has the following changes:

  • The class is no longer created using a constructor. This produced odd side effects when array methods were used. In particular, removing the IndexPattern argument revealed that the FieldList constructor was being called when filter and similar were called, producing an error. Now, it’s only created once by IndexPattern.
  • The IndexPattern object and onNotification are no longer provided to the creation function.

The index pattern field class has the following changes:

  • The IndexPattern object and onNotification are no longer provided to the constructor.
  • The format attribute no longer exists. Use IndexPattern.getFormatterForField instead.
  • A callback is no longer used when an unknown field type is encountered. Instead it throws FieldTypeUnknownError.
  • toSpec now takes an optional argument, { getFormatterForField }. This argument takes the field as an argument and returns a formatter.

via #75185

Agent and package configs renamed to agent and package policies

The following Fleet (previously Ingest Manager) API routes changed:

  • /api/ingest_manager/agent_configs/* renamed to /api/fleet/agent_policies/*
  • /api/ingest_manager/package_configs/* renamed to /api/fleet/package_policies/*

All Ingest Manager routes with payload fields that were previously in reference to agent configs or package configs have been renamed to agent policies and package policies. For example configIdpolicyId, package_configspackage_policies.

The following Ingest Manager app routes changed:

  • /app/ingestManager#/configs renamed to /app/ingestManager#/policies

The following Ingest Manager settings changed:

  • xpack.ingestManager.fleet.agentConfigRolloutRateLimitIntervalMs renamed to xpack.fleet.agents.agentPolicyRolloutRateLimitIntervalMs
  • xpack.fleet.agents.agentConfigRolloutRateLimitRequestPerInterval renamed to xpack.fleet.agents.agentPolicyRolloutRateLimitRequestPerInterval

via #74914

SearchSource dependencies moved to the server

The getSearchErrorType and the SearchError class have been removed from the static exports of the data plugin’s contract. If you rely on these, copy the code directly into your plugin. The SearchError interface is still exposed.

via #74607

data.search.aggs available on the server

The search.aggs service in the data plugin is now available on the server. The usage is the same as on the client, except that a scoped saved objects client must be provided on the server to retrieve the start contract:

const savedObjectsClient = savedObjects.getScopedClient(kibanaRequest);
// `aggs.asScopedToClient` will return the same contract as is available in the browser
const aggs = await data.search.aggs.asScopedToClient(savedObjectsClient);
const allAggTypes = aggs.types.getAll();

The calculateAutoTimeExpression method was removed from the setup contract, and now only exists on the data plugin’s start contract. The method was was not used in setup elsewhere in Kibana, so it was removed for simplicity.

In addition, the agg types registry changed and now accepts a provider function, which is used to inject dependencies. This might be needed in the agg type definition, specifically a getConfig function used to retrieve uiSettings:

const getMyAgg = ({ getConfig }) =>
  new MetricAggType({
    name: 'myAgg',
    expressionName: 'myAggFunction',
    getSerializedFormat: (agg) => ({ id: 'number' }),
    params: [
      {
        name: 'someParam',
        write: (agg, output, aggs) => ({
          const queryLanguage = getConfig('search:queryLanguage');
          ...etc
        })
      }
    ],
  });

// register the agg type provider
dataSetup.search.aggs.registerMetric('myAgg', getMyAgg);

via #74472

Routes can specify the idle socket timeout

Route definitions can now specify the idleSocket timeout in addition to the payload timeout.

Resolves #73557.

via #73730

New Elasticsearch client exposed

Kibana provides the new Elasticsearch client as a part of the Elasticsearch service on the server-side. The legacy client is deprecated on and subject for removal in 7.x. Reference the migration guide to refactor your code

via #73651

Query input string manager added

This PR allows gracefully extracting of the query string state, to be consumed by other services. You can now use the data.query.state$ observable and receive all state updates in one place.

data.query.state$.subscribe((queryState: QueryState) => {...})

This PR also adds the data.query.queryString service, allowing to you set the query string programmatically.

data.query.queryString.setQuery({query: 'abc', language: 'kuery'});

via #72093

Role-based access control added to the Alerting & Action plugins

This PR allows you to assign privileges to the Alerting framework when defining your feature in Kibana. When registering your feature, you can add a list of AlertTypes under your read and all keys of the privileges object, as such:

features.registerFeature({
      id: 'alertsExample',
      name: 'alertsExample',
      app: [],
      privileges: {
        all: {
          alerting: {
            all: ['example.always-firing', 'example.people-in-space'],
          },
        },
        read: {
          alerting: {
            read: ['example.always-firing', 'example.people-in-space'],
          },
        },
      },
    });

This specifies:

  • If users AbortError granted the all privilege to the alertsExample feature, then they are also granted all privileges to the example.always-firing and example.people-in-space AlertTypes under the alertsExample consumer.
  • If users are granted the read privilege to the alertsExample feature, then they are also granted read privileges to the example.always-firing and example.people-in-space AlertTypes under the alertsExample consumer.

