diff --git a/docs/CHANGELOG.asciidoc b/docs/CHANGELOG.asciidoc index 82291750a66f3..6bf74a4b87687 100644 --- a/docs/CHANGELOG.asciidoc +++ b/docs/CHANGELOG.asciidoc @@ -10,6 +10,7 @@ Review important information about the {kib} 8.x releases. +* <> * <> * <> * <> @@ -89,9 +90,281 @@ Review important information about the {kib} 8.x releases. include::upgrade-notes.asciidoc[] +[[release-notes-8.18.0]] +== {kib} 8.18.0 +coming::[8.18.0] + +Review the following information about the {kib} 8.18.0 release. +[float] +[[known-issues-8.18.0]] +=== Known issues + +// tag::known-issue-211850[] +.Upgrade Assistant - Rollup jobs need to be stopped before rollup indices are reindexed. +[%collapsible] +==== +*Details* + +Rollup indices, like all indices, created in 7.x or earlier need to be reindexed in preparation for migration to 9.0. However, in addition to the normal reindex process the rollup job also needs to be accounted for. It needs to be stopped before reindexing begins otherwise there may be a gap in rollup data. The job can be restarted when reindexing is complete. + +This needs to be performed manually until addressed in the upgrade assistant code. + +For more information, refer to https://github.com/elastic/kibana/issues/211850[#211850]. +==== +// end::known-issue-211850[] +[float] +[[breaking-changes-8.18.0]] +=== Breaking changes + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade to 8.18.0, review the breaking changes, then mitigate the impact to your application. + + +[discrete] +[[breaking-201100]] +.Added sub-feature privileges for managing Synthetics private locations. +[%collapsible] +==== +*Details* + +Permissions to manage private locations in the Synthetics app can now be granted with sub-feature privileges using the API or Kibana's role management UI. For more information, refer to ({kibana-pull}201100[#201100]). +==== + +[float] +[[deprecations-8.18.0]] +=== Deprecations + +The following functionality is deprecated in 8.18.0, and will be removed in 9.0.0. +Deprecated functionality does not have an immediate impact on your application, but we strongly recommend +you make the necessary updates after you upgrade to 8.18.0. + +[discrete] +.Deprecated all security v1 endpoints. +[%collapsible] +==== +*Details* + + +All `v1` Kibana security HTTP endpoints have been removed. + +- `GET /api/security/v1/logout` has been replaced by `GET /api/security/logout` +- `GET /api/security/v1/oidc/implicit` has been replaced by `GET /api/security/oidc/implicit` +- `GET /api/security/v1/oidc` has been replaced by GET `/api/security/oidc/callback` +- `POST /api/security/v1/oidc` has been replaced by POST `/api/security/oidc/initiate_login` +- `POST /api/security/v1/saml` has been replaced by POST `/api/security/saml/callback` +- `GET /api/security/v1/me` has been removed with no replacement. + +For more information, refer to {kibana-pull}199656[#199656]. + +*Impact* + +Any HTTP API calls to the `v1` Kibana security endpoints will fail with a 404 status code starting from version 9.0.0. +Third party OIDC and SAML identity providers configured with `v1` endpoints will no longer work. + +*Action* + +Update any OIDC and SAML identity providers to reference the corresponding replacement endpoint listed above. +Remove references to the `/api/security/v1/me` endpoint from any automations, applications, tooling, and scripts. +==== + + +[discrete] +[[deprecation-201625]] +.Deprecated Logs UI configuration settings. +[%collapsible] +==== +*Details* + +Legacy and unused configuration settings were deprecated for the Logs UI. For more information, refer to ({kibana-pull}201625[#201625]). +==== + +[float] +[[features-8.18.0]] +=== Features +{kib} 8.18.0 adds the following new and notable features. + +Dashboards & Visualizations:: +* ES|QL charts now allow the creation of controls in dashboards. You can control a part of the query such as a field, an interval or a value. +* Improves Dashboard layout engine ({kibana-pull}205341[#205341]). +* Adds the ability to rotate the X axis labels in *Lens* heatmaps ({kibana-pull}202143[#202143]). +Data ingestion and Fleet:: +* Adds