Kibana 7.8.0edit

For information about the Kibana 7.8.0 release, review the following information.

Breaking changesedit

Breaking changes can prevent your application from optimal operation and performance. Before you upgrade to 7.8.0, review the breaking changes, then mitigate the impact to your application.

Breaking changes for usersedit

Metrics alerts action messaging refactored to report on the no data stateedit

Metrics alerts no longer expose context.valueOf, context.metricOf, or context.thresholdOf to action messages. These variables are replaced by context.reason. This variable explains the reason that the alert fired and automatically includes the metric, threshold, and current value of all configured conditions.

Alerts configured in 7.7 still function as normal, but their action messages might no longer provide useful information and must be reconfigured. The new default action message will show an example of how to use context.reason.

via #64365

Panels removed from the URL in dashboard view modeedit

In dashboard in view mode, .panels are no longer synced with the URL.

This fixes the Back button when navigating between dashboards using drilldowns.

via #62415

Breaking changes for plugin developersedit

The actions API endpoint changed

The following action plugin REST APIs changed so that they are consistent with the Kibana styleguide.

  • GET /api/action/_getAllGET /api/actions
  • GET /api/action/typesGET /api/actions/list_action_types
  • POST /api/actionPOST /api/actions/action
  • GET /api/action/{id}GET /api/actions/action/{id}
  • PUT /api/action/{id}PUT /api/actions/action/{id}
  • DELETE /api/action/{id}DELETE /api/actions/action/{id}
  • POST /api/action/{id}/_executePOST /api/actions/action/{id}/_execute

via #65936

Canvas applications now run on the new Kibana platform

Any existing user-created plugins that extend Canvas functionality must also move to the Kibana Platform to continue extending Canvas.

via #64831

The filter function uses filterType instead of type

If you used the type argument of the filter function, you now must use filterType instead.

Old code:

filter type={...} | ...

New code:

filter filterType={...} | ...

The type field is used internally by the expression interpreter to discriminate between the different values it passes between functions. The filter function was the only function that exposed this field to users. After this change, all expression values will consistently use type to determine a type of expression value.

via #64215

Calling navigateToApp to a legacy app redirects to full path

Calling core.application.navigateToApp to a legacy application now retains the path specified.

via #65112

The legacy aggs APIs were removed

The following legacy aggs APIs from the data plugin search service have been removed because they are no longer in use:;;;;;;;

Additionally, the following unused static exports have been removed:

IAggGroupNames, // renamed to AggGroupName
OptionedParamEditorProps, // moved to vis_default_editor
search.aggs.aggGroupNamesMap, // renamed to AggGroupLabels

via #64719

Applications are now allowed to define and update a defaultPath

Kibana platform applications can now define and update the defaultPath to use when navigating to them from another application or from the navigation bar.

    id: 'my-app',
    // ...
    defaultPath: '/some-path',
const appUpdater = new BehaviorSubject<AppUpdater>(() => ({}));
    id: 'my-app',
    // ...
    updater$: appUpdater,

// later => ({ defaultPath: '/some-updated-path' }));

via #64498

Static assets are now served under a release-specific URL

Kibana static assets are now served under a release-specific URL with long-term caching headers Cache-Control: max-age=31536000.





via #64414

Example plugins are now allowed in X-Pack

Kibana developers can now create example plugins in X-Pack—create your plugin in /x-pack/examples folder and start Kibana with:

yarn start --run-examples

via #63823

action.getHref() has improvements for drilldowns

getHref on Action interfaces in the uiActions plugin is now async. getHref is now used only to support right click behavior. execute() takes control on regular click.

via #63228

State syncing utils now support ScopedHistory

State syncing utils now seamlessly support the platform’s ScopedHistory.

via #62761

Configuration properties were removed from TSVB

When the TSVB visualization was added to Kibana, two configuration properties were declared: chartResolution and minimumBucketSize. No one used these properties, and an implementation has not been added. The chartResolution and minimumBucketSize are now marked as deprecated configuration properties for TSVB.

via #62543

The HttpResources service is available for responding to requests

If your server-side plugin needs to respond to an incoming request with the HTML page bootstrapping Kibana client app, a custom HTML page, or a custom JS script, you can use the HttpResources service.

