Kibana 7.9.0edit

For information about the Kibana 7.9.0 release, review the following information.

Breaking changesedit

Breaking changes can prevent your application from optimal operation and performance. Before you upgrade to 7.9.0, review the breaking changes, then mitigate the impact to your application.

Breaking changes for usersedit

kibana.keystore moved from the data folder to the config folderedit

kibana.keystore has moved from the configured folder to <root>/config for archive distributions and /etc/kibana for package distributions. If a pre-existing keystore exists in the data directory, that path will continue to be used.

via #57856

Breaking changes for plugin developersedit

aborted$ event fixed and completed$ event added to KibanaRequest

The$ Observable will now properly wait for the response to be sent before completing.

A new$ API is available that will emit once a request has been completely handled or aborted.

via #73898

The Management API has a new interface

A public setup contract has been reduced to just register. A new interface, sections, which is a map of management sections provided by the plugin, replaces getSection. Public start interfaces have been removed as all registration should occur in the setup lifecycle.

via #71144

Filters from fields with no values are now allowed

Kibana now allows the creation of filters from fields with a null or undefined value.

via #70936

The onPreAuth and onPreRouting http interceptors are now separate

The onPreAuth interceptor has been renamed to onPreRouting to better reflect its place in the execution order—it is now called right before the route lookup step. A new onPreAuth interceptor is executed before the Auth lifecycle step, but after the onPreRouting step.

via #70775

The Metrics API moved to start

The Metric service API exposed from the setup contract has been moved to the start lifecycle.

via #69787

fieldFormats removed from AggConfig and AggConfigs

AggConfig has been updated to no longer return a field format instance for the field it is aggregating on. As a result, the fieldFormatter and fieldOwnFormatter methods have been removed. Additionally, the getFormat method has been removed from each individual agg type.

If you need to access a field format instance, use the newly-added AggConfig.toSerializedFieldFormat or AggType.toSerializedFormat to retrieve the serializable representation of the field’s format, and then pass it to the deserialize method from the field formats service to get the actual format instance.

class MyPlugin {
  async start(core, { data }) {
    const { indexPatterns, fieldFormats, search } = data;
    const indexPattern = await indexPatterns.get('myId');
    const agg = {
      type: 'terms',
      params: { field: 'machine.os.keyword' },
    const aggConfigs = search.aggs.createAggConfigs(indexPattern, [agg]);
    const termsAgg = aggConfigs.aggs[0];
-    const formatter = termsAgg.type.getFormat(termsAgg);
-    // or
-    const formatter = termsAgg.fieldFormatter('text');
+    const formatter = fieldFormats.deserialize(termsAgg.toSerializedFieldFormat());
+    // or
+    const formatter = fieldFormats.deserialize(termsAgg.type.getSerializedFormat(termsAgg));
     const formattedValue = formatter.convert('myValue');

In addition, the legacy formatting helpers that were exported from ui/visualize/loader/pipeline_helpers/utilities have been removed. If your plugin imports from this directory, please update your code to use the fieldFormats service directly.

via #69762

New API adds support for migrations for an EncryptedSavedObject

A new createMigration API on the EncryptedSavedObjectsPluginSetup facilitates defining a migration for an EncryptedSavedObject type.

Defining migrations

EncryptedSavedObjects rely on standard SavedObject migrations, but due to the additional complexity introduced by the need to decrypt and reencrypt the migrated document, there are some caveats to how we support this. Most of this complexity is abstracted away by the plugin, and all you need to do is leverage our API.

The EncryptedSavedObjects Plugin SetupContract exposes a createMigration API that facilitates defining a migration for your EncryptedSavedObject type.

The createMigration function takes four arguments:

Argument Description Type


A predicate that is called for each document, prior to being decrypted, which confirms whether a document requires migration or not. This predicate is important as the decryption step is costly, and we would rather not decrypt and re-encrypt a document if we can avoid it.



A migration function which will migrate each decrypted document from the old shape to the new one.



Optional. An EncryptedSavedObjectTypeRegistration which describes the ESOType of the input (the document prior to migration). If this type isn’t provided, we’ll assume the input doc follows the registered type.



Optional. An EncryptedSavedObjectTypeRegistration which describes the ESOType of the output (the document after migration). If this type isn’t provided, we’ll assume the migrated doc follows the registered type.