next steps and actions to the agentless integrations flyout ({kibana-pull}203824[#203824]). +* Adds support for columns when exporting agents to CSV ({kibana-pull}203103[#203103]). +* Adds status tracking for agentless integrations ({kibana-pull}199567[#199567]). +ES|QL editor:: +* Adds support for `LOOKUP JOIN` commands ({kibana-pull}205762[#205762]). +Discover:: +* Adds in-table search ({kibana-pull}206454[#206454]). +* Renames Saved Search to Discover Session ({kibana-pull}202217[#202217]). +* Converts the KQL/Lucene query when switching from data view mode to ES|QL mode ({kibana-pull}206391[#206391]). +Elastic Observability solution:: +* Adds the ability to handle multiple prompts for the Rule connector ({kibana-pull}209221[#209221]). +* Adds chat history details to conversation list ({kibana-pull}207426[#207426]). +* Adds createdBy and updatedBy fields to summary documents ({kibana-pull}205784[#205784]). +* Adds space aware private locations ({kibana-pull}202634[#202634]). +* Adds **syncField**, **syncDelay** and **frequency** settings to the API and SLO UI to allow fine-tuning SLO settings directly from the UI. ({kibana-pull}200822[#200822]). +Elastic Security solution:: +For the Elastic Security 8.18.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. +Kibana security:: +* The Automatic Import functionality is now generally available ({kibana-pull}208523[#208523]). +Machine Learning:: +* Adds new View job detail flyouts for Anomaly detection and Data Frame Analytics ({kibana-pull}207141[#207141]). +* Adds simple flyout-based file upload to Search ({kibana-pull}206864[#206864]). +* Adds a new security module to detect anomalous activity in host-based logs ({kibana-pull}195582[#195582]). + +For more information about the features introduced in 8.18.0, refer to <>. + +[[enhancements-and-bug-fixes-v8.18.0]] +=== Enhancements and bug fixes + +For detailed information about the 8.18.0 release, review the enhancements and bug fixes. + +[float] +[[enhancement-v8.18.0]] +=== Enhancements +Alerting:: +* Allows pre-configured connectors to opt-in to exposing their config by setting `exposeConfig` ({kibana-pull}207654[#207654]). +* Adds new flyout to rule form library, responsive design and illustration to rule form page ({kibana-pull}206141[#206141]). +Cases:: +* Case templates are now generally available ({kibana-pull}205940[#205940]). +* ServiceNow connectors support the ability to send a JSON payload to ServiceNow using the "Additional fields" form field ({kibana-pull}201948[#201948]). +Dashboards & Visualizations:: +* Allows custom MVT sources to style the map layers and provide custom legend ({kibana-pull}200656[#200656]). +Data ingestion and Fleet:: +* Enables sub-feature privileges for Fleet ({kibana-pull}203182[#203182]). +Discover and ES|QL:: +* Removes redundant data fetching when hiding/showing the chart ({kibana-pull}206389[#206389]). +* Adds a default "All logs" temporary data view to the Observability Solution view ({kibana-pull}205991[#205991]). +* Adds an "All logs" temporary data view to the Classic solution view ({kibana-pull}209042[#209042]). +* Formats JSON messages in Observability Logs profile ({kibana-pull}205666[#205666]). +* Makes Copy action visible on cell hover ({kibana-pull}204744[#204744]). +* Adds support for custom formatters in charts ({kibana-pull}201540[#201540]). +* Refactors RowHeightSettings component to EUI layout ({kibana-pull}203606[#203606]). +* Highlights matching field values when performing a KQL search on a keyword field ({kibana-pull}201952[#201952]). +Elastic Observability solution:: +* Defaults to "native" function calling if the connector configuration is not exposed ({kibana-pull}210455[#210455]). +* Adds selector syntax support to the log source profile ({kibana-pull}206937[#206937]). +* Uses the full-page rule form to create rules in Observability ({kibana-pull}206774[#206774]). +* Displays stacktrace in the Logs overview tab ({kibana-pull}204521[#204521]). +* Adds ability to install a Knowledge Base from the AI Assistant settings ({kibana-pull}206408[#206408]). +* Improves tool choice handling in Observability AI Assistant client ({kibana-pull}203928[#203928]). +* Introduces cursor pagination in Find SLO API ({kibana-pull}203712[#203712]). +* Adds a flyout to the table view in Infrastructure Inventory ({kibana-pull}202646[#202646]). +Elastic Security solution:: +For the Elastic Security 8.18.