Kibana 8.8.0

Details
Due to a schema version update, during Fleet setup in 8.8.x, all agent policies are being queried and deployed. This action triggers a lot of queries to the Elastic Package Registry (EPR) to fetch integration packages. As a result, there is an increase in Kibana’s resident memory usage (RSS).

Impact
Because the default batch size of 100 for schema version upgrade of Fleet agent policies is too high, this can cause Kibana to run out of memory during an upgrade. For example, we have observed 1GB Kibana instances run out of memory during an upgrade when there were 20 agent policies with 5 integrations in each.

Workaround
Two workaround options are available:

In 8.9.0, we are addressing this by changing the default batch size to 2.

Details
The 8.8.0 release splits the .kibana index into multiple saved object indices. If an upgrade to 8.8.0 partially succeeds, but not all the indices are created successfully, Kibana may be unable to successfully complete the upgrade on the next restart.

This can result in a loss of saved objects during the upgrade. This can also leave Kibana in a bootlooping state where it’s unable to start due to write_blocked indices.

Impact
The 8.8.1 release includes in a fix for this problem. Customers affected by a failed 8.8.0 upgrade should contact Elastic support. For more information, see the related issue.

Details
Fleet introduced audit logging for various CRUD (create, read, update, and delete) operations in version 8.8.0. While audit logging is not enabled by default, we have identified an off-heap memory leak in the implementation of Fleet audit logging that can result in poor Kibana performance, and in some cases Kibana instances being terminated by the OS kernel’s oom-killer. This memory leak can occur even when Kibana audit logging is not explicitly enabled (regardless of whether xpack.security.audit.enabled is set in the kibana.yml settings file).

Impact
The version 8.8.2 release includes in a fix for this problem. If you are using Fleet integrations and Kibana audit logging in version 8.8.0 or 8.8.1, you should upgrade to 8.8.2 or above to obtain the fix.

Details
If Monitor Management was enabled prior to 8.6.0, the API key generated internally will not contain the required permissions. The Synthetics app will attempt to fix this automatically in #155203 when a user with sufficient privileges visits this page for the first time after upgrading to 8.8.0.

Impact
All monitors configured to run on Elastic’s global managed testing infrastructure will stop running until a user with permissions has loaded the Synthetics app.

Details
Network throttling has been temporarily disabled for browser-based Synthetics monitors running on Elastic’s global managed testing infrastructure and private locations. This will be enabled again at some point in the future. We’re providing frequent updates on this issue in this document.

Impact
With network throttling being disabled, your monitors may run more quickly (i.e. have a lower duration) than you observed previously and than when network throttling is enabled again in the future. No monitor configurations have been changed, but the network throttling settings are ignored at the moment.

Details
If a cluster meets all of the following conditions, its Elastic Security and Observability rules will fail and no actions will be sent:

The following error messages in the Kibana log occur when Kibana starts or when the rules run:

Error installing component template .alerts-ecs-mappings - Cannot read properties of undefined (reading 'includes')

Error installing common resources for AlertsService. No additional resources will be installed and rule execution may be impacted. - Failure during installation. Cannot read properties of undefined (reading 'includes')

Impact
If you have upgraded to 8.8.0 and your alerting rules fail, upgrade to 8.8.1.

Details
When you attach machine learning visualizations, OsQuery, or Indicators of Compromise (IoCs) to a case, each attachment has its own view which renders in the Activity tab. For these attachments, a bug was introduced in 8.8.0:

Alerts are not affected.

Impact
There are no mitigations for the first scenario, other than upgrading to 8.8.1. For the second scenario, refreshing the case fixes the issue.

Details
The project monitor API for Synthetics in Elastic Observability has been removed. For more information, refer to #155470.

Impact
In 8.8.0 and later, an error appears when you use the project monitor API.

Details
The privileges for attaching alerts to cases has changed. For more information, refer to #147985.

Impact
To attach alerts to cases, you must have Read access to an Observability or Security feature that has alerts and All access to the Cases feature. For detailed information, check Kibana privileges and Configure access to cases.

Details
The following Task Manager settings are deprecated:

For more information, refer to #154275.

Impact
To improve task execution resiliency, remove the deprecated settings from the kibana.yml file. For detailed information, check Task Manager settings in Kibana.

Details
Synthetics and Uptime monitor schedules and zip URL fields are deprecated. For more information, refer to #154010 and #154952.

Impact
When you create monitors in Uptime Monitor Management and the Synthetics app, unsupported schedules are automatically transfered to the nearest supported schedule. To use zip URLs, use project monitors.

Details
The PUT endpoint for the agent reassign API is deprecated. For more information, refer to #152236.

Impact
Use the POST endpoint for the agent reassign API.

Details
The total field in /agent_status Fleet API responses is deprecated. For more information, refer to #151564.

Impact
The /agent_status Fleet API now returns the following statuses:

Details
The Elastic Synthetics integration is deprecated. For more information, refer to #149506.

Impact
To monitor endpoints, pages, and user journeys, go to Observability → Synthetics (beta).