Example: Migrating a Value

  type: 'alert',
  attributesToEncrypt: new Set(['apiKey']),
  attributesToExcludeFromAAD: new Set(['mutedInstanceIds', 'updatedBy']),

const migration790 = encryptedSavedObjects.createMigration<RawAlert, RawAlert>(
  function shouldBeMigrated(doc): doc is SavedObjectUnsanitizedDoc<RawAlert> {
    return doc.consumer === 'alerting' || doc.consumer === undefined;
  (doc: SavedObjectUnsanitizedDoc<RawAlert>): SavedObjectUnsanitizedDoc<RawAlert> => {
    const {
      attributes: { consumer },
    } = doc;
    return {
      attributes: {
        consumer: consumer === 'alerting' || !consumer ? 'alerts' : consumer,

In the above example, you can see the following:

  • In shouldBeMigrated, we limit the migrated alerts to those whose consumer field equals alerting or is undefined.
  • In the migration function, we migrate the value of consumer to the value we want (alerts or unknown, depending on the current value). In this function, we can assume that only documents with a consumer of alerting or undefined will be passed in, but it’s still safest not to, and so we use the current consumer as the default when needed.
  • Note that we haven’t passed in any type definitions. This is because we can rely on the registered type, as the migration is changing a value and not the shape of the object.

An EncryptedSavedObject migration is a normal SavedObjects migration, so we can plug it into the underlying SavedObject just like any other kind of migration:

    name: 'alert',
    hidden: true,
    namespaceType: 'single',
    migrations: {
        // apply this migration in 7.9.0
       '7.9.0': migration790,
    mappings: {

Example: Migating a Type

If your migration needs to change the type, for example, by removing an encrypted field, you will have to specify the legacy type for the input.

  type: 'alert',
  attributesToEncrypt: new Set(['apiKey']),
  attributesToExcludeFromAAD: new Set(['mutedInstanceIds', 'updatedBy']),

const migration790 = encryptedSavedObjects.createMigration<RawAlert, RawAlert>(
  function shouldBeMigrated(doc): doc is SavedObjectUnsanitizedDoc<RawAlert> {
    return doc.consumer === 'alerting' || doc.consumer === undefined;
  (doc: SavedObjectUnsanitizedDoc<RawAlert>): SavedObjectUnsanitizedDoc<RawAlert> => {
    const {
      attributes: { legacyEncryptedField, ...attributes },
    } = doc;
    return {
      attributes: {
    type: 'alert',
    attributesToEncrypt: new Set(['apiKey', 'legacyEncryptedField']),
    attributesToExcludeFromAAD: new Set(['mutedInstanceIds', 'updatedBy']),

This example shows how we provide a legacy type that describes the input that needs to be decrypted. The migration function will default to using the registered type to encrypt the migrated document after the migration is applied.

If you need to migrate between two legacy types, you can specify both types at once:

  type: 'alert',
  attributesToEncrypt: new Set(['apiKey']),
  attributesToExcludeFromAAD: new Set(['mutedInstanceIds', 'updatedBy']),

const migration780 = encryptedSavedObjects.createMigration<RawAlert, RawAlert>(
  function shouldBeMigrated(doc): doc is SavedObjectUnsanitizedDoc<RawAlert> {
    // ...
  (doc: SavedObjectUnsanitizedDoc<RawAlert>): SavedObjectUnsanitizedDoc<RawAlert> => {
    // ...
  // legacy input type
    type: 'alert',
    attributesToEncrypt: new Set(['apiKey', 'legacyEncryptedField']),
    attributesToExcludeFromAAD: new Set(['mutedInstanceIds', 'updatedBy']),
  // legacy migration type
    type: 'alert',
    attributesToEncrypt: new Set(['apiKey', 'legacyEncryptedField']),
    attributesToExcludeFromAAD: new Set(['mutedInstanceIds', 'updatedBy', 'legacyEncryptedField']),

via #69513

Canvas templates now stored as saved objects

Previously, workpad templates were added through the Canvas API client side. Workpad templates are now stored as saved objects, so an API is no longer required for adding them. You can add templates through SavedObject management.

via #69438

Search Typescript improved

The front end search strategy concept is now deprecated and the following API methods were removed from the plugin:

  • registerSearchStrategy
  • getSearchStrategy

via #69333

Plugin API added for customizing the logging configuration

Plugins can now customize the logging configuration on the fly.

import { of } from 'rxjs';
    appenders: {
      myCustomAppender: { ... },
    loggers: [
      { context: 'subcontext', appenders: ['myCustomAppender'], level: 'warn' }

via #68704

Developer guide restructured

The developer guide includes the following improvements:

via #67764

Elasticsearch API exposed from setup contract is deprecated

The Elasticsearch API exposed from the setup contract is not available and will be deleted without notice. Use the core start API instead.