For example, an all user will be able to create an example.always-firing alert with the alertsExample as consumer. This will also automatically grant the user the right to create an example.always-firing alert from within Alerts management, where alerts is the consumer. This does not grant the user the ability to create an example.always-firing alert under any other consumer. For that, the specific consumer will have to grant the user explicit rights through their privilege system.

For example, if Uptime wanted to allow users to create an example.people-in-space alert inside of the Uptime solution, then they will have to do the following:

features.registerFeature({
      id: 'uptime',
      name: 'Uptime',
      app: [],
      privileges: {
        all: {
          alerting: {
            all: ['xpack.uptime.alerts.actionGroups.tls', 'example.people-in-space'],
          },
        },
        read: {
          alerting: {
            read: ['xpack.uptime.alerts.actionGroups.tls', 'example.people-in-space'],
          },
        },
      },
    });

This, assuming it’s added by Uptime, would grant uptime users the privilege to create both their own xpack.uptime.alerts.actionGroups.tls alert and the example.people-in-space alert with uptime as the consumer.

This does not allow any Uptime user with all privileges to create an example.people-in-space alert. To create an example.people-in-space alert, the Uptime user needs both all in Uptime and in AlertsExample, as we always check whether the user is privileged to execute an operation (create/enable/delete etc.) in both the alert’s consumer and its producer.

The one exception to this is when the producer is alerts, which represents a built-in AlertType, in which case we only check for consumer privileges as all users are privileged to create built-in types by definition.

via #67157

The EventLog Setup contract now exposes a registerSavedObjectProvider

The EventLog Setup contract now exposes a registerSavedObjectProvider method which can be used to register a Saved Object provider.

export interface IEventLogService {
   isEnabled(): boolean;
   isLoggingEntries(): boolean;
   isIndexingEntries(): boolean;
   registerProviderActions(provider: string, actions: string[]): void;
   isProviderActionRegistered(provider: string, action: string): boolean;
   getProviderActions(): Map<string, Set<string>>;
   registerSavedObjectProvider(type: string, provider: SavedObjectProvider): void;
   getLogger(properties: IEvent): IEventLogger;
 }

This API specifies the Saved Object type and a "provider" callback that is called whenever a new request asks for that type of Saved Object.

This example shows a provider for the alert SavedObject type, which creates a new AlertsClient for the request and returns a getter that attempts to get the SavedObject by its id.

via #73257

eventLogService.registerSavedObjectProvider('alert', (request: KibanaRequest) => {
    const client = getAlertsClientWithRequest(request);
    return (type: string, id: string) => client.get({ id });
});

The EventLog maintains a registry of each provider, and creates a getter on demand when the user actually requests an object of a certain type. An AlertsClient is only instantiated if the user requests to the events reference an Alert. Once a getter is created for a specific request, it is cached for the remainder of the lifecycle of that request. This means a single provider is used for multiple gets made by the request.

New Elasticsearch client in SO service

The SO service was refactored to use elasticsearch-js under the hood. This change might affect plugins reading the response status field from the SO error bubbled to the Solutions code because the Elasticsearch error no longer provides the status field (statusCode is still provided).

Several plugins were adjusted to check SO errors with SavedObjectsErrorHelpers. Plugins must use this because we are going to stop wrapping errors in the Boom object.

via #72289

Alerts Management now controlled via Feature Controls and privileges

If you want your plugin to grant a user access to Alerts Management, you must specify it under Management in your feature configuration:

management: {
    insightsAndAlerting: ['triggersActions'],
},

You can specify it in three places:

  • Directly on the feature. When security is disabled, this grants access to every role granted access to the Feature via Feature Controls. When security is enabled, this specifies that the feature has access to this management section and is required before you can grant this to a specific role.
  • Under the all privilege. When security is enabled, this grants access to every role granted the all privilege to the Feature via Feature Controls.
  • Under the read privilege. When security is enabled, this grants access to every role granted the read privilege to the Feature via Feature Controls.

