Kibana 8.3.0edit
Review the following information about the Kibana 8.3.0 release.
Known issuesedit
Alerting users who are running 8.2 should not upgrade to either 8.3.0 or 8.3.1. Both 8.3.0 and 8.3.1 have a bug where alerting rules that were created or edited in 8.2 will stop running on upgrade. If you have upgraded to 8.3.0 or 8.3.1 and your alerting rules have stopped running with an error similar to the following example, you will need to go to Stack Management > Rules and Connectors, multi-select the failed rules, click on Manage rules > Disable and then click on Manage rules > Enable. Disabling and re-enabling the rule will generate a new API key using the credentials of the user performing these actions and reset the rule state. For more details about API key authorization, refer to Authorization.
- Example error message
<rule-type>:<UUID>: execution failed - security_exception: [security_exception] Reason: missing authentication credentials for REST request [/_security/user/_has_privileges], caused by: ""
Breaking changeedit
Breaking changes can prevent your application from optimal operation and performance. Before you upgrade, review the breaking change, then mitigate the impact to your application.
Removes Quandl and Graphite integrations
Details
The experimental .quandl
and .graphite
functions and advanced settings are removed from Timelion. For more information, check #129581.
Impact
When you use the vis_type_timelion.graphiteUrls
kibana.yml setting, Kibana successfully starts, but logs a [WARN ][config.deprecation] You no longer need to configure "vis_type_timelion.graphiteUrls".
warning.
To leave your feedback about the removal of .quandl
and .graphite
, go to the discuss forum.
Makes Osquery All with All base privilege
Details
The Osquery Kibana privilege has been updated, so that when the Privileges for all features level is set to All, this now applies All to Osquery privileges as well. Previously, users had to choose the Customize option to grant any access to Osquery. For more information, refer to #130523.
Impact
This impacts user roles that have Privileges for all features set to All. After this update, users with this role will have access to the Osquery page in Kibana. However, to use the Osquery feature fully, these requirements remain the same: users also need Read access to the logs-osquery_manager.result* index and the Osquery Manager integration must be deployed to Elastic Agents.
To review the breaking changes in previous versions, refer to the following:
8.2.0 | 8.1.0 | 8.0.0 | 8.0.0-rc2 | 8.0.0-rc1 | 8.0.0-beta1 | 8.0.0-alpha2 | 8.0.0-alpha1
Deprecationsedit
The following functionality is deprecated in 8.3.0, and will be removed in 9.0.0. Deprecated functionality does not have an immediate impact on your application, but we strongly recommend you make the necessary updates after you upgrade to 8.3.0.
Removes apm_user
Details
Removes the apm_user
role. For more information, check #132790.
Impact
In the APM documentation, the apm_user`role is replaced with the `viewer
and editor
built-in roles.
Deprecates input controls
Details
The input control panels, which allow you to add interactive filters to dashboards, are deprecated. For more information, check #132562.
Impact
To add interactive filters to your dashboards, use the new controls.
Deprecates anonymous authentication credentials
Details
The apiKey, including key and ID/key pair, and elasticsearch_anonymous_user
credential types for anonymous authentication providers are deprecated. For more information, check #131636.
Impact
If you have anonymous authentication provider configured with apiKey or elasticsearch_anonymous_user
credential types, a deprecation warning appears, even when the provider is not enabled.
Deprecates v1 and v2 security_linux and security_windows jobs
Details
The v1 and v2 job configurations for security_linux and security_windows are deprecated. For more information, check #131166.
Impact
The following security_linux and security_windows job configurations are updated to v3:
-
security_linux:
- v3_linux_anomalous_network_activity
- v3_linux_anomalous_network_port_activity_ecs
- v3_linux_anomalous_process_all_hosts_ecs
- v3_linux_anomalous_user_name_ecs
- v3_linux_network_configuration_discovery
- v3_linux_network_connection_discovery
- v3_linux_rare_metadata_process
- v3_linux_rare_metadata_user
- v3_linux_rare_sudo_user
- v3_linux_rare_user_compiler
- v3_linux_system_information_discovery
- v3_linux_system_process_discovery
- v3_linux_system_user_discovery
- v3_rare_process_by_host_linux_ecs
-
security_windows:
- v3_rare_process_by_host_windows_ecs
- v3_windows_anomalous_network_activity_ecs
- v3_windows_anomalous_path_activity_ecs
- v3_windows_anomalous_process_all_hosts_ecs
- v3_windows_anomalous_process_creation
- v3_windows_anomalous_script
- v3_windows_anomalous_service
- v3_windows_anomalous_user_name_ecs
- v3_windows_rare_metadata_process
- v3_windows_rare_metadata_user
- v3_windows_rare_user_runas_event
- v3_windows_rare_user_type10_remote_login
Updates the default legend size
Details
In the Lens visualization editor, the Auto default for Legend width has been deprecated. For more information, check #130336.
Impact
When you create Lens visualization, the default for the Legend width is now Medium.
Deprecates xpack.data_enhanced.*
Details
In kibana.yml, the xpack.data_enhanced.*
setting is deprecated. For more information, check #122075.
Impact
Use the data.*
configuration parameters instead.
Featuresedit
Kibana 8.3.0 adds the following new and notable features.
- Alerting
- Cases
- Dashboard
- Enables the new controls by default #131341
- Discover
- Elastic Security
- For the Elastic Security 8.3.0 release information, refer to Elastic Security Solution Release Notes.
- Fleet
- Changes to agent upgrade modal to allow for rolling upgrades #132421
- Lens & Visualizations
- Machine Learning
- Management
- Monitoring
- Adds the Stack monitoring health API #132705
- Observability
- Platform
-
Adds
xyVis
andlayeredXyVis
#128255 - Querying & Filtering
- Improves the current filter/search experience #128401
- Sharing
- Adds method to re-link visualizations with missing index-pattern #132336
For more information about the features introduced in 8.3.0, refer to What’s new in 8.3.