// before
setup(core: CoreSetup) {
// after
setup(core: CoreSetup) {

via #67596

API reference docs available for state_containers and state_sync

The API reference docs for state_sync and state_containers are now available:

via #67354

Elasticsearch client exposed via request context marked as deprecated

The Elasticsearch service no longer provides separate data and admin clients. The Elasticsearch service client is marked as deprecated and is superseded by a new one.

// in route handler
async function handler (context) {
---  return await context.elasticsearch.adminClient.callAsInternalUser('endpoint');
+++  return await context.elasticsearch.legacy.client.callAsInternalUser('endpoint');
// in plugin
  return {
    async search(id) {
---     return await context.elasticsearch.adminClient.callAsInternalUser('endpoint', id);
+++     return await context.elasticsearch.legacy.client.callAsInternalUser('endpoint', id);

via #67319

Licensing now uses Elasticsearch from start contract

The licensing plugin API exposed from the setup contract is deprecated in favor of start contract counterparts:

// before
setup(core, plugins){

// after
start(core, plugins){

via #67291

The Actions SavedObject type action is now a hidden type

Interaction with the Actions SavedObject type requires you to tell your SavedObjectsClient to include the action hidden type as follows:

core.savedObjects.getScopedClient(request, { includedHiddenTypes: ['action'] })

Do not circumvent the authorization model by accessing these objects directly. Use AlertsClient instead.

via #67109

Saved objects now include support for hidden types

Saved objects

The SavedObjectClient’s getScopedClient, createScopedRepository and createInternalRepository can now take a list of types to include in the underlying repository.

You can use this to create a client that has access to hidden types:

core.savedObjects.getScopedClient(request, { includedHiddenTypes: ['hiddenType'] })

This creates a SavedObjects client scoped to a user by the specified request with access to a hidden type called hiddenType.

Encrypted saved objects

The EncryptedSavedObject plugin no longer exposes a single client as part of its start contract. Instead it exposes a getClient API that exposes the client API. The getClient can also specify a list of hidden types to gain access to which are hidden by default.

For example, given a Kibana platform plugin that has specified encryptedSavedObjects as a Setup dependency:

const encryptedSavedObjectsClient = plugins.encryptedSavedObjects.getClient(['hiddenType']);
return encryptedSavedObjectsClient.getDecryptedAsInternalUser('hiddenType',  '123',   { namespace: 'some-namespace' });

via #66879

The alerting plugin was renamed alerts to follow the Kibana styleguide

This includes the following API changes:

  • Changed actions BASE_ALERT_API_PATH to ` /api/alerts` because according to the styleguide, it should keep the structure /api/plugin_id
  • Changed endpoint /api/alert/_find just to /api/alerts/_find
  • Changed /types to /list_alert_types
  • Changed POST /api/alert to POST /api/alerts/alert
  • Changed GET /api/alert/{id} to GET /api/alerts/alert/{id}
  • Changed PUT /api/alert/{id} to PUT /api/alerts/alert/{id}
  • Changed DELETE /api/alert/{id} to DELETE /api/alerts/alert/{id}
  • Changed GET /api/alert/{id}/state to GET /api/alerts/alert/{id}/state
  • Changed POST /api/alert/{id}/_enable to POST /api/alerts/alert/{id}/_enable
  • Changed POST /api/alert/{id}/_disable to POST /api/alerts/alert/{id}/_disable
  • Changed POST /api/alert/{id}/_mute_all to POST /api/alerts/alert/{id}/_mute_all
  • Changed POST /api/alert/{alertId}/alert_instance/{alertInstanceId}/_mute to POST /api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_mute
  • Changed POST /api/alert/{id}/_unmute_all to POST /api/alerts/alert/{id}/_unmute_all
  • Changed POST /api/alert/{id}/_update_api_key to POST /api/alerts/alert/{id}/_update_api_key
  • Changed POST /api/alert/{alertId}/alert_instance/{alertInstanceId}/_unmute to POST /api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_unmute

via #66838

The new platform API is now implemented in Management

This change:

