- Kibana Guide: other versions:
- What is Kibana?
- What’s new in 8.13
- Kibana concepts
- Quick start
- Set up
- Install Kibana
- Configure Kibana
- Alerting and action settings
- APM settings
- Banners settings
- Cases settings
- Enterprise Search settings
- Fleet settings
- i18n settings
- Logging settings
- Logs settings
- Metrics settings
- Monitoring settings
- Reporting settings
- Search sessions settings
- Secure settings
- Security settings
- Spaces settings
- Task Manager settings
- Telemetry settings
- URL drilldown settings
- Start and stop Kibana
- Access Kibana
- Securing access to Kibana
- Add data
- Upgrade Kibana
- Configure security
- Configure reporting
- Configure logging
- Configure monitoring
- Command line tools
- Production considerations
- Discover
- Dashboard and visualizations
- Canvas
- Maps
- Build a map to compare metrics by country or region
- Track, visualize, and alert on assets in real time
- Map custom regions with reverse geocoding
- Heat map layer
- Tile layer
- Vector layer
- Plot big data
- Search geographic data
- Configure map settings
- Connect to Elastic Maps Service
- Import geospatial data
- Troubleshoot
- Reporting and sharing
- Machine learning
- Graph
- Alerting
- Observability
- APM
- Set up
- Get started
- How-to guides
- Configure APM agents with central config
- Control access to APM data
- Create an alert
- Create custom links
- Filter data
- Find transaction latency and failure correlations
- Identify deployment details for APM agents
- Integrate with machine learning
- Exploring mobile sessions with Discover
- Viewing sessions with Discover
- Observe Lambda functions
- Query your data
- Storage Explorer
- Track deployments with annotations
- Users and privileges
- Settings
- REST API
- Troubleshooting
- Security
- Dev Tools
- Fleet
- Osquery
- Stack Monitoring
- Stack Management
- REST API
- Get features API
- Kibana spaces APIs
- Kibana role management APIs
- User session management APIs
- Saved objects APIs
- Data views API
- Get all data views
- Get data view
- Create data view
- Update data view
- Delete data view
- Swap references preview
- Swap references
- Get default data view
- Set default data view
- Update data view fields metadata
- Get runtime field
- Create runtime field
- Upsert runtime field
- Update runtime field
- Delete runtime field
- Index patterns APIs
- Alerting APIs
- Action and connector APIs
- Cases APIs
- Add comment
- Create case
- Delete cases
- Delete comments
- Find case activity
- Find cases
- Find connectors
- Get alerts
- Get case activity
- Get case
- Get case status
- Get cases by alert
- Get comments
- Get configuration
- Get reporters
- Get tags
- Push case
- Set configuration
- Update cases
- Update comment
- Update configuration
- Import and export dashboard APIs
- Logstash configuration management APIs
- Machine learning APIs
- Osquery manager API
- Short URLs APIs
- Get Task Manager health
- Upgrade assistant APIs
- Synthetics APIs
- Uptime APIs
- Kibana plugins
- Troubleshooting
- Accessibility
- Release notes
- Kibana 8.13.4
- Kibana 8.13.3
- Kibana 8.13.2
- Kibana 8.13.1
- Kibana 8.13.0
- Kibana 8.12.2
- Kibana 8.12.1
- Kibana 8.12.0
- Kibana 8.11.4
- Kibana 8.11.3
- Kibana 8.11.2
- Kibana 8.11.1
- Kibana 8.11.0
- Kibana 8.10.4
- Kibana 8.10.3
- Kibana 8.10.2
- Kibana 8.10.1
- Kibana 8.10.0
- Kibana 8.9.2
- Kibana 8.9.1
- Kibana 8.9.0
- Kibana 8.8.2
- Kibana 8.8.1
- Kibana 8.8.0
- Kibana 8.7.1
- Kibana 8.7.0
- Kibana 8.6.1
- Kibana 8.6.0
- Kibana 8.5.2
- Kibana 8.5.1
- Kibana 8.5.0
- Kibana 8.4.3
- Kibana 8.4.2
- Kibana 8.4.1
- Kibana 8.4.0
- Kibana 8.3.3
- Kibana 8.3.2
- Kibana 8.3.1
- Kibana 8.3.0
- Kibana 8.2.3
- Kibana 8.2.2
- Kibana 8.2.1
- Kibana 8.2.0
- Kibana 8.1.3
- Kibana 8.1.2
- Kibana 8.1.1
- Kibana 8.1.0
- Kibana 8.0.0
- Kibana 8.0.0-rc2
- Kibana 8.0.0-rc1
- Kibana 8.0.0-beta1
- Kibana 8.0.0-alpha2
- Kibana 8.0.0-alpha1
- Developer guide
Kibana 8.10.0
editKibana 8.10.0
editKibana 8.10.0 has been withdrawn.
For information about the Kibana 8.10.0 release, review the following information.
Known issues
editErrors appear when loading Observability Infrastructure inventory views after upgrading to version 8.10.0 or higher.
Details
After upgrading to version 8.10.0 or higher, you may encounter errors when loading inventory views.
For more information, refer to #187254.