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. +Kibana platform:: +* Ability to set the color mode of the UI to Dark, Light, or System, where System syncs the color mode to your system settings ({kibana-pull}203406[#203406]). +* The new space solution view is now available for on-prem users. This view allows solution-centric navigation similar to the Serverless offering. ({kibana-pull}203239[#203239]). +Kibana security:: +* Added support for human readable name attribute for saved objects audit events ({kibana-pull}206644[#206644]). +* Enables inference connector for Automatic Import ({kibana-pull}206111[#206111]). +* Creates Kibana Security session index only if the `kibana_security_session_1` index or the reindexed version does not exist. ({kibana-pull}204097[#204097]). +* Adds support for explicit indication of whether an endpoint is restricted to operator-only users at the route definition level. ({kibana-pull}196583[#196583]). +* Enhanced Role management to manage larger number of roles by adding server side filtering, pagination and querying ({kibana-pull}194630[#194630]). +Machine Learning:: +* Updates the `bucket_span` for ML jobs in the `security_host` module ({kibana-pull}209663[#209663]). +* Adds Spaces column to Anomaly Detection, Data Frame Analytics and Trained Models management pages ({kibana-pull}206696[#206696]). +* Consistent Layout and UI Enhancements for ML Pages ({kibana-pull}203813[#203813]). +* Syncs ML saved objects to all spaces ({kibana-pull}202175[#202175]). +* Adds action to add log rate analysis to a case ({kibana-pull}201549[#201549]). +Management:: +* Updates JSON schemas for code editors ({kibana-pull}207706[#207706]). +* Updates kNN search and query template autocompletion ({kibana-pull}207187[#207187]). +* Adds support for rawValue in URL labels ({kibana-pull}204192[#204192]). +* Allows boolean fields to be colored ({kibana-pull}203498[#203498]). +* Transforms: Improve messages for recovered alerts ({kibana-pull}205721[#205721]). +* Transforms: Improves validation for percentile aggregations ({kibana-pull}197816[#197816]). +Platform:: +* Log deprecated API usage ({kibana-pull}207904[#207904]). +* Adds a circuit breaker for the HTTP server ({kibana-pull}190684[#190684]). +* Adds description to saved object finder table if applicable ({kibana-pull}198816[#198816]). +* Better privilege checking for component index templates ({kibana-pull}202251[#202251]). + +[float] +[[fixes-v8.18.0]] +=== Bug fixes +Alerting:: +* Fixes alert mute/unmute action ({kibana-pull}204182[#204182]). +Dashboards & Visualizations:: +* Fixes the unnecessary inclusion of some *Lens* embeddable attributes in the serialized state. ({kibana-pull}210765[#210765]). +* Allows panel to extend past viewport on resize ({kibana-pull}208828[#208828]). +* Disables pointer events on drag and resize ({kibana-pull}208647[#208647]). +* Removes use of `fr` unit ({kibana-pull}208437[#208437]). +* Restores the "Show missing dataView" error message in case of missing data source in *Lens* ({kibana-pull}208363[#208363]). +* Makes drag preview absolute positioned ({kibana-pull}208247[#208247]). +* Improves help text of creator and view count features on dashboard listing page ({kibana-pull}202488[#202488]). +* Debounces time slider selections ({kibana-pull}201885[#201885]). +Data ingestion and Fleet:: +* Supports `is_default` on integration deployment modes ({kibana-pull}208284[#208284]). +* Fixes a UI error caused when an agent becomes orphan ({kibana-pull}207746[#207746]). +* Restricts non-local Elasticsearch output types for agentless integrations and policies ({kibana-pull}207296[#207296]). +* Fixes bulk actions timing out ({kibana-pull}205735[#205735]). +* Fixes generation of dynamic mapping for objects with specific subfields ({kibana-pull}204104[#204104]). +* Fixes logic