  • Refactors out use of registerLegacyApp and uses react-router-dom for routing.
  • Implements a landing page and sidebar in the Management plugin.
  • Removes the legacy API from src/plugins/management/public/plugin.ts and related code.

via #66781

The Alerting SavedObject type alert is now a hidden type

Interaction with the Alerting SavedObject type requires you to tell your SavedObjectsClient to include the alert hidden type as follows:

core.savedObjects.getScopedClient(request, { includedHiddenTypes: ['alert'] })

Do not circumvent the authorization model by accessing these objects directly. Use AlertsClient instead.

via #66719

Open source features registration moved to Kibana platform

Kibana now allows the getFeatures plugin method to be called within the start lifecycle.

via #66524

SavedObject registration in the legacy platform is not supported

To use SavedObjects, you must move your plugin to the Kibana platform.

// before in the legacy plugin
export default function ({ Plugin }) {
  new Plugin({
    id: 'my-plugin',
    uiExports: {
      mappings: {
        'my-plugin-so': {
          properties: {...},
// in the Kibana platform plugin
export class MyPlugin implements Plugin {
  constructor(context: PluginInitializerContext) {}
  setup(core: CoreSetup) {
      name: 'my-plugin-so',
      mappings: {...}

via #66203

Field format editors API migrated to Kibana Platform

Field format editors (used by index pattern management) are no longer added via the field formatters registry, ui/registry/field_format_editors. They are now added via the indexPatternManagement plugin.

via #65026

The expressions plugin has a new set of helpers

The expressions plugin introduces a set of helpers that make it easier to manipulate expression ASTs. Refer to this PR for more detailed examples.

// also available on `expressions/public/server`
import {
} from '../../src/plugins/expressions/public';

// `buildExpression` takes an expression string, AST, or array of `buildExpressionFunction`
const exp = buildExpression([
  // `buildExpressionFunction` takes an expression function name, and object of args
  buildExpressionFunction('myFn', { hello: [true] });

const anotherFn = buildExpressionFunction('anotherFn', { world: [false] });
fn.replaceArgument('world', [true]);

exp.toAst(); // prints the latest AST

// you can get added type-safety by providing a generic type argument:
const exp = buildExpression([
  buildExpressionFunction<MyFnExpressionFunctionDefinition>('myFn', { hello: [true] });
const fns = exp.findFunction<MyFnExpressionFunctionDefinition>('myFn');

via #64395

Mount ui/new_platform applications in same div structure as Core

Applications that are mounted via the core.application.register interface from the legacy ui/new_platform module are now mounted inside a new div inside of the <div class="application /> node rather than directly inside that node. This makes the legacy bridge consistent with how true Kibana platform applications are mounted.