You’re likely to have to specify this in 3 places in your plugin to cover all 3 scenarios. Although this is more verbose than before, it aligns with the rest of Kibana. It also means that the Triggers and Actions plugin no longer needs to know about each plugin that wants to gain access (which means Kibana can more easily support future alerting usage).

via #72029

API changed for creating a Jira connector

casesConfiguration was renamed to incidentConfiguration. Added optional attributeisCaseOwned.

via #73778

API changed for creating an IBM Resilient connector

casesConfiguration was renamed to incidentConfiguration. Added optional attributeisCaseOwned.

via #74357

Settings per case per connector
  • To create a case (POST <kibana host>:<port>/api/cases), you must provide a connector. Requests without a connector get a 400 Bad Request.
  • To update the connector of a case (PATCH <kibana host>:<port>/api/cases), you must provide the connector. The connector_id attribute has been removed in favor of the connector attribute.
  • To set the default connector (POST <kibana host>:<port>/api/cases/configure), you must provide a connector. The connector_id and connector_name attributes have been removed in favor of the connector attribute.
  • To update the connector’s case closure settings (PATCH <kibana host>:<port>/api/cases/configure), you must provide a connector. The connector_id and connector_name attributes have been removed in favor of the connector attribute.

via #77327

Deprecationsedit

Monitoring
  • "Internal Monitoring" deprecation warning #72020
Platform
  • The /api/status endpoint response format is now deprecated and will change in 8.0 #76054
  • These two config keys have been renamed and the old names will no longer work as of 8.0: cpu.cgroup.path.override ⇒ ops.cGroupOverrides.cpuPath and cpuacct.cgroup.path.override ⇒ ops.cGroupOverrides.cpuAcctPath #76730
Security
  • Deprecates the xpack.security.authc.providers.saml.<provider-name>.maxRedirectURLSize setting for SAML authentication #68117
Visualizations
  • In 7.0 and later, Timelion app is deprecated. In 8.0 and later, Timelion app is removed from Kibana #74660

    To prepare for the removal of Timelion app, you must migrate Timelion app worksheets to a dashboard.

    Only Timelion app is deprecated. Kibana continues to support Timelion visualizations in Dashboard, Visualize, and Canvas.

    To migrate a Timelion worksheet to a dashboard:

    1. Open the main menu, click Dashboard, then click Create dashboard.
    2. For each Timelion app worksheet, complete the following steps.

      1. On the dashboard, click Create New, then click Timelion on the New Visualization window.
      2. Open a new tab, open the Timelion app, select the chart you want to copy, then copy the chart expression.

        Timelion app chart
      3. Go to Timelion, paste the chart expression in the Timelion expression field, then click Update.

        Timelion advanced editor UI
      4. In the toolbar, click Save.
      5. On the Save visualization window, enter the visualization Title, then click Save and return.

        The Timelion visualization panel appears on the dashboard.

        Final dashboard with saved Timelion app worksheet

Breaking changesedit

Lens and visualizations
  • Deprecates schema-less specs in Vega #73805
Operations
  • The bin/kibana-plugin CLI has been updated to work with the new Kibana Platform plugin format instead of the legacy plugin format #74604
Platform
  • The legacy plugin system and the legacy plugin API have been removed. It is no longer possible to use third parties legacy Kibana plugins. Legacy plugin owners should migrate their plugins to the Kibana Platform plugin API #77599

For more information, refer to breaking changes in 7.10.