to ensure that agents are only considered stuck in updating when an upgrade fails ({kibana-pull}202126[#202126]). +ES|QL editor:: +* Fixes WHERE autocomplete with MATCH before LIMIT ({kibana-pull}210607[#210607]). +* Makes WHERE replacement ranges correctly generated for every case ({kibana-pull}209684[#209684]). +* Fixes formatting and sorting for custom ES|QL variables ({kibana-pull}209360[#209360]). +* Applies the time range to the fields fetch in the editor ({kibana-pull}208490[#208490]). +* Fixes several query history issues ({kibana-pull}206418[#206418]). +* Allows the editor suggestions to be visible when the inline documentation flyout is open ({kibana-pull}206064[#206064]). +* Fixes editor cursor jumpiness ({kibana-pull}202389[#202389]). +Discover:: +* Keeps the histogram config on time change ({kibana-pull}208053[#208053]). +* Fixes CSV export with named parameters ({kibana-pull}206914[#206914]). +* Prevents redundant requests when loading Discover sessions and toggling chart visibility ({kibana-pull}206699[#206699]). +* Ensures the same time range is being used for documents and histogram in ES|QL mode ({kibana-pull}204694[#204694]). +* Fixes persisting URL state in session storage when in ES|QL mode ({kibana-pull}203865[#203865]). +Elastic Observability solution:: +* Passes system message to inferenceCliente.chatComplete ({kibana-pull}211263[#211263]). +* Fixes connector test in MKI ({kibana-pull}211235[#211235]). +* Adds knowledge base re-indexing when encountering `semantic_text` bug ({kibana-pull}210386[#210386]). +* Updates colors in the AI Assistant icon ({kibana-pull}210233[#210233]). +* Updates the simulate function calling setting to support "auto" ({kibana-pull}209628[#209628]). +* Fixes an issue where APM charts were rendered without required transaction type or service name, causing excessive alerts to appear ({kibana-pull}209552[#209552]). +* Fixes conversations test in MKI ({kibana-pull}208649[#208649]). +* Knowledge base installation updates ({kibana-pull}208250[#208250]). +* Returns an empty object for tool arguments if empty ({kibana-pull}207943[#207943]). +* Fixes Open Explore in Discover link in a new tab ({kibana-pull}207346[#207346]). +* Updating an SLO with non-breaking changes is considered a breaking change when the SLO is running on outdated resources ({kibana-pull}207090[#207090]). +* Fixes an error that occurs when using the Ollama model locally ({kibana-pull}206739[#206739]). +* Fixes editing prompt from contextual insights ({kibana-pull}206673[#206673]). +* Fixes logger on telemetry ({kibana-pull}204388[#204388]). +* Fixes _count guards against no valid sources ({kibana-pull}204224[#204224]). +* Switches to the latest CloudFormation template ({kibana-pull}204185[#204185]). +* Fixes alerts function ({kibana-pull}203695[#203695]). +* Updates required field from 'score' to 'scores' ({kibana-pull}203584[#203584]). +* Fixes the APM rule error message when a KQL filter is invalid ({kibana-pull}203096[#203096]). +* Fixes an issue where service names with spaces are not being encoded properly for {{context.viewInAppUrl}} ({kibana-pull}202890[#202890]). +* Fixes Actions on Charts ({kibana-pull}202443[#202443]). +* Mismatch between preview chart and rule execution regarding wildcards ({kibana-pull}201553[#201553]). +* Shows all alerts in Infrastructure views for consistency with entity inventory ({kibana-pull}202188[#202188]). +Elastic Security solution:: +For the Elastic Security 8.18.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. +Kibana platform:: +* Fixes dropdown label sync issue when sorting by "Type" ({kibana-pull}206424[#206424]). +* Consistent help dropdown UI ({kibana-pull}206280[#206280]). +* Fixes the error page for Workplace search ({kibana-pull}211011[#211011]). +* Integration tests for index storage adapter ({kibana-pull}205917[#205917]). +* Prevents disabled input change by password manager ({kibana-pull}204269[#204269]). +Kibana security:: +* Fixes missing ECS mappings ({kibana-pull}209057[#209057]). +* Fixes how Automatic Import generates accesses for the field names that are not valid Painless