via #63930


  • Shows, and/or in metadata table #66376
  • Adds error rate chart to Transaction overview and detail views #67327
  • Adds ThemeProvider to support dark mode #68242
  • Triggers Lazy-load alert #68806
  • Changes to duration formatting #69039
  • Adds callout to inform users of high cardinality in unique transaction names #69112
  • Creates API to return data to be used on the Overview page #69137
  • Fixes confusing request/minute viz #69143
  • Adds decimals only for numbers below 10 #69334
  • Adds support for dark mode #69362
  • Chart breakdowns #69420
  • Quotes trace id to ensure a word is searched (#69500) #69504
  • Adds error rates to Service Map popovers #69520
  • Resubmits initial version #69531
  • Adds Anomaly detection settings page to create ML jobs per environment #70560
  • Service maps anomaly detection integration by environment #70932
  • Anomaly detection setup link with alert if job doesn’t exist #71229
  • Respects default time range defined in Kibana Advanced Settings #71464
  • Uses HDR for percentiles #64758
  • Adds simple variables to workpads #66139
  • Enables drilldowns for Lens visualizations #65675
  • Improves positioning of cloned panels #67461
  • Lens editor auto refresh #65868
Enterprise Search
  • Workplace Search in Kibana MVP #70979
Ingest Management
  • Adds support for datastream to each template #66367
  • Improves server-side error handling #67278
  • Adds ability to copy an agent config #68737
  • Adds enroll agent action to config action menu #68840
  • Adds ability to sort to agent configs and package configs #70676
Lens and visualizations
  • Warns if leaving with unsaved visualization #67689
  • Uses accordion menus in field list for available and empty fields #68871
  • Adds "no data" popover #69147
  • Last used Index pattern is saved to and retrieved from local storage #69511
  • Fitting functions #69820
  • Multiple y axes #69911
  • Adds ability to set colors for y-axis series #70311
  • Allows histogram fields in average and sum aggregations #66891
  • Changes the error message on TSVB in order to be more user friendly #67090
  • Allows the user to change the tooltip mode #67775
  • Updates vega version #68639
  • Adds support for histogram type #68837
  • Enables "Explore underlying data" actions for Lens visualizations #70047
  • Validates ML job setup time ranges #66426
  • [Alerting] "Group by" functionality #68250
  • ML log integration splash screen #69288
  • Actions menu in log entry categorization page #69567
  • Adds index names for the new indexing strategy #70245
  • Adds category anomalies to anomalies page #70982
  • Anomalies page dataset filtering #71110
  • Shows log analysis ML jobs in a list #71132
Machine Learning
  • Search should have a categorical option for job type #65770
  • Adds linking to dataframe from job management tab #65778
  • Adds optional ability to delete target index and index pattern when deleting data frame analytics job #66934
  • Data frame analytics: Creation wizard part 1 #67564
  • Extends population preview chart to show actual and typical value #67569
  • Adds minor refresh button to data frame analytics and anomaly detection Job Messages tabs #67750
  • Keeps the edit rule flyout open if there are multiple rules #68174
  • Model snapshot management #68182
  • Data frame analytics: Creation wizard part 2 #68462
  • Removes sub navigation menu from the Anomaly Detection pages #68663
  • Adds anomaly swim lane embeddable to the dashboard from the Anomaly Explorer page #68784
  • Allows editing of model_snapshot_retention_days #69003
  • Anomaly Explorer swim lane pagination #70063
  • Anomaly Detection: Annotations enhancements #70198
  • Updates APM Module to Work with Service Maps #70361
  • Changes all calls to ML endpoints to use internal user #70487
  • Data frame analytics: add ability to edit job for fields supported by API #70489
  • Data frame analytics: adds prompt for destination index pattern creation #70651
  • Adds switch to enable model plot annotations independently #70678
  • Adds peak_model_bytes to model size stats type #70825
  • Anomaly swim lane embeddable navigation and filter actions #71082
  • Adds siem_cloudtrail Module #71323