httpResources.register({ path: 'my_app', validate: false }, (context, req, res) =>

httpResources.register({ path: 'my_app/foo', validate: false }, (context, req, res) =>
  res.renderHtml({ body: '<html><p>Hi</p></html>' })

httpResources.register({ path: 'my_app/bar', validate: false }, (context, req, res) =>
  res.renderJs({ body: 'alert(...);'})

via #61797

The legacy embeddable_api plugin has been removed

The legacy embeddable_api plugin in src/legacy/core_plugins/embeddable_api has been removed in favor of the embeddable plugin in the new Kibana Platform. If you used the embeddable_api in 7.7, you already used the new embeddable plugin API, which was re-exported from the legacy platform as a convenience.

As of 7.8, you must update your imports to pull everything from the new location:

// for types & static imports
- import { ViewMode } from '../../../src/legacy/core_plugins/embeddable_api/public/np_ready/public';
+ import { ViewMode } from '../../../src/plugins/embeddable/public';

// for runtime APIs in legacy platform plugins
- import { start } from '../../../src/legacy/core_plugins/embeddable_api/public/np_ready/public/legacy';
+ import { npStart } from 'ui/new_platform';
+ const { embeddable } = npStart.plugins;

// for runtime APIs in new platform plugins
- import { start } from '../../../src/legacy/core_plugins/embeddable_api/public/np_ready/public/legacy';
+ class MyPlugin {
+  start(core, { embeddable }) {
+    ...
+  }
+ }

For plugins using the legacy platform, you also must remove the embeddable_api from your list of required plugins in your plugin’s index.ts:

export default function MyPlugin(kibana: any) {
  const config: Legacy.PluginSpecOptions = {
    id: 'my_plugin',
-    require: ['kibana', 'elasticsearch', 'embeddable_api'],
+    require: ['kibana', 'elasticsearch'],
  return new kibana.Plugin(config);

For plugins using the new Kibana platform, make sure to list embeddable as either a required or optional dependency in your kibana.json:

  "id": "my_plugin",
-  "requiredPlugins": [],
+  "requiredPlugins": ["embeddable"],
  "optionalPlugins": [],
  "server": true,
  "ui": true

via #61767

src/legacy/server/index_patterns has moved to data plugin

The legacy folder src/legacy/server/index_patterns has been deleted. The corresponding code was previously moved to the new platform.

For more information on where to locate new platform data services, refer to the plugins for shared application services in src/core/

via #61618

Static assets are now served from the new platform

The Kibana Platform serves plugin static assets from the my_plugin/public/assets folder. No additional configuration is required.

via #60490

Connectors have been refactored

The API changed to support executor actions. The supported actions are pushToService, handshake, and getIncident. This change implements only the pushToService action.

The following response fields have changed:

  • incidentId changed to id.
  • number changed to title.

Create an incident to ServiceNow

When the incidentId attribute is not in actionParams, the executor will create the incident.

Endpoint: api/action/<action_id>/_execute
Method: POST


    "params": {
        "action": "pushToService",
        "actionParams": {
	    	"caseId": "d4387ac5-0899-4dc2-bbfa-0dd605c934aa",
	        "title": "A new incident",
	        "description": "A description",
	        "comments": [
	                "commentId": "b5b4c4d0-574e-11ea-9e2e-21b90f8a9631",
	                "version": "WzU3LDFd",
	                "comment": "A comment"


    "status": "ok",
    "actionId": "f631be57-0a59-4e28-8833-16fc3b309374",
    "data": {
        "id": "7d7aad9c072fc0100e48fbbf7c1ed0c2",
        "title": "INC0010044",
        "pushedDate": "2020-03-10T13:02:59.000Z",
        "comments": [
                "commentId": "b5b4c4d0-574e-11ea-9e2e-21b90f8a9631",
                "pushedDate": "2020-03-10T13:03:00.000Z"

Update an incident to ServiceNow

When the incidentId attribute is in actionParams, the executor will update the incident.

