IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
Elastic Docs Kibana Guide [8.5] Release notes
« Kibana 8.5.1 Enhancements and bug fixes »

Kibana 8.5.0edit

Review the following information about the Kibana 8.5.0 release.

Security updateedit

The 8.5.0 release contains a fix to a potential security vulnerability. For more information, check Security announcements.

Known issuesedit

Unable to load Stack Management > Rules and Connectors due to corrupted rule definitions

Details
Releases 8.5 and 8.6 have a bug that corrupts rules when you update API keys or manage snooze schedules. In particular, it affects tracking containment rules and Elasticsearch query rules with KQL or Lucene query types. Releases 8.7 and beyond do not include this bug (fixed in #153370).

Impact
This known issue causes "unable to load rules" messages to occur in Stack Management > Rules and Connectors. To temporarily work around the problem, copy the rule content (params, name, tags, actions) for the problematic rules, delete the rules, then recreate them. For more details, refer to Elasticsearch query rules and Tracking containment rules.

Kibana is unavailable in the Red Hat Ecosystem Catalog

Details
Due to a recent change in the Red Hat scan verification process, Kibana 8.5.0 is not available in the Red Hat Ecosystem Catalog.

Impact
This known issue will be fixed in the next release. To download the Kibana 8.5.0 image, use the Elastic docker registry.

Unable to create visualizations with field formatters

Details
When you create Lens and aggregation-based visualizations with field formatters, Kibana fails to apply the formatter.

Impact
To create Lens and aggregation-based visualizations with field formatters, upgrade to 8.6.0.

Breaking changesedit

Breaking changes can prevent your application from optimal operation and performance. Before you upgrade to 8.5.0, review the breaking changes, then mitigate the impact to your application.

Updates bulk action API to return actionId instead of agent success

Details
To make bulk action responses consistent, returns actionId instead of agent ids with success: True or success: False results. For more information, refer to #141757.

Impact
When you use FleetBulkResponse, you now receive only actionId responses.

Removes filter validation for ad-hoc data views

Details
Filters associated with unknown data views, such as deleted data views, are no longer automatically disabled. For more information, refer to #139431.

Impact
Filters associated with unknown data views now display a warning message instead of being automatically disabled.

Removes the package_policies field from the agent policy saved object

Details
The bidirectional foreign key between agent policy and package policy has been removed. For more information, refer to #138677.

Impact
The agent policy saved object no longer includes the package_policies field.

To review the breaking changes in previous versions, refer to the following:

8.4.0 | 8.3.0 | 8.2.0 | 8.1.0 | 8.0.0 | 8.0.0-rc2 | 8.0.0-rc1 | 8.0.0-beta1 | 8.0.0-alpha2 | 8.0.0-alpha1

Featuresedit

Kibana 8.5.0 adds the following new and notable features.

Alerting
  • Adds dynamic field selection to the alerts table #140516
  • Show alerts count #140473
  • Adds the ability to allows users to assign other users to cases #140208
  • Ability run a rule on-demand #139848
  • Ability to bulk update API keys for alerting rules #139036
  • Index threshold alert can’t use unsigned long data type #138452
  • Category fields endpoint #138245
  • Index threshold alert UI does not fill index picker with data streams #137584
APM
  • Display kubernetes metadata in service icons popup and instance accordion #139612
  • AWS lambda metrics api #139041
Discover
  • Adds support for storing time with saved searches #138377
  • Enables tags for saved searches #136162
Elastic Security
For the Elastic Security 8.5.0 release information, refer to Elastic Security Solution Release Notes.
Fleet
  • Adds agent activity flyout #140510
  • Adds a new event toggle to capture terminal output in endpoint #139421
  • Makes batch actions asynchronous #138870
  • Adds ability to tag integration assets #137184
  • Adds support for input only packages #140035
Infrastructure
Inital hosts page #138173
Lens & Visualizations
  • Adds query-based annotations in Lens #138753
  • Enables ad-hoc data views in Lens #138732
Machine Learning
  • Notifications page #140613
  • Explain Log Rate Spikes: Add option to view grouped analysis results #140464
  • Stubs out UI for the ML Inference Pipeline panel #140456
  • Attach the anomaly charts embeddable to Case #139628
  • Log pattern analysis UI #139005
  • Attach the anomaly swim lane embeddable to Case #138994
Management
  • Adds the ability to allow variables in URL Drilldown titles #140076
  • Enables time series downsampling action in ILM configurations #138748
  • Adds the composite runtime field editor #136954
Observability
Feat(slo): Create basic SLO route #139490
Osquery
  • Adds Osquery results to cases #139909
  • Add support for differential logs #140660
Security
Adds the ability to set a default Access Agreement for all xpack.security-level authentication providers #139217

For more information about the features introduced in 8.5.0, refer to What’s new in 8.5.

« Kibana 8.5.1 Enhancements and bug fixes »