  • Management apps are now organized into buckets that support common workflow-oriented use-cases: data ingestion, data management, insights and alerting, security, Kibana management, and Stack management #65796
  • The ES UI built a new component to assist with building ingest pipelines. Before, when building ingest pipelines, users would have to type and carefully curate JSON describing an ingest pipeline. With this new component a lot of that burden is removed and improved access to ES processors is provided. This component is the foundation of an improved pipeline building experience #66021
  • Transforms: Filter aggregation support #67591
  • Adds a "Data Streams" tab to Index Management to help users manage their data streams #67806
  • Transforms: Support sub-aggregations #68306
  • Data Grid Histograms #68359
  • Adds a snapshot policy name field to Delete phase of index lifecycle policy. This option ensures that the snapshot policy is executed before the managed index is deleted #68505
  • Transform: Adds ability to create index pattern time field when creating transform #68842
  • Transforms - Updated: Add ability to delete dest index & index pattern when deleting transform job #68896
  • Transform: Table enhancements #69307
  • Transform: Enable force delete if one of the transforms failed #69472
  • A new tab called Component Templates is available in Index Management. It provides a way to manage Elasticsearch’s component templates. Users can create, edit, clone, and delete a component template #69732
  • The index templates tab allows users to manage both their legacy index templates and composable index templates. Users can create, edit, clone, and delete a composable index template #70220
  • We updated the snapshot policy name field in Delete phase of index lifecycle policy. This component now display a list of existing snapshot policies and warns the user if their input doesn’t match any existing policies #70627
  • Displays ranged-data with bands #60570
  • Adds styling and tooltip support to mapbox mvt vector tile sources #64488
  • Allows adding multiple layers #67544
  • Enables gridding/clustering/heatmaps for geo_shape fields #67886
  • Security layer wizards #68290
  • Surface geo_shape clustering gold feature #68666
  • Layer wizard select re-design #69313
  • Shows vector tile labels on top #69444
  • Choropleth layer wizard #69699
  • Increases DEFAULT_MAX_BUCKETS_LIMIT to 65535 #70313
  • Shows joins disabled message #70826
  • Exposes registerLayerWizard and registerSource in maps plugin start #71553
  • Adds support for multiple groupings to Metrics Explorer (and Alerts) #66503
  • Adds sorting for name and value to Inventory View #66644
  • Changes Metric Threshold Alert charts to use bar charts #66672
  • Allows users to configure Inventory View palettes #66948
  • Adds timestamp context variable #67482
  • Adds back context variables with descriptions #67487
  • Adds overrides to Snapshot API to support alert previews #68125
  • Enhances Inventory View Tooltips #69757
  • UX improvements for saved views #69910
  • Register function for Observability homepage #70529
  • Adds framework for recovery messaging to metric threshold alerts (non-functional) #65339
  • Adds preview feature for metric threshold alerts #67684
  • Adds inventory alert preview #68909
  • Prefills alerts from the global dropdown #68967
  • Adds context.reason and alertOnNoData to Inventory alerts #70260
  • Collects number of visualization saved in the past 7, 30 and 90 days #67865
  • Out of the box alerting #68805
  • Node options from cfg file for production #62468
  • Creates Linux aarch64 package #69165
  • Switches to core application service #63443
  • Adds docLinks to CoreSetup #66631
  • New Enterprise Search Kibana plugin #66922
Querying & Filtering
  • Resolves range date filter bugs and improve usability #71298
  • Allow saved objects to be searched across multiple spaces #67644
  • Uses ML Capabilities API to determine license type #66921
  • Landing page for Observability #67467
  • Monitor availability reporting #67790
  • Creates "Add data" links in all Observability app headers #69016
  • Observability overview page #69141
  • Availability alert #70284
  • Duration Anomaly Alert #71208

