This section discusses the changes that you need to be aware of when migrating your application to Kibana 8.0.

See also What’s new in 8.0 and Release Notes.

Index pattern changesedit

Removed support for time-based internal index patternsedit

Details: Time-based interval index patterns were deprecated in 5.x. In 6.x, you could no longer create time-based interval index patterns, but they continued to function as expected. Support for these index patterns has been removed in 8.0.

Impact: You must migrate your time_based index patterns to a wildcard pattern, for example, logstash-*.

Settings changesedit

Legacy browsers are now rejected by defaultedit

Details: csp.strict is now enabled by default, so Kibana will fail to load for older, legacy browsers that do not enforce basic Content Security Policy protections - notably Internet Explorer 11.

Impact: To allow Kibana to function for these legacy browsers, set csp.strict: false. Since this is about enforcing a security protocol, we strongly discourage disabling csp.strict unless it is critical that you support Internet Explorer 11.

Default logging timezone is now the system’s timezoneedit

Details: In prior releases the timezone used in logs defaulted to UTC. We now use the host machine’s timezone by default.

Impact: To restore the previous behavior, in kibana.yml set logging.timezone: UTC.

Responses are never logged by defaultedit

Details: Previously responses would be logged if either logging.json was true, logging.dest was specified, or a TTY was detected.

Impact: To restore the previous behavior, in kibana.yml set logging.events.response=*.

xpack.security.authProviders is no longer validedit

Details: The deprecated xpack.security.authProviders setting in the kibana.yml file has been removed.

Impact: Use xpack.security.authc.providers instead.

xpack.security.authc.providers has changed value formatedit

Details: xpack.security.authc.providers setting in the kibana.yml has changed value format.

Impact: Array of provider types as a value is no longer supported, use extended object format instead.

xpack.security.authc.saml is no longer validedit

Details: The deprecated xpack.security.authc.saml setting in the kibana.yml file has been removed.

Impact: Configure SAML authentication providers using xpack.security.authc.providers.saml.{provider unique name}.* settings instead.

xpack.security.authc.oidc is no longer validedit

Details: The deprecated xpack.security.authc.oidc setting in the kibana.yml file has been removed.

Impact: Configure OpenID Connect authentication providers using xpack.security.authc.providers.oidc.{provider unique name}.* settings instead.

xpack.security.public is no longer validedit

Details: Previously Kibana was choosing the appropriate Elasticsearch SAML realm automatically using the Assertion Consumer Service URL that it derived from the actual server address and xpack.security.public setting. Starting in 8.0.0, the deprecated xpack.security.public setting in the kibana.yml file has been removed and the Elasticsearch SAML realm name that Kibana will use should be specified explicitly.

Impact: Define xpack.security.authc.providers.saml.{provider unique name}.realm when using the SAML authentication providers instead.

/api/security/v1/saml endpoint is no longer supportededit

Details: The deprecated /api/security/v1/saml endpoint is no longer supported.

Impact: Rely on /api/security/saml/callback endpoint when using SAML instead. This change should be reflected in Elasticsearch and Identity Provider SAML settings.

/api/security/v1/oidc endpoint is no longer supportededit

Details: The deprecated /api/security/v1/oidc endpoint is no longer supported.

Impact: Rely on /api/security/oidc/callback endpoint when using OpenID Connect instead. This change should be reflected in Elasticsearch and OpenID Connect Provider settings.

/api/security/v1/oidc endpoint is no longer supported for Third Party initiated loginedit

Details: The deprecated /api/security/v1/oidc endpoint is no longer supported for Third Party initiated login.

Impact: Rely on /api/security/oidc/initiate_login endpoint when using Third Party initiated OpenID Connect login instead. This change should be reflected in Elasticsearch and OpenID Connect Provider settings.

/api/security/v1/oidc/implicit endpoint is no longer supportededit

Details: The deprecated /api/security/v1/oidc/implicit endpoint is no longer supported.

Impact: Rely on /api/security/oidc/implicit endpoint when using OpenID Connect Implicit Flow instead. This change should be reflected in OpenID Connect Provider settings.

optimize directory is now in the data folderedit

Details: Generated bundles have moved to the configured path.data folder.

Impact: Any workflow that involved manually clearing generated bundles will have to be updated with the new path.

kibana.keystore has moved from the data folder to the config folderedit

Details: By default, kibana.keystore has moved from the configured path.data folder to <root>/config for archive distributions and /etc/kibana for package distributions. If a pre-existing keystore exists in the data directory that path will continue to be used.

User role changesedit

kibana_user role has been removed and kibana_admin has been added.edit

Details: The kibana_user role has been removed and kibana_admin has been added to better reflect its intended use. This role continues to grant all access to every Kibana feature. If you wish to restrict access to specific features, create custom roles with Kibana privileges.

Impact: Any users currently assigned the kibana_user role will need to instead be assigned the kibana_admin role to maintain their current access level.

kibana_dashboard_only_user role has been removed.edit

Details: The kibana_dashboard_only_user role has been removed. If you wish to restrict access to just the Dashboard feature, create custom roles with Kibana privileges.

Impact: Any users currently assigned the kibana_dashboard_only_user role will need to be assigned a custom role which only grants access to the Dashboard feature.

Granting additional cluster or index privileges may enable certain Stack Monitoring features.

Reporting changesedit

Legacy job parameters are no longer supportededit

Details: POST URL snippets that were copied in Kibana 6.2 or earlier are no longer supported. These logs have been deprecated with warnings that have been logged throughout 7.x. Please use Kibana UI to re-generate the POST URL snippets if you depend on these for automated PDF reports.

Configurations starting with xpack.telemetry are no longer validedit

Details: The xpack. prefix has been removed for all telemetry configurations.

Impact: For any configurations beginning with xpack.telemetry, remove the xpack prefix. Use telemetry.enabled instead.