Endpoint: api/action/<action_id>/_execute
Method: POST


    "params": {
        "action": "pushToService",
	    "actionParmas": {
			"caseId": "d4387ac5-0899-4dc2-bbfa-0dd605c934aa",
	        "incidentId": "7d7aad9c072fc0100e48fbbf7c1ed0c2"
	        "title": "A new incident",
	        "description": "A description",
	        "comments": [
	                "commentId": "b5b4c4d0-574e-11ea-9e2e-21b90f8a9631",
	                "version": "WzU3LDFd",
	                "comment": "A comment"


    "status": "ok",
    "actionId": "f631be57-0a59-4e28-8833-16fc3b309374",
    "data": {
        "id": "7d7aad9c072fc0100e48fbbf7c1ed0c2",
        "title": "INC0010044",
        "pushedDate": "2020-03-10T13:02:59.000Z",
        "comments": [
                "commentId": "b5b4c4d0-574e-11ea-9e2e-21b90f8a9631",
                "pushedDate": "2020-03-10T13:03:00.000Z"

via #63450

Known issueedit

  • When you duplicate a rule with a deleted action connector, the duplication fails #69142


  • Adds query support to the Event Log #62015
  • Removes edit alert button from alerts list #64643
  • Implements actions server API for supporting preconfigured connectors #62382
  • Adds UI for pre-configured connectors. #63074
  • Adda new Service map external icons #63844
  • Improves the selected node style #64279
  • Adds tooltip explaining Group ID #60425
  • Uses navigateToApp for infra/metrics/uptime links #65712
  • Observability real user monitoring solution layer #64949
  • Spans reparenting to support inferred spans #63695
  • Marks an Agent configuration as applied without etag attribute #63967
  • Agent remote config validation for Java agent configs #63956
  • Annotations API #64796
  • Adds Error Exception Type Column #59596
  • Service map anomaly indicators #64718
  • Adds Top Menu #59982
  • Adds refresh and autoplay options to view menu #64375
  • Adds edit menu #64738
  • Reduces report generation time by re-using headless browser page in background #63301
  • Adds duplicate panel feature #61367
  • Return to dashboard after editing embeddable #62865
Lens and visualizations
  • Triggers a filter action on click in datatable visualization #63840
  • Enables include/exclude in Terms agg for numeric fields #59425
  • Allows user to drag and select a subset of the timeline in the chart (aka brush interaction) #62636
  • Uses default Kibana palette for split series #62241
  • Removes duplicate refresh button from vis editor menu #63633
  • Binds all time fields to the time picker #63874
  • Uses Top 5 instead of Top 3 for first suggestion #64726
  • Adds pie and treemap charts #55477
Machine Learning
  • Wizards with dynamic model memory estimation #60888
  • Shows better file structure finder explanations #62316
  • Adds configurable file size to file data visualizer #62752, #63502, #64427
  • Lists global calendars on the job management page #63124
  • Improves parsing of large uploaded files #62970
  • Enables mml estimation in data recognizer module setup #64900
  • Updates memory estimate after adding exclude fields #62850
  • Replaces table with data grid #63650 and #63757
  • Fixes feature importance #61761
  • Adds embeddable anomaly swimlane #65180
  • Improves progress reporting for analytics jobs #65305
  • Adds Ingest Node Pipelines UI #62321
  • Adds Transforms single column wizard #64436
  • Edits transform flyout #65033
  • Adds docs_per_second to transform edit form #65365
  • Separates layer wizards for Clusters and heatmap #60870
  • Allows updating requestType for ESGeoGridSource #62365
  • Adds date-fields to metrics selection #62629
  • Shows create filter button for top-term tooltip property #62461
  • Turns on blended layer for geojson upload #63200
  • Updates geospatial filters to use geo_shape query for geo_point fields #62966
  • Min and max zoom map settings #63714
  • Shows spatial filters on map to provide context when for active filters #63406
  • Fits geo_shape to bounds #64303
  • Disables edit layer button when flyout is open for add layer or map settings #64230
  • Do not display EMS or Kibana layer wizards when not configured #64554
  • Initial location map settings #64336
  • Adds categorical palettes with 20 and 30 categories #64701
  • Adds oil rig icon from @elastic/maki #64364
  • Highlights selected layer in TOC #61510
  • Adds global fit to data #64702
  • View log in context modal #62198
  • Refreshes the design for Inventory View, Episode 1 #64026
  • Adds Charts to Alert Conditions #64384
  • Adds 99th and 95th percentiles to Metric Explorer #64699
  • Adds category data quality warning based on ML job stats #60551
  • Adds dataset filter to ML module setup screen #64470
  • Alerting #62806
  • Enhances Alerts management page #64654
  • Adds inventory metric threshold alerts #64292
  • Adds outside range comparator #63993
  • Uses brotli compression for some KP assets #64367
  • Adds a new config flag to encode with BOM for our CSVs #63006
  • Adds config flag to escape formula CSV values #63645
  • Every provider can now be configured with the access agreement message (markdown syntax) that will be presented to the users after login. Users won’t be able to use Kibana until they acknowledge this agreement #63563
  • Login Selector UI was refined and can now offer much more customization options #64142
  • Enhances threat hunting for Filter for/out value, Show top field, Copy to Clipboard, Draggable chart legends #61207
  • Adds drag between ANDs in timeline queries / add to timeline #65228
  • Creates template timeline #63136
  • Adds lists feature flag and list values to the REST interfaces #60171
  • Adds an error aggregator by error reason and a way to filter them #63513
  • Adds large list support using REST endpoints #62552
  • Server cutover to New Platform #63430
  • Updates list values in REST interfaces #62320
  • Updates KQL/Lucene search to include lists exceptions #63264
  • Updates rule.lists to be rule.exceptions_list #63717
  • Moves All Rules tabs to match other tabs UI #63920
  • Minor updates to monitoring table with unit tests #64020
  • Moves jira to a gold license #67178
  • Adds cert API request and runtime type checking #63062
  • Updates TLS settings #64111
  • TLS alerting #63913
  • Adds new nav #64018
  • Certificate expiration threshold settings #63682
  • Certificates page #64059
  • Filters in create alert flyout #64753
  • Moves status filter to monitor list #65049