Bug fixesedit

  • Adds lazy loading of alerting UI components #65060
  • Fixes Connectors edit flyout retains state after being closed #71911
  • Fixes Webhook connector doesn’t retain added HTTP header settings #71924
  • Removes Missing permission page #72030
  • Fixes linking errors to ML and Discover #73758
  • Observability i18n fixes #72984
  • Fixes falsey/null value bug for dropdown choices #69290
  • Shows drilldown context menu over chart tooltip #67311
  • Loses OriginatingApp Connection on Save As #72725
  • Sometimes when creating filters on a dashboard suggestions from default index patterns were shown by mistake #72899
  • Handles listing errors gracefully #66986
  • Kibana now sets the keep_alive parameter to 1m in _async_search requests to Elasticsearch to ensure that search requests are cancelled if a user closes the browser or navigates outside of Kibana before a request completes #73712
  • Multiple chart actions context menu positioning fixes #70705
  • Fixes accessibility issue in Uptime app nav links #72926
  • Prevents whitespace wrapping of doc table header #52861
  • Removes column from sorting array when removed from table #65990
  • Validates timerange before submitting query to ES #69363
  • Adds error and warning statuses to FilterBar filters #66979
  • Forbids timezones not working in Elasticsearch #70780
Ingest Management
  • Fixes clear filters on agents table not working #71978
Kibana UI
  • New Kibana app link order #66320
  • Fixes special clicks and 3rd party icon sizes in nav #69767
Lens and visualizations
  • Keeps global filters, time range and refresh interval on refresh #68075
  • Adds description property and check duplicate title on save #68219
  • Keeps custom labels #68498
  • Fixes delete button position in dimension panel for long labels #69495
  • Fixes cross cluster bug and optimize existence query #70132
  • Do not crash data panel on invalid KQL query #70712
  • Handles failing existence check #70718
  • Fixes overflow in printable report #70723
  • Fixes switching with layers #71982
  • Pins filters not applied when coming from different app #73825
  • Fixes missing percentage column and wrong headers on export formatted csv #66883
  • TSVB: handle division by zero in math agg #67111
  • Fixes vega specification parsing #67963
  • VEGA is missing scroll bars #68766
  • Replaces the Custom Color Picker on TSVB with the EuiColorPicker #68888
  • Fixes spec color highlighting not working on vega vis #68995
  • Fixes Advanced Settings Panel number editing in Graph #69672
  • Hide only duplicated consecutive ticks #70981
  • Fixes TSVB table trend slope value #71087
  • Fixes export table for table export links #71249
  • Removes opacity from vislib bars #71421
  • Fixes float percentiles line chart #71902
  • Fixes display of dataset values in anomaly and category example rows #71693
  • Handles modifier keys #74237
  • Removes UUID from Alert Instances #71340
Machine Learning
  • Data frame analytics results: Do not hide query bar and table on query syntax error #69196
  • Fixes anomaly chart and validation for one week bucket span #69671
  • Anomaly Detection: Ensure Category examples tab in the expanded table row can be seen #70241
  • Fixes error toasts shown when starting or editing jobs #71618
  • Fixes new job with must_not saved search #71831
  • Fixes management section access denied #71841
  • Ensure monitor cluster privilege not required to create data frame analytics job #71934
  • Fixes job list crashing due to undefined processed records #71966
  • Fixes datafeed start time is incorrect when the job has trailing empty buckets #71976
  • Fixes HTML named characters encoding #72060
  • Fixes annotations pagination & change labels from letters to numbers #72204
  • Stops annotation flyout re-rendering on each keystroke #72299
  • Fixes display of regression stop stats if one is NaN #72412
  • Handling data recognizer saved object errors #72447
  • Data frame analytics results: add index-pattern management link to click here error prompt #72470
  • Fixes layout of anomaly chart tooltip for long field values #72689
  • Fixes link to index management from file data visualizer #72863
  • Fixes deleting data frame analytics not showing index pattern check #72904
  • Fixes recognizer wizard create job button #73025
  • Fixes unnecessary deleting job polling #73087
  • Disables machine learning if license feature is disabled #73187
  • Data frame analytics results: ensure View link is only enabled when job has successfully completed #73539
  • Inspect action shows on dashboard for every chart #65998
  • Fixes an issue in Watcher, where a watch status or action status was incorrectly marked as "Error" #67952
  • Error handling #68809
  • Fixes an issue in Dev Tools Console where the example shown in the "Help" panel was formatted incorrectly #71188
  • Fixes the alignment of the Timing field for Warm, Cold and Delete phases on the Index Lifecycle Policy edit page #71273
  • Adopts data stream API changes #71682
  • Fixes #66185 #66186
  • Do not check count for blended layers when layer is not visible #66460
  • Fixes mapbox glyphs error when EMS access is turned off #67427
  • Fixes fit to bounds requests not getting canceled #67629
  • Fixes cannot select Solid fill-color when removing fields #70621
  • Fixes zoom in/zoom out buttons are not visible in dark mode #72699
  • Fixes removing global filter from layer can cause app to start thrashing #72763
  • Fixes cloned clustered documents layer returns error #72975
  • Fixes data driven style properties not working when cloned layer contains joins #73124
  • Fixes tile layer attibution text and attribution link validation errors #73160
  • Fixes fit to data for Point to Point layer #73563
  • Fixes #fit to bounds for ES document layers with joins #73985
  • Removes no longer required div wrapper around ValidatedDualRange #70188
  • Adds full precision GeoJSON version for TopoJSON only datastes 191
  • Fixes asynchronicity and error handling in Snapshot API #70503
  • Fixes evaluating rate-aggregated alerts when there’s no normalized value #73545
  • Removes UUID from Alert Instance IDs #71335
  • Fixes a bug in Metric Threshold query filter construction #70672
  • Displays Too Many Buckets error when previewing Inventory Alerts #70508
  • Round metric threshold time buckets to nearest unit #71172
  • Adds a case for Alerting if security/ssl is disabled #71846
  • Checks for security feature first when entering setup mode #73821
  • Sets wrap to the errorLink so it doesn’t go outside of box #67797
  • Fixes plugin lifecycle log to only include server plugins #68686
Querying & Filtering
  • When using KQL or the filter bar, if a request is issued to Elasticsearch for suggestions for a value for a specific field, the request will be cancelled when navigating away as well as when the input is updated (and a new request is issued #69769
  • Fixes a bug where the Kibana server could crash if the Reporting server-side headless browser crashes #71989
  • Adds panel flyout opens 2 flyouts #65861
  • Adds lazy loading to AlertType and Flyout components #65678
  • Fixes metric query broken because of missing mapping #68999
  • Fixes charts dark theme #69748
  • Uses manual intervals for ping histogram #72928


  • Removes watcher integration #71655
  • Deprecates kibana.defaultAppId setting #67635