Enhancementsedit

Alerting
  • Batches the update operations in Task Manager #71470
  • Actions add proxy support #74289
  • Exempt Alerts pre 7.10 from RBAC on their Action execution until updated #75563
  • Improves performance of the authorization filter in AlertsClient.find by skipping KQL parsing #77040
  • Adds a Test Connector tab in the Connectors list #77365
  • Adds a "Test Connector" button on the Connectors List to make discovery of the Test tab easier #78746
  • The high-level search API SearchSource is now available on the server #78383
  • Adds Role Based Access-Control to the Alerting & Action plugins based on Kibana Feature Controls #67157
APM
  • Metrics-powered UI #73953
  • Uses platform history #74328
  • Immediately returns terms for unbound queries #74543
  • Implements nest level expand/collapse toggle for each span row #75259
  • Removes additional "No data" message and re-ordering charts #75399
  • Uses the outcome field to calculate the transaction error rate chart #75528
  • Improves breakdown data gaps #75534
  • UI filters: Change transaction type selector from dropdown to radio buttons #75625
  • Language-specific stacktrace formatting #75924
  • Service maps layout enhancements #76481
  • Service inventory redesign #76744
  • Shows accurate metrics for containerized applications #76768
  • Anomaly detection Settings page: Link directly to ML jobs management to filter for the select environment #77875
  • Removes max validation for transaction_max_spans #77987
  • Service maps grouped external resource nodes #78136
  • Alerting: Add global option to create all alert types #78151
  • Empty prompt and loading spinner for service map #78382
  • Adds default message to alerts. #78930
  • Persists time range between APM and other apps #79090
  • Sets service map cursors #80920
  • Persists time range across apps #79258
Dashboard
  • Lens By Value With AttributeService #77561
Discover
  • Uiactions to navigate to visualize or maps #74121
  • Supports unsigned_long fields #81115
Ingest Manager
  • Agent bulk actions UI #77690
  • Supports multiple kibana urls #75712
  • Adds upgrade action #77412
  • User experience metrics #77384
  • Uses optional registryProxyUrl setting when contacting Registry #78648
  • Upgrades Agents in Fleet #78810
  • Configures Elasticsearch output with YAML in global output settings #79019
Kibana UI
  • Elastic home page redesign #70571
  • Stacked headers and navigational search #72331
  • Kibana Overview Page #75827
  • Adds meta data and highlighting to nav search #77662
  • Creates new "Add Data" tutorials for several newly added Filebeat modules #77237
Lens and visualizations
  • Lens is GA #75574
  • Lens legend improvements #70619
  • Lens added stack as percentage #70703
  • Lens adds styling options for x and y axes #71829
  • Lens adds filters aggregation #75635
  • Lens supports drag to replace #75895
  • Lens adds histogram/range aggregation for numbers #76121
  • Lens settings panel redesign and separate settings per y axis #76373
  • Lens field stats for IP fields and scripted fields #76457
  • Adds Lens to Recently Accessed #77249
  • Navigate from discover to lens #77873
  • Lens shows runtime fields in field list and improve performance #79167
  • Drilldowns for TSVB / Vega / Timelion #74848
  • TSVB filter ratio now supports KQL #75033
  • Vega is now GA #75157
  • Uses prefix search in visualize editor’s field and aggregation select #75290
  • TSVB Markdown now handles the case when a field has key_as_string value. Common case is the value is a date string (e.x. 2020-08-21T20:36:58.000Z) or a boolean stringified value ("true"/"false"). Such a value will be first converted into a moment object and formatted with dateFormat from Kibana UI settings. If the key_as_string value is not recognized by a known format in Moments.js, a formatted value from elasticsearch will be returned #75555
  • Agg-based histograms now have auto interval option #76001
  • The search.aggs service in the data plugin is now available on the server. Usage is the same as on the client, except that a scoped saved objects client must be provided on the server in order to retrieve the start contract #74472
Logs
  • Log alerts chart previews #75296
  • Adds dataset-specific categorization warnings #75351
  • Log threshold ratio alerts #76867
  • Adds timestamp as a context variable to log threshold alerts #78932
Machine Learning
  • Adds combined job and datafeed JSON editing #72117
  • Dat frame analytics creation wizard: default destination index to job id #72758
  • Adds decision path charts to exploration results table #73561
  • Data frame analytics creation wizard: ensures user can switch back to form from JSON editor #73752
  • Adds datafeed query reset button #73958
  • Data frame analytics creation wizard: shows link to results #74025
  • Adds initial file analysis overrides #74376
  • Add ability to pass a group ID filter to job management page #74533