Bug fixesedit

  • TaskManager tasks scheduled without attempting to run #62078
  • Only fetching TaskManager’s available tasks once per call to fillPool #61991
  • Restores migrations of old tasks in TM #65978
  • Fixes pre-configured docs link points to the wrong page and functional tests configs #68606
  • Custom links section inside the Actions menu is showing outside of the menu #65428
  • Removes link from active page in the breadcrumb #65473
  • Agent configuration: Bug makes it possible to create invalid configurations #65508
  • Scope APM alert creation to environment #65681
  • Cannot click through to details of an error on the waterfall page if the error is missing #66386
  • Removes service maps badge row and num instances in popover #65492
  • Handle ML integration when ML is disabled #66158
  • Fixes Enable watcher error reports 400 error #68465
  • Updates apm index pattern #65424
  • Ensures that /api/apm/security/indices_privileges doesn’t fail when security is disabled #64627
  • Fixes query bar Japanese translation #68037
  • Service map fix focused node edges on unselect #63655
  • Fixes duplicate index patterns #64883
  • Bug/pagination enabled empty workpad #62050
  • Improves dashboard loading error handling #66372
  • Adds max-height to recently viewed links #66297
  • match_all query disappears when typed into Lucene query bar #62194
  • KQL removes leading zero and breaks query #62748
  • Shows doc viewer action buttons on focus #64912
  • Fixes renaming of saved search not displayed in breadcrumb #67577
  • Replaces EuiTooltip by native title for better performance #68280
  • Clicking cancel in saved query save modal doesn’t close it #62774
  • Changes the copy from blacklist to blocklist #65419
Kibana UI
  • Updates home link click handler #68132
  • Updates Canvas location in nav #65519
  • Fixes Recently Viewed links allowing them to close the nav when clicked #66280
Lens and visualizations
  • Fixes redirect after reload #66328
  • Auto interval on date histogram is getting displayed as timestamp per… #59171
  • Fixes visualize and lens telemetry #67749
  • Removes redundant formatting of percentage column #64948
  • Uses correct text color in metric vis on dark background #67481
  • Fixes the problem on adding color rules #67763
  • Fixes bug where suggestions didn’t use filters #63293
  • Only show copy on save for previously saved docs #63535
  • Fixes escaping of field names #63509
  • Makes average the default metric when dragging a field directly #63416
  • Fixes bug in field list when _source contained fields with dots #63752
  • Allows table to scroll horizontally #63805
  • Migrates timelion vis #62819
  • TSVB Validation fix color rule validation #67759
Machine Learning
  • Fixes the limit control on the Anomaly explorer page #65459
  • Hides selector helper in Anomaly Explorer swimlane #65522
  • Fixes dashboard URLs for auditbeat module #65707
  • Fixes vertical overflow on Single Metric Viewer page #66413
  • Catches unknown index pattern errors #61935
  • Disables data frame anaylics clone button based on permission #64830
  • Disables calendar all job switch #65635
  • Shows warning when the model memory limit is higher than the memory available in the ML node #65652
  • Removes assignment_explanation when cloning job #68226
  • Ensures at least one field is included in analysis before data frame analytics job is created #65320
  • Anomaly Explorer: if filter includes wildcard ensure matching swimlanes are not masked #65384