identifiers ({kibana-pull}205220[#205220]). +* Automatic Import now ensures that the field mapping contains the `@timestamp` field whenever possible ({kibana-pull}204931[#204931]). +* Fixes privileges display for features/sub-features that require all spaces ({kibana-pull}204402[#204402]). +* Uses provided data stream description in generated README ({kibana-pull}203236[#203236]). +* Uses Data stream name for `data_stream.dataset` value in input manifests ({kibana-pull}203106[#203106]). +* Removes `panelled` property that was covering the background image for Spaces Selector page ({kibana-pull}199981[#199981]). +* Fixes an issue where pressing Enter reloaded the Automatic Import ({kibana-pull}199894[#199894]). +Machine Learning:: +* Fixes Log rate analysis, change point detection, and pattern analysis embeddables not respecting filters from dashboard controls ({kibana-pull}210039[#210039]). +* Fixes notification table responsiveness ({kibana-pull}206956[#206956]). +* Fixes side bar navigation not highlighted for Data Visualizer and Data Drift ({kibana-pull}205170[#205170]). +* Data frame analytics: Updates Results Explorer flyout footer buttons alignment ({kibana-pull}204735[#204735]). +* Data frame analytics: Adds missing space between lines in delete job modal ({kibana-pull}204732[#204732]). +* Fixes inference timeout check in File Upload ({kibana-pull}204722[#204722]). +* Anomaly Detection: Datafeed counts job messages table responsiveness fix ({kibana-pull}204625[#204625]). +* Removes `ignore_throttled` from anomaly detection job results searches ({kibana-pull}203788[#203788]). +* Anomaly Explorer: Fixes handling of job group IDs when opening from dashboard panels ({kibana-pull}203224[#203224]). +* AiOps: Fixes Log Rate Analysis embeddable error on the Alerts page ({kibana-pull}203093[#203093]). +* Initializes saved objects on trained model page load ({kibana-pull}201426[#201426]). + [[release-notes-8.17.3]] == {kib} 8.17.3 - The 8.17.3 release includes the following bug fixes. [float] @@ -112,7 +385,6 @@ Sharing:: * Reinstates switch to support generating public URLs for Embed when supported ({kibana-pull}207383[#207383]). [[release-notes-8.17.2]] -== {kib} 8.17.2 The 8.17.2 release includes the following bug fixes. @@ -9456,4 +9728,4 @@ Use the `xpack.monitoring.clusterAlertsEmail` in kibana.yml. The 8.0.0-alpha1 release includes the following bug fix. Operations:: -* Moves systemd service to /usr/lib/systemd/system {kibana-pull}83571[#83571] \ No newline at end of file +* Moves systemd service to /usr/lib/systemd/system {kibana-pull}83571[#83571] diff --git a/docs/user/images/add-template-flyout.png b/docs/user/images/add-template-flyout.png new file mode 100644 index 0000000000000..c8e32990ab70d Binary files /dev/null and b/docs/user/images/add-template-flyout.png differ diff --git a/docs/user/images/ai-assistant-for-logs-discover.png b/docs/user/images/ai-assistant-for-logs-discover.png new file mode 100644 index 0000000000000..364baf5ace22f Binary files /dev/null and b/docs/user/images/ai-assistant-for-logs-discover.png differ diff --git a/docs/user/images/open-discover-session.png b/docs/user/images/open-discover-session.png new file mode 100644 index 0000000000000..b0372586baaaf Binary files /dev/null and b/docs/user/images/open-discover-session.png differ diff --git a/docs/user/whats-new.asciidoc b/docs/user/whats-new.asciidoc index cef332c019ffa..c5f9b82e14e06 100644 --- a/docs/user/whats-new.asciidoc +++ b/docs/user/whats-new.asciidoc @@ -1,93 +1,133 @@ [[whats-new]] -== What's new in 8.17 +== What's new in 8.18 -Here are the highlights of what's new and improved in 8.17. +Here are the highlights of what's new and improved in 8.18. For detailed information about this release, check the <>. -Previous versions: {kibana-ref-all}/8.16/whats-new.html[8.16] | {kibana-ref-all}/8.15/whats-new.html[8.15] | {kibana-ref-all}/8.14/whats-new.html[8.14] | {kibana-ref-all}/8.13/whats-new.html[8.13] | {kibana-ref-all}/8.12/whats-new.html[8.12] | {kibana-ref-all}/8.11/whats-new.html[8.11] | {kibana-ref-all}/8.10/whats-new.html[8.10] | {kibana-ref-all}/8.9/whats-new.html[8.9] | {kibana-ref-all}/8.8/whats-new.html[8.8] | {kibana-ref-all}/8.7/whats-new.html[8.7] | {kibana-ref-all}/8.6/whats-new.html[8.6] | {kibana-ref-all}/8.5/whats-new.html[8.5] | {kibana-ref-all}/8.4/whats-new.html[8.4] | {kibana-ref-all}/8.3/whats-new.html[8.3] | {kibana-ref-all}/8.2/whats-new.html[8.2] | {kibana-ref-all}/8.1/whats-new.html[8.1] | {kibana-ref-all}/8.0/whats-new.html[8.0] +Previous versions: {kibana-ref-all}/8.17/whats-new.html[8.17] | {kibana-ref-all}/8.16/whats-new.html[8.16] | {kibana-ref-all}/8.15/whats-new.html[8.15] | {kibana-ref-all}/8.14/whats-new.html[8.14] | {kibana-ref-all}/8.13/whats-new.html[8.13] | {kibana-ref-all}/8.12/whats-new.html[8.12] | {kibana-ref-all}/8.11/whats-new.html[8.11] | {kibana-ref-all}/8.10/whats-new.html[8.10] | {kibana-ref-all}/8.9/whats-new.html[8.9] | {kibana-ref-all}/8.8/whats-new.html[8.8] | {kibana-ref-all}/8.7/whats-new.html[8.7] | {kibana-ref-all}/8.6/whats-new.html[8.6] | {kibana-ref-all}/8.5/whats-new.html[8.5] | {kibana-ref-all}/8.4/whats-new.html[8.4] | {kibana-ref-all}/8.3/whats-new.html[8.3] | {kibana-ref-all}/8.2/whats-new.html[8.2] | {kibana-ref-all}/8.1/whats-new.html[8.1] | {kibana-ref-all}/8.0/whats-new.html[8.0] [discrete] === Discover and ES|QL [discrete] -==== Improving column reordering with draggable columns +==== In-table search and highlight -We’re excited to announce an enhancement to the Discover table. You can now reorder columns by simply dragging them directly in the data table header. This intuitive feature reduces the number of interactions required to adjust your column layout by eliminating the need to open the Columns popover for sorting. This enhancement saves users valuable time and improves overall usability, leading to smoother and more efficient data exploration. +This release introduces an in-table search feature that scans beyond what’s currently visible, making it easier to find logs, transaction IDs, and other records in large data sets. Inspired by your browser’s native search, this new box sits at the top of the Discover table and supports keyboard navigation for navigating through matches. It’s available across Kibana wherever the Discover table is embedded. -image::https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6fa3a9ee893e5603/67533de0e995a041b8dea1d9/dragging-columns-in-discover.gif[Dragging a column to adjust column layout in Discover] +image::https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt30bf5f8b9a45ab74/67c234a787966d9fbc994ce0/in-table-search-demo.gif[Using the in-table search and navigating through the matches] [discrete] -==== Starred ES|QL queries for quick access and reusability +==== Renaming Saved search to Discover session -With this release, you can bookmark your ES|QL queries directly from your query history by starring them. These starred queries are saved under a dedicated Starred tab, allowing you quick access to your most-used queries across {kib} – not just within Discover. You can reuse these queries in other areas of {kib}, such as the dashboard in-line editor and alerts. With the ability to manage up to 100 starred queries per user, you can sort them by timestamp and receive warnings as you approach the limit. +We’ve changed Saved search to Discover session for improved clarity and to better reflect Discover’s expanding capabilities. With this updated terminology, we’re setting the stage for more powerful data exploration with Discover. -image::https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdaffacc1de686bcc/67533eadb02aaf3aa84c8a3f/starred-esql-queries.gif[Running a starred query from the Starred tab in Discover] +image::images/open-discover-session.png[Open Discover session flyout, width=90%] [discrete] -=== Dashboards +==== Elastic AI Assistant for logs in Discover + +The Elastic AI Assistant is now available in the log details flyout in Discover, offering instant highlights for logs that match a logs profile and include a message field. With AI-driven context and prompts, you can diagnose issues and uncover opportunities faster, saving time and improving overall