Workaround
You can mitigate the issue by completing the following steps:
-
Search the
.kibana_*
index fortype: inventory_view
. -
Copy the
_id
field, which will be formatted asinventory-view:<id>
. For example,inventory-view:3d3d06b0-f873-4373-8446-f6a8341cd8b1
. Omit theinventory-view:
portion and copy only the string of_id
characters. -
The offending documents are those with fields
inventory-view.legend.steps
> 18. Delete these documents by running the following in Console:
DELETE kbn:/api/infra/inventory-views/<id>
Security updates
edit-
An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the
%meta
pattern.The issue is resolved in Kibana 8.10.1. Version 8.10.0 has been removed from our download sites.
For more information, see our related security announcement.
Breaking changes
editBreaking changes can prevent your application from optimal operation and performance. Before you upgrade to 8.10.0, review the breaking changes, then mitigate the impact to your application.
New summary search capabilities cause existing SLOs to stop working
Details
New summary search capabilities introduce breaking changes in various places, and we have decided not to handle backward compatibility:
- SLO find API body parameters have changed.
- The index mapping used by the rollup data has changed, and we have added a summary index that becomes the new source of truth for search.
- The rollup transforms have been updated, but existing SLO with their transforms won’t be updated.
If some SLOs have been installed in a prior version at 8.10, they won’t work after migrating to 8.10. There are two approaches to handle this breaking change. The recommended route is to delete all SLOs before migrating to 8.10. The alternative is to migrate to 8.10 and manually remove the SLOs.
Removing SLOs before migrating to 8.10
Use the SLO UI or the SLO delete API to delete all existing SLOs. This takes care of the Saved Object, Transform and rollup data. When all SLOs have been deleted, then delete the residual rollup indices: .slo-observability.sli-v1*
. Note that this is v1.
Removing SLOs after migrating to 8.10
After migrating to 8.10, the previously created SLOs won’t appear in the UI because the API is using a new index. The previously created SLOs still exist, and associated transforms are still rolling up data into the previous index .slo-observability.sli-v1*
. The SLO delete API can’t be used now, so remove the resources resources manually:
-
Find all existing transforms All SLO related transforms start with the
slo-
prefix, this request returns them all:GET _transform/slo-*
Make a note of all the transforms IDs for later.
-
Stop all transforms
POST _transform/slo-*/_stop?force=true
-
Remove all transforms
From the list of transforms returned during the first step, now delete them one by one:
DELETE _transform/{transform_id}?force=true
-
Find the SLO saved objects
This request lists all the SLO saved objects. The SLO IDs and the saved object IDs are not the same.
GET kbn:/api/saved_objects/_find?type=slo
Make a note of all the saved object IDs from the response.
-
Remove the SLO saved objects
For each saved object ID, run the following:
DELETE kbn:/api/saved_objects/slo/{Saved_Object_Id}
-
Delete the rollup indices v1
Note that this is v1.
DELETE .slo-observability.sli-v1*
Get case metrics APIs now internal
Details
The get case metrics APIs are now internal. For more information, refer to (#162506).
Case limits
Details
Limits are now imposed on the number of objects cases can process or the amount of data those objects can store.
For the full list, refer to #146945.
addProcessorDefinition
is removed
Details
The function addProcessorDefinition
is removed from the Console plugin start contract (server side). For more information, refer to (#159041).
Deprecations
editThe following functionality is deprecated in 8.10.0, and will be removed in 9.0.0. Deprecated functionality does not have an immediate impact on your application, but we strongly recommend you make the necessary updates after you upgrade to 8.10.0.
Action variables in the UI and in tests that were no longer used have been replaced
Details
The following rule action variables have been deprecated; use the recommended variables (in parentheses) instead:
- alertActionGroup (alert.actionGroup)
- alertActionGroupName (alert.actionGroupName)
- alertActionSubgroup (alert.actionSubgroup)
- alertId (rule.id)
- alertInstanceId (alert.id)
- alertName (rule.name)
- params (rule.params)
- spaceId (rule.spaceId)
- tags (rule.tags)
For more information, refer to (#161136).
Features
editKibana 8.10.0 adds the following new and notable features.
- Alerting
- APM
-
- Adds KQL filtering in APM rules (#163825).
- Make service group saved objects exportable (#163569).
- Added ability to manage cross-cluster API keys (#162363).
- Enable Trace Explorer by default (#162308).
- Adds error.grouping_name to group alerts in Error Count rule (#161810).
- Adds query to check for overflow bucket in service groups (#159990).
- Elastic Security
- For the Elastic Security 8.10.0 release information, refer to Elastic Security Solution Release Notes.
- Enterprise Search
- For the Elastic Enterprise Search 8.10.0 release information, refer to Elastic Enterprise Search Documentation Release notes.
- Fleet
- Machine Learning
-
- AIOps: Adds/edits change point charts embeddable from the Dashboard app (#163694).
- AIOps: Adds change point detection charts embeddable (#162796).
- Adds ability to deploy trained models for data frame analytics jobs (#162537).
- Adds map view for models in Trained Models and expands support for models in Analytics map (#162443).
- Adds new Data comparison view (#161365).
- Management
- Maps
-
- Maps tracks layer now uses group by time series logic (#159267).
- Observability
-
- SLO definition and computed values are now summarized periodically into a summary search index, allowing users to search by name, tags, SLO budgeting type or time window, and even by and sort by error budget consumed, error budget remaining, SLI value or status (#162665).
- Adds indicator to support histogram fields (#161582).
For more information about the features introduced in 8.10.0, refer to What’s new in 8.10.