  • Adds memory status to data frame analytics job list #74570
  • Switching to new Elasticsearch client #74965
  • Inference models management #74978
  • Adds indicator if there are stopped partitions in categorization job wizard #75709
  • Adds Metadata and Discovery Analysis Jobs to Security Integration #76023
  • Adds option to Advanced Settings to set default time range filter for anomaly detection jobs #76347
  • Adds machine learning modules for Metrics UI Integration #76460
  • Collapsable sections on data frame analytics job result pages #76641
  • Improves client side error handling #76743
  • Adds geo point combined field to CSV import #77117
  • Adds option to create anomaly detection jobs without starting the datafeed #77484
  • Adds feature importance summary charts #78238
  • Default filter of data frame analytics results page by defaultIsTraining value in url #78303
  • Replaces use of rest_total_hits_as_int with track_total_hits #78423
  • Adds runtime fields support #78700
  • Adds ml.is_training filter to regression/classification views #78702
  • Data frame analytics creation wizard: replaces select input with job type cards with icons #78872
  • Data frame analytics results view: ensures boolean values in charts shown without formatting #78888
  • Only adjust the bounds of Single Metric Viewer if annotations are visible #79210
  • Data frame analytics creation wizard: ensures job creation possible when model memory lower than estimate #79229
  • Expandable sections for classification and regression #79414
Management
  • Empty index patterns page re-design #68819
  • Adds inspector for VEGA #70941
  • Adds links to "wait for snapshot policy" combobox that navigate to the snapshot policy creation wizard, when there no policies created yet or the value doesn’t match any existing policies #72473
  • Adds the possibility to preview the final composite of a composable template. The user will be able to see this preview from the creation or editing wizard flow, or when looking at the details of a composable template #72598
  • Refines the debugging user experience when creating or editing an ingest node pipeline in the existing Ingest Node Pipelines UI. Once a sample document(s) is provided, the pipeline is executed. The UI highlights the status of each processor, and shows the user how their sample documents change shape at each step in the pipeline #74964
  • The Data Streams tab in Index Management now allows users to view additional information for data streams #75107
  • Data tiers for 7.10 #76126
  • The mappings editor in the Index Templates UI now supports configuring the constant_keyword field type #76564
  • The mappings editor in the Index Templates UI now supports configuring the wildcard field type #76574
  • The mappings editor in the Index Templates UI now supports configuring the histogram field type. Support for the meta parameter was also added to the boolean, binary, completion, date, flattened, geo_point, numeric, range, search_as_you_type, token_count and text field types #76671
  • Time suffix for duration formatter #76729
  • The ingest node pipeline editor now has the ability to move processors into an empty tree #76885
  • The ILM UI now allows attaching a lifecycle policy to both a composable index template and a legacy index templatee #77077
  • Adds forcemerge action to hot phase with a rollover enabled #77193
  • Transforms: Extend editing and creation options #77370
  • The mappings editor in the Index Templates UI now supports configuring the point field type #77543
  • Adds an option to select a higher compression codec for force merge action in ILM #78175
  • The mappings editor in the Index Templates UI now supports configuring the version field type #78206
  • Updates transform cloning to include description and new fields #78364
  • Optimises keyboard navigation of the ingest processors component #79122
Maps
  • Auto-fits to data bounds #72129
  • Implements save and return from dashboard #74303
  • Adds initial location option that fits to data bounds #74583
  • Adds drilldown support map embeddable #75598
  • Originating App Breadcrumb #75692
  • Adds mvt support for ES doc sources #75698
  • Adds message to empty add tooltip card #75809
  • Introduces geo-threshold alerts #76285
  • Removes alias icon for Lens and Maps #76418
  • Adds deprecated message to tile_map and region_map visualizations. #77683
  • Adds super-fine option to grid/cluster layer #78201
  • Enables auto fit to bounds by default #79296
Metrics
  • Supports percentage format in threshold alerts #72701
  • Uses Notify Every in Alert Preview #74401
  • Gets custom metrics working in inventory alerts with limited UI #75073
  • Anomaly Detection setup flow for Metrics #76787
  • Adds inventory view timeline #77804
  • Adds anomalies to timeline #78602
  • Adds ability to override datafeeds and job config for partition field #78875
  • Overrides anomaly detection partition field #79214
Monitoring