  • Fixes reordering in view by swimlane when overall cell selected #65290
  • Fixes anomaly charts for rare detectors when model plot is enabled #66075
  • Adds job timing stats to anomaly jobs #65696
  • Fixes anomaly dot plotted in wrong location in Single Metric Viewer #66071
  • Fixes error when deleting snapshots behind reverse proxy #66147
  • Fixes bug when editing retention of slm policy #67137
  • Fixes fetch policies query #67827
  • Adds missing time unit labels #68205
  • Fixes pagination bugs in CCR and Remote Clusters #65931
  • Cleans up doc title when navigating away from Snapshot Restore #67906
  • Fixes boolean cell values in analytics table result views and transforms wizard #62618
  • Index pattern management - field list - localization functions returning empty strings #64055
  • Fixes replaceLayerList to handle case where map is not intialized #62202
  • Safely handles empty string and invalid strings from EuiColorPicker #62507
  • Do not show circle border when symbol size is zero #62644
  • Fixes attribution overflow with exit full screen button #62699
  • Creates NOT EXISTS filter for tooltip property with no value #62849
  • Fixes bug where toggling Scaling type does not re-fetch data #63326
  • Fixes double fetch when filter pill is added #63024
  • Fixes term join agg key collision #63324
  • Fixes date labels #63909
  • Removes SLA percentage metric #65718
  • Removes dateline check for geo_shape queries, split geo_bounding_box queries that cross dateline into 2 boxes #64598
  • Handles case where fit to bounds does not match any documents #66307
  • Returns bounding box for static feature collection without joins #66607
  • Fixes legend icon color for custom categorial palettes #67141
  • Disables search bar when live stream is on #65491
  • Ensures live stream always gets latest entries #67935
  • Fixes time picker layout issues on Inventory View #66094
  • Fixes validation for threshold values #66281
  • Prevents component errors from breaking the whole UI #65456
  • Fixes mistake in container ip field name #66198
  • Fixes time state bug #67630
  • Require filterQuery to be ES JSON #64937
  • Debounce onChange in alert creation UI #65167
  • Fixes default metric alert interval for new conditions #66610
  • Fixes inconsistent search behaviour in Advanced Settings #64510
  • SavedObjects bulkCreate API should return migrationVersion and strip the type & namespace from the id #65150
  • Fixes task manager cancel warning #63756
  • New Kibana app link order #67991
  • Fix authentication loop when upgrading Kibana from 6.8 to 7.7+ #67687
  • Previously, users couldn’t log in with SAML Identity Provider Initiated flow (e.g. from Okta Dashboard) if they already had an existing, but expired session. Now it should be possible #59686
  • Fixes EncryptedSavedObjectsClientWrapper fails on stripEncryptedAttributes for saved object with errors #61385
  • Adds username/password validation to login form #60681
  • Fixes import bug with non existent signals index #65595
  • Restricts ML rule modification to ML Admins #65583
  • Fixes timeline buildGlobalQuery #68320
  • Refreshes index and also show more info to user regarding index/data #62606
  • Updates uptime ml job id to limit to 64 char #64394
  • Enables deselection of stale filters #65523
  • Unmounts uptime app properly #66950


  • Deprecates IE11 support #66512
  • Deprecates Kibana user in favor of kibana_system user #63186