Breaking Changes in 5.0

X-Pack
  • All settings have been updated to use the xpack prefix. For more information, see Migrating to X-Pack.
Licensing
  • Licensing endpoint has been renamed from /_license to /_xpack/license.
Monitoring
  • http exporters no longer honor the keep_alive setting as this is handled by the low-level REST Client.
  • All monitoring.agent.* settings have been changed to more closely match other monitoring collection settings: xpack.monitoring.collection.* and xpack.monitoring.exporters.*.
  • The Index page’s Lucene Memory chart was replaced with an Index Memory chart, which includes a superset of the information. Fielddata, which has become a significantly less common issue, has been rolled into the Index Memory chart.
  • To use an external monitoring cluster to monitor an Elasticsearch 5.0 cluster, you must run Elasticsearch 5.0 on the monitoring cluster. For more information about external monitoring clusters, see Setting up a Separate Monitoring Cluster.
  • All settings have been updated to use the xpack.monitoring prefix. For more information, see Migrating to X-Pack.
Reporting
  • Reporting encryption keys configured in kibana.yml must now be at least 32 characters.
Security
  • Security encryption keys configured in kibana.yml must now be at least 32 characters.
  • The SSL configuration settings have been changed to use an easier to use format that also supports PEM files.
  • Removed the files.users and files.users_roles settings from the file realm.
  • Removed the setting that allowed for a custom roles.yml file location to be specified. The roles.yml file must always be in the CONF_DIR/x-pack directory.
  • Removed the setting that allowed for a custom system key location to be defined. The system_key file must always be in the CONF_DIR/x-pack directory.
  • The logfile output for auditing no longer uses the log level to determine which events to log. The events are now controlled in the same way as the index output.
  • Changed the syntax for field-level-security. Roles stored in the old format in native or file based realm will continue to work but new roles must use the new format.
  • The esusers realm has been renamed to file and the esusers command line tool has been renamed to users. Note that the User and Role APIs are the preferred way to manage internal users.
  • Elasticsearch enables HTTP compression by default now. To mitigate potential security risks like the BREACH attack, X-Pack security disables compression if HTTPS is enabled. If Elasticsearch should compress HTTPS traffic, please explicitly set ‘http.compression` to true in `elasticsearch.yml’.
  • You must specify all required values to override the global SSL configuration in a profile. If any values are omitted, the entire configuration falls back to the global settings, xpack.security.ssl.*.
  • The skipSslCheck and useUnsafeSessions for Kibana have been replaced by xpack.security.secureCookies in kibana.yml. SSL is now disabled by default. You can start Kibana without making any changes to kibana.yml after you install X-Pack. Do not deploy to production without enabling SSL/TLS encryption!
  • A default role is now applied to all users, including anonymous users. The default role enables users to access the authenticate endpoint, change their own passwords, and get information about themselves.
  • All settings have been updated to use the xpack.security prefix. For more information, see Migrating to X-Pack.
Watcher
  • The force parameter of the Delete Watch Action has been removed.
  • The use of the _timestamp field for the execution time has been removed. The user now needs to set this explicitly in the index action.
  • The _xpack/watcher/_start, _xpack/watcher/_restart, and _xpack/watcher/_stop REST endpoints require POST actions instead of PUT actions. The deprecated _watcher/_start, _watcher/_restart, and _watcher/_stop endpoints still allow PUT.
  • Watch history now uses a versioned template. The index names also changed and contain this version. So instead of .watch_history_2016.02.03 the new index name is .watcher-history-1-2016.02.03, where 1 is the current version. If you are using X-Pack security, this might require you to change roles/permissions because of the different index names! The old index template named watch_history can safely be deleted. However, it does not interfere with the new index template.
  • The setting that enables scripting only for Watcher has been renamed from script.engine.groovy.inline.elasticsearch-watcher_watch to script.engine.groovy.inline.xpack_watch.
  • Elasticsearch has several breaking changes in the query DSL, including that search_type=count is no longer supported. Check to see if your watches use this search type and upgrade them to use size: 0 in the request body as needed. For more information about breaking changes including search changes, see breaking changes section in Elasticsearch.
  • All account SMTP timeouts (smtp.timeout, smtp.connection_timeout and smtp.write_timeout) now require a time value instead of a number in milliseconds.
  • The notification settings for PagerDuty, Slack, HipChat, and email have been moved from watcher.actions to xpack.notification. You need to update your Elasticsearch configuration accordingly.
  • All watcher endpoints have been renamed from /_watcher/XYZ to /_xpack/watcher/XYZ. You might need to fix this in external scripts as well as in your watches.
  • The notification settings have been stripped of their service part. So watcher.actions.slack.service.default_account becomes xpack.notification.slack.default_account
  • The setting watcher.shield.encrypt_sensitive_data has been renamed to xpack.watcher.encrypt_sensitive_data