  • Fixes the messaging around needing TLS enabled #72310
  • Adds loading page #75362
  • Disk usage alerting #75419
  • Design/UI improvements #76946
  • Alert Telemetry for the Security app #77200
  • Adds new elasticsearch client to telemetry plugin #78046
  • Missing data alert #78208
  • [Telemetry] Display collected security event sample #78963
  • JVM memory usage alert #79039
  • Navigational search UI metrics #79238
Operations
  • Kibana no longer needs to optimize plugins for use in the browser when a plugin is installed. This means the --optimize flag is now deprecated and does nothing now. It will be removed in 8.0 #73154
  • Docker containers now use CentOS 8.2 as the base image, upgrading from 7. #74656
  • Docker images now include CJK fonts built in #74806
Platform
  • Adds support for reading request ID from X-Opaque-Id header #71019
  • Adds Kea.js support to Enterprise Search plugin #72160
  • Adds solution-level side navigation #74705
  • Adds Workplace Search side navigation #74894
  • Adds support for version on create & bulkCreate when overwriting a document #75172
  • Monitors the Task Manager Poller and automatically recovers from failure #75420
  • Adds a new Enterprise Search overview plugin, which introduces and guides users to the App Search and Workplace Search plugins #76734
  • The deprecated Dashboard Import API (POST /api/kibana/dashboards/import) now accepts filesizes up to the savedObjects.maxImportPayloadBytes configuration which is 10MB by default #77409
Reporting
  • Reporting configuration settings for time duration values allow "time unit" strings to be specified as well as number of milliseconds. For byte size values, "byte size" strings are allowed as well as number of bytes. See the Reporting configuration documentation for more details #74202
  • Reporting/diagnostics #74314
  • Removes the light gray border around the image in PDF reports #78036
  • Increases capture.timeouts.openUrl to 1 minute #75207
Security
  • Hides management sections based on cluster/index privileges #67791
  • xpack.encryptedSavedObjects.encryptionKey can now be rotated without losing access to existing encrypted Saved Objects (alerts, actions etc.). Old key(s) can be moved to xpack.encryptedSavedObjects.keyRotation.decryptionOnlyKeys to be used only to decrypt existing objects while new or updated objects will be encrypted using new primary encryption key. Administrators can also use dedicated API endpoint /api/encrypted_saved_objects/_rotate_key to trigger re-encryption of all existing objects with a new primary key so that old keys can be safely disposed #72420
  • Groups features for space management #74151
  • Allows passwords to be visible on security screens #77394
  • Groups features for role management #78152
  • Warns users when security is not configured #78545
  • Sharing saved-objects phase 1.5 #75444
  • [Detections] Handle conflicts on alert status update #75492
  • Improves the experience when Kibana returns a 403 HTTP status code or the user tries to access a page/app they do not have access to. In those instances, a new user-friendly error page is shown. The user will get the option to go back to the page from where they came, or log in as a different user. Previously the user would just see a simple JSON document containing a short error message without the ability to do anything #75538
  • Adds EQL search strategy #78645
  • Fetches related events from the server #78780
  • [Resolver] Requests data from new event api #78782
  • Updates copy styling #79313
  • Excludes cloud alias index from our query #81551
  • Implements server-side sessions. Kibana now stores user session information in a dedicated Elasticsearch index. By default, expired and invalid sessions are cleaned from the index every hour. You can configure the cleanup interval with the xpack.security.session.cleanupInterval setting. After the upgrade, all existing sessions are invalid and users must log back in to Kibana. It’s also no longer possible to host different Kibana tenants on different ports of the same host. Although this setup worked in the past, it was discouraged because browsers share cookies across all applications hosted using the same host name, ignoring ports. Cookies are now strictly tied to a particular tenant. #68117
Uptime
  • Pings Redirects #65292
  • Uses service.name to link from Uptime → APM where available #73618
  • One click simple monitor down alert #73835
  • Singular alert #74659
  • Creates new path for client side monitoring #74740
  • Adds rum core web vitals #75685
  • Visitors by region map #77135
  • Url search #77516
  • Js errors #77919
  • Synthetics UI #77960
  • OpenTelemetry icons and data telemetry #78499
  • Adds percentile selector #78562
  • Adds core web vitals in obsv homepage #78976
  • Makes uptime ping histogram bar clickable to improve filtering #79054
  • Adds type row to monitor detail page #79556
  • Allow add alert Flyout initial values like name, tags #76906

