Breaking changes in 8.0edit
This section discusses the changes that you need to be aware of when migrating your application to Kibana 8.0.
Coming in 8.0.0.
See also What’s new in 8.0 and Release Notes.
Index pattern changesedit
Removed support for time-based internal index patternsedit
Details: Time-based interval index patterns were deprecated in 5.x. In 6.x, you could no longer create time-based interval index patterns, but they continued to function as expected. Support for these index patterns has been removed in 8.0.
Impact: You must migrate your time_based index patterns to a wildcard pattern,
for example, logstash-*
.
Settings changesedit
Multitenancy by changing kibana.index
is no longer supportededit
Details: kibana.index
, xpack.reporting.index
and xpack.task_manager.index
can no longer be specified.
Impact: Users who relied on changing these settings to achieve multitenancy should use Spaces, cross-cluster replication, or cross-cluster search instead. To migrate to Spaces, users are encouraged to use saved object management to export their saved objects from a tenant into the default tenant in a space. Improvements are planned to improve on this workflow. See https://github.com/elastic/kibana/issues/82020 for more details.
Legacy browsers are now rejected by defaultedit
Details: csp.strict
is now enabled by default, so Kibana will fail to load for older, legacy browsers that do not enforce basic Content Security Policy protections - notably Internet Explorer 11.
Impact: To allow Kibana to function for these legacy browsers, set csp.strict: false
. Since this is about enforcing a security protocol, we strongly discourage disabling csp.strict
unless it is critical that you support Internet Explorer 11.
Default logging timezone is now the system’s timezoneedit
Details: In prior releases the timezone used in logs defaulted to UTC. We now use the host machine’s timezone by default.
Impact: To restore the previous behavior, in kibana.yml set logging.timezone: UTC
.
Responses are never logged by defaultedit
Details: Previously responses would be logged if either logging.json
was true, logging.dest
was specified, or a TTY
was detected.
Impact: To restore the previous behavior, in kibana.yml set logging.events.response=*
.
xpack.security.authProviders
is no longer validedit
Details: The deprecated xpack.security.authProviders
setting in the kibana.yml
file has been removed.
Impact: Use xpack.security.authc.providers
instead.
xpack.security.authc.providers
has changed value formatedit
Details: xpack.security.authc.providers
setting in the kibana.yml
has changed value format.
Impact: Array of provider types as a value is no longer supported, use extended object format instead.
xpack.security.authc.saml
is no longer validedit
Details: The deprecated xpack.security.authc.saml
setting in the kibana.yml
file has been removed.
Impact: Configure SAML authentication providers using xpack.security.authc.providers.saml.{provider unique name}.*
settings instead.
xpack.security.authc.oidc
is no longer validedit
Details: The deprecated xpack.security.authc.oidc
setting in the kibana.yml
file has been removed.
Impact: Configure OpenID Connect authentication providers using xpack.security.authc.providers.oidc.{provider unique name}.*
settings instead.
xpack.security.public
is no longer validedit
Details: Previously Kibana was choosing the appropriate Elasticsearch SAML realm automatically using the Assertion Consumer Service
URL that it derived from the actual server address and xpack.security.public
setting. Starting in 8.0.0, the deprecated xpack.security.public
setting in the kibana.yml
file has been removed and the Elasticsearch SAML realm name that Kibana will use should be specified explicitly.
Impact: Define xpack.security.authc.providers.saml.{provider unique name}.realm
when using the SAML authentication providers instead.
/api/security/v1/saml
endpoint is no longer supportededit
Details: The deprecated /api/security/v1/saml
endpoint is no longer supported.
Impact: Rely on /api/security/saml/callback
endpoint when using SAML instead. This change should be reflected in Elasticsearch and Identity Provider SAML settings.
/api/security/v1/oidc
endpoint is no longer supportededit
Details: The deprecated /api/security/v1/oidc
endpoint is no longer supported.
Impact: Rely on /api/security/oidc/callback
endpoint when using OpenID Connect instead. This change should be reflected in Elasticsearch and OpenID Connect Provider settings.
/api/security/v1/oidc
endpoint is no longer supported for Third Party initiated loginedit
Details: The deprecated /api/security/v1/oidc
endpoint is no longer supported for Third Party initiated login.
Impact: Rely on /api/security/oidc/initiate_login
endpoint when using Third Party initiated OpenID Connect login instead. This change should be reflected in Elasticsearch and OpenID Connect Provider settings.
/api/security/v1/oidc/implicit
endpoint is no longer supportededit
Details: The deprecated /api/security/v1/oidc/implicit
endpoint is no longer supported.
Impact: Rely on /api/security/oidc/implicit
endpoint when using OpenID Connect Implicit Flow instead. This change should be reflected in OpenID Connect Provider settings.
optimize
directory is now in the data
folderedit
Details: Generated bundles have moved to the configured path.data
folder.
Impact: Any workflow that involved manually clearing generated bundles will have to be updated with the new path.
kibana.keystore has moved from the data
folder to the config
folderedit
Details: By default, kibana.keystore has moved from the configured path.data
folder to <root>/config
for archive distributions
and /etc/kibana
for package distributions. If a pre-existing keystore exists in the data directory that path will continue to be used.
User role changesedit
kibana_user
role has been removed and kibana_admin
has been added.edit
Details: The kibana_user
role has been removed and kibana_admin
has been added to better
reflect its intended use. This role continues to grant all access to every
Kibana feature. If you wish to restrict access to specific features, create
custom roles with Kibana privileges.
Impact: Any users currently assigned the kibana_user
role will need to
instead be assigned the kibana_admin
role to maintain their current
access level.
kibana_dashboard_only_user
role has been removed.edit
Details: The kibana_dashboard_only_user
role has been removed.
If you wish to restrict access to just the Dashboard feature, create
custom roles with Kibana privileges.
Impact: Any users currently assigned the kibana_dashboard_only_user
role will need to be assigned a custom role which only grants access to the Dashboard feature.
Granting additional cluster or index privileges may enable certain Stack Monitoring features.
Reporting changesedit
Legacy job parameters are no longer supportededit
Details: POST URL snippets that were copied in Kibana 6.2 or earlier are no longer supported. These logs have been deprecated with warnings that have been logged throughout 7.x. Please use Kibana UI to re-generate the POST URL snippets if you depend on these for automated PDF reports.
Configurations starting with xpack.telemetry
are no longer validedit
Details:
The xpack.
prefix has been removed for all telemetry configurations.
Impact:
For any configurations beginning with xpack.telemetry
, remove the xpack
prefix. Use telemetry.enabled
instead.
SysV init support has been removededit
Details:
All supported operating systems support using systemd service files. Any system that doesn’t already have service aliased to use kibana.service should use systemctl start kibana.service
instead of the service start kibana
.
Impact:
Any installations using .deb
or .rpm
packages using SysV will need to migrate to systemd.