Kibana 8.5.0edit

Review the following information about the Kibana 8.5.0 release.

Known issuesedit

Due to a recent change in the Red Hat scan verification process, Kibana 8.5.0 is not available in the Red Hat Ecosystem Catalog. This known issue will be fixed in the next release. To download the Kibana 8.5.0 image, use the Elastic docker registry.

Breaking changesedit

Breaking changes can prevent your application from optimal operation and performance. Before you upgrade to 8.5.0, review the breaking changes, then mitigate the impact to your application.

Updates bulk action API to return actionId instead of agent success

To make bulk action responses consistent, returns actionId instead of agent ids with success: True or success: False results. For more information, refer to #141757.

When you use FleetBulkResponse, you now receive only actionId responses.

Removes filter validation for ad-hoc data views

Filters associated with unknown data views, such as deleted data views, are no longer automatically disabled. For more information, refer to #139431.

Filters associated with unknown data views now display a warning message instead of being automatically disabled.

Removes the package_policies field from the agent policy saved object

The bidirectional foreign key between agent policy and package policy has been removed. For more information, refer to #138677.

The agent policy saved object no longer includes the package_policies field.

To review the breaking changes in previous versions, refer to the following:

8.4.0 | 8.3.0 | 8.2.0 | 8.1.0 | 8.0.0 | 8.0.0-rc2 | 8.0.0-rc1 | 8.0.0-beta1 | 8.0.0-alpha2 | 8.0.0-alpha1


Kibana 8.5.0 adds the following new and notable features.

  • Adds dynamic field selection to the alerts table #140516
  • Show alerts count #140473
  • Adds the ability to allows users to assign other users to cases #140208
  • Ability run a rule on-demand #139848
  • Ability to bulk update API keys for alerting rules #139036
  • Index threshold alert can’t use unsigned long data type #138452
  • Category fields endpoint #138245
  • Index threshold alert UI does not fill index picker with data streams #137584
  • Display kubernetes metadata in service icons popup and instance accordion #139612
  • AWS lambda metrics api #139041
  • Adds support for storing time with saved searches #138377
  • Enables tags for saved searches #136162
Elastic Security
For the Elastic Security 8.5.0 release information, refer to Elastic Security Solution Release Notes.
  • Adds agent activity flyout #140510
  • Adds a new event toggle to capture terminal output in endpoint #139421
  • Makes batch actions asynchronous #138870
  • Adds ability to tag integration assets #137184
  • Adds support for input only packages #140035
Inital hosts page #138173
Lens & Visualizations
  • Adds query-based annotations in Lens #138753
  • Enables ad-hoc data views in Lens #138732
Machine Learning
  • Notifications page #140613
  • Explain Log Rate Spikes: Add option to view grouped analysis results #140464
  • Stubs out UI for the ML Inference Pipeline panel #140456
  • Attach the anomaly charts embeddable to Case #139628
  • Log pattern analysis UI #139005
  • Attach the anomaly swim lane embeddable to Case #138994
  • Adds the ability to allow variables in URL Drilldown titles #140076
  • Enables time series downsampling action in ILM configurations #138748
  • Adds the composite runtime field editor #136954
Feat(slo): Create basic SLO route #139490
  • Adds Osquery results to cases #139909
  • Add support for differential logs #140660
Adds the ability to set a default Access Agreement for all authentication providers #139217

For more information about the features introduced in 8.5.0, refer to What’s new in 8.5.