Bug fixesedit

Alerting
  • Overwrites SOs when updating instead of partially updating #73688
  • Reloads the Alerts List when alerts are deleted #73715
  • Fixes alerting_api_integration/security_and_spaces tests failing if actions proxy set on for parallel process running using commands scripts/functional_tests_server and scripts/functional_test_runner #75232
  • Adds validation to display an error when creating index action in alert with invalid document. #75929
  • Avoids setting a default dedupKey on PagerDuty #77773
  • Fixes React warnings in Suspense usage during Alert creation #77777
  • Fixes alert add and edit flyout to not close when user clicks outside #78860
  • Fixes error in UI in the Edit Flyout for PreConfigured Connectors #78994
  • Makes savedObjectId field optional #79186
  • Renames "Built-In Alerts" feature to "Stack Alerts" and "Actions" feature to "Actions and Connectors" #79513
  • Fixes sorting of Alert Instance in Details page #80103
  • Fixes migration issue for case specific actions, by extending email action migrator checks #81673
  • Fixes docs in trigger alerting UI #75363
  • Populates alert instances view with event log data #68437
  • Displays a banner to users when some alerts have failures, added alert statuses column and filters #79038
  • Formalizes alert status and add status fields to alert saved object #75553
APM
  • Uses core.chrome to set window title #73232
  • Chart units don’t update when toggling the chart legends #74931
  • Fixes overlapping transaction names #76083
  • Avoids negative offset for error marker on timeline #76638
  • Service Map: Not Defined option doesn’t work properly #77483
  • Uses model_plot as a signal for anomaly scores #77756
  • Fixes service maps ML link zoom value #77841
  • Fixes APM header wrapping #78845
  • Catches health status error from ML #80131
  • Hides service if only data is from ML #80145
  • Fixes link to trace #80993
  • Service map handle timeout with messaging #82083
  • Scale transaction rate correctly #82155
Dashboard
  • Sample data link does not work #75262
  • Stores Expanded Panel Id in URL #78684
  • Fixes embeddable title and description for reporting and dashboard tooltip #78767
  • Fixes apps break on unrestorable session state in URL #74264
Discover
  • Converts legacy sort to be compatible with multi sort #76986
  • Context - Fix bug when document id contains a slash #77435
  • Makes _source field not clickable #78698
  • "View surrounding documents" encodes spaces in filters #79283
  • Should not visualize unknown/conflict type fields #81311
Ingest Manager
  • Fixes removing ingest pipelines from elasticsearch #75092
  • Installs previous version of package if update fails #76694
  • Agent Policy names are unique #79201
  • Index pattern installation uses requested package version #80079
  • Removes fields from index pattern during package uninstall #80082
  • Allows default packages to be deleted from the default agent policy #81535
Kibana UI
  • Removes duplicate string in search dropdown #77429
Lens and visualizations
  • Lens fixes inconsistencies when switching with empty layer #72809
  • Lens fixes bug in saving #74483
  • Lens fixes table sorting bug #74902
  • Lens fixes rollup related bugs #75314
  • Lens fixes dimension popover design on mobile #75866
  • Shows meta field data in Lens #77210
  • Lens fixes unclear UI for bucket aggregation grouping order #77331
  • Lens handles missing fields gracefully #78173
  • Lens removes Over time suggestions for numeric intervals #78442
  • Lens fixes display of multiple un-stacked bar series #78525
  • Lens prevents values outside of range for number of top values #78734
  • Lens fixes empty callout for empty/meta fields accordion #79429
  • Lens fixes debouncing in visualization settings UI #79625
  • Lens fixes chart switching for XY charts #80297
  • Lens fixes URL query loss on redirect #81475
  • TSVB fixes inaccurate Group By #73683
  • TSVB ffixes bug on TopN weird behavior with zero values #74942
  • TSVB fixes panel updates with back button #75896
  • TSVB allows string fields on value count aggregation #79267
  • Prevents pageload on TSVB drilldown #78005
  • Data table fixes download filename when using split table #74231
  • Bar chart fixes rendering of non-stacked bar #74930
  • Bar chart fixes overlapping percentiles #75315
  • Fix crash in input controls if index pattern is not available #79431
  • Vega fixes unexpected change in autosizing behavior post upgrade #77408
  • Timelion hides app from search results when the setting is disabled #77763
  • In some old TSVB visualization saved objects, queries and filters can be stored. This is not possible anymore for a while and there is no way to edit them besides changing the JSON of the saved object, but they were still applied to the rendered output. In 7.10, these leftover queries and filters will be removed automatically from the saved object. In almost all cases, no change is necessary. If a visualization contained these local queries and filters deliberately, they should be converted to panel filters in the "Panel options" of the TSVB interface #75137
Logs
  • Returns 403s rather than 500s for ML privilege errors #74506
  • Correctly filters for log rate anomaly examples with missing dataset #76775
  • Fixes logs permissions for alert management #81199
Machine Learning
  • Updates broken job config callout error #75481
  • Replaces all use of date_histogram interval with fixed_interval #76876
  • Data frame analytics creation wizard: Fixes field loading race condition #77326
  • Improves calendar ics file parsing #78986
  • Data frame analytics creation wizard: Resolves clone usability issues #79048
  • Fixes jobs so it limit job menu actions for jobs that are closing #79303
  • Data frame analytics: Ensures clear error when index pattern missing #79378
  • Avoids full page reload for links following CSV import #79539
  • Classification results: Ensures confusion matrix doesn’t span full width #79790
  • Fixes anomaly detection jobs list load if call to load job messages fails #79792
  • Sends secondary auth headers to _explain #79814
  • Fixes job selection flyout #79850
  • Datagrid: Ensures column content with boolean schema is not capitalized #80041