efficiency. + +image::images/ai-assistant-for-logs-discover.png[Elastic AI Assistant in the log details flyout, width=100%] [discrete] -==== Log Rate panels -You can now add Log Rate Analysis panels to your dashboards. Find them in the Logs analysis section alongside https://www.elastic.co/guide/en/kibana/8.16/whats-new.html#_log_pattern_analysis_dashboard_panels[Log Pattern Analysis panels] from 8.16. Find field-value pairs and log patterns that correlate with log spikes or dips across thousands of logs with just a few clicks, and move your analysis to Discover with ease. +==== Support for LOOKUP JOIN in the ES|QL editor -image::https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb69ebc37cbbaf5a8/6753413228d3fee1541b86ad/log-rate-panels.gif[Log Rate Analysis panel] +We’ve introduced support for the LOOKUP JOIN command to enable a smooth autocomplete experience and client-side validation. The editor now suggests lookup mode indices and join condition fields, letting you craft accurate ES|QL queries more quickly and keep your data exploration flowing. + +image::https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte43a30a93241d650/67c23670045f5839e5bfd1e4/lookup-join-demo.gif[Using the LOOKUP JOIN command to autocomplete an ES|QL query] [discrete] -==== Dashboard hover actions -We received feedback from users that the View and Edit modes in dashboards look too different, mainly because of the top bar in each panel that shows the panel menu. This bar created visual problems and changed the height of panels in Edit mode, especially when they didn’t have a title. +==== KQL and Lucene query translation into ES|QL + +Moving from Discover’s data view mode to ES|QL mode is now easier than ever. Your existing KQL or Lucene query is automatically carried over and translated into ES|QL, saving time and preserving context. This enhancement keeps you focused on uncovering insights instead of re-rentering queries. -We fixed the issue by removing this top bar and making panel information and actions appear on top of the panel when users hover over it. Now users can get the same look in both Edit and View modes and the most common actions are accessible without having to click on the panel menu. This change improves the look and usability of dashboards. +image::https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6e2ccb4a24507225/67c244de39a3cace2a10fccb/transition-to-esql-demo.gif[Query is copied over when switching to ES|QL] -image::images/before-after-hover-actions.png[Before and After view of dashboard panels, width=90%] +[discrete] +=== Dashboards [discrete] -==== Legacy visualization editors -Lens is the preferred visualization editor over TSVB and Aggregation-based since it already incorporates most features of the other two editors and is much easier to use. Offering three editors at this point makes the product more complex and calls for users to learn three different ways to visualize their data for no reason. +==== Dashboard ES|QL controls + +You can now bind controls to your ES|QL visualizations in dashboards. When creating a visualization, the ES|QL autocomplete will prompt control insertion for field values, field names, function configuration, and function names. This enables controls that only apply to a specific panel, and exposes visualization configuration such as date histogram interval controls to dashboard users. + +Check out the following examples: + +* Integrate filtering into your ES|QL experience + +[source,esql] +------------------- +| WHERE field == ?value +------------------- + +* Fields in controls for dynamic group by -However, we are aware that there are still a few features that Lens is missing, such as small multiples or the ability to insert data and change the CSS in a Markdown file. For this reason, TSVB and Aggregation-based editors are being marked as legacy for now to encourage shifting to Lens. We will continue supporting them for some time until all features are fully incorporated into Lens, but we recommend that you start using Lens if you can. If you have good reasons to keep using TSVB or Aggregation-based editors, please add a comment