  • Fixes Anomaly Explorer charts time range to obey time picker range #80317
  • Data frame analytics results: Ensures boolean values in confusion matrix are not capitalized #80350
  • Fixes values for decision path not showing correctly for regression due to rounding #80555
  • Fixes regression with some links not opening in new tab #80785
  • Fixes callout message for total feature importance #80881
  • Fixes exclude frequent in advanced wizard #81121
Management
  • Fixes the copy of the success notification that displays after creating or saving a watch #73982
  • Data frame analytics / Transforms: Fixes job row actions menu invalid DOM nesting warning #74499
  • Transforms: Unset doc title when app unmounts #75539
  • Fixes a bug in Snapshot and Restore when creating a Snapshot Lifecycle Management policy, where the form could become locked if the user enter an invalid value and navigated to a previous step #76540
  • The mappings editor in Index Management now supports configuring the positive_score_impact parameter for the rank_feature field type #76824
  • Transforms: Fixes styling of preview grid pagination in summary step #77789
  • Fixes a bug in the index template wizard, which resulted in an incorrect validation error when a user toggles between the dynamic templates and advanced settings tabs without providing any values #78707
  • Checks for source indexPattern before opening clone wizard #79383
  • Fixes an issue when editing the mappings of an index template and selecting the "Other" type #79434
  • Transforms/Data frame analytics: Fixes data grid column sorting. #80618
  • Transforms: Fixes tab ids for expanded row. #80666
  • Fixes package upgrade breaking after first rollover before new data has arrived #79887
Maps
  • Fixes swap hidden/show icons in layer action panel #74549
  • Fixes double fetch when filters are modified #74893
  • Fixes read only badge is no longer shown in nav for users with read-only permission #76091
  • Fixes Hotlink for EMS-add-data card do not working #76110
  • Removes obsolete link #76419
  • Exposes map title and description to reporting and embeddable container #79325
  • Uses default format when proxying EMS-files #79760
  • Fixes refreshing the page causes loss of unsaved change #81226
  • Fixes top-level Map page is called Kibana #81238
  • Fixes auto-refresh not auto fitting to bounds #81251
  • Adds layer type preview icons #78650
  • GeoJSON datasets #192
Metrics
  • Fixes inventory footer misalignment #74707
  • Displays No Data context.values as [NO DATA] #78038
  • Fixes a Chrome bug with Inventory View flickering at certain sizes #81514
Monitoring
  • Ensures setup mode works on cloud but only for alerts #73127
  • Fixes cluster link from cluster listing page #75016
  • Only show Opt-In banner when user can change settings #76883
  • Fixes dead links #78696
  • Fixes cluster listing page in how it handles global state #78979
  • Ensures alerting is optional #79168
  • Adds in cluster version number for sec telemetry sender #80545
  • Fixes sorting of alerts #80546
  • Fixes a couple of issues with the cpu usage alert #80737
  • Fixes alert defaults #81207
  • Ensures some data is returned #81375
Platform
  • Simplifies buffer tests to reduce flakiness #73024
  • Handles case where buffer receives multiple entities with the same ID #74943
  • Time out work when it overruns in poller #74980
  • Fixes a bug that caused some applications to not correctly render when a trailing slash was included at the end of their URLs #75074
  • Prevents Task Manager from trying to claim invalid tasks #76891
  • Leverages original http request error #79831
  • Supports special characters in ES password #81564
Querying & Filtering
  • Fixes warning text doesn’t get displayed on filters with custom filter name #78617
Reporting
  • Allows any hostname for chromium proxy bypass #74693
  • Fixes an issue with CSV Export where a job could fail if clearing the scroll ID failed in Elasticsearch #76014
  • Fixes a bug where the downloading CSV from a saved search in a dashboard panel had no file name if the dashboard panels were hidden #76031
  • Fixes the reporting exports to use the correct Space for advanced settings #76998
  • Fixes a problem in the list of Reports jobs in Management would not refresh with the correct items immediately after deleting a report from the listing #78516
Security
  • Displays useful error when role creation fails #77600
  • Previously when user started SAML or OpenID authentication handshake, but didn’t or couldn’t finish it they weren’t able to access Login Selector easily (e.g. to log in with another authentication provider) unless they used /login URL directly or manually cleared the session cookies. That was a very confusing user experience. The reason was that unauthenticated intermediate session that was created to support handshake forced Kibana to automatically restart the same handshake whenever user accessed Kibana. We fixed that and now in certain cases we ignore unauthenticated intermediate session allowing user to easily access Login Selector whenever they need it #79300
  • Kibana can now properly handle values for xpack.security.session.idleTimeout and xpack.security.session.lifespan that are larger than ~24 days #79858
  • Properly encodes links to edit user page #81562
  • Fixes display of multiple roles in table views #81603
  • Node list and node detail tests #74421
  • Improves simulator. Add more click-through tests and panel tests. #74601
  • [Detections] Refactors signal ancestry to allow multiple parents #76531
  • Fixes for the Ticket 78375 #79004
  • Resolver Tree Events tests #79344
  • Adds the correct class to truncate the names in Endpoint list #79921
  • [Detections] Fixes remaining render and validation bug with query preview + tests #80110
  • New events resolver #80850
  • enable_APM-ci branch fixes #81658
Sharing
  • Uses App Title for Display Instead of App Id #75457
Spaces
  • Fixes infinite loading spinner on the spaces selector screen. In the case an error occurs while trying to load the spaces that the current user has access to, an error message will now be shown instead of the loading spinner #79471
Uptime
  • Ml anomaly alert edit #76909
  • Removes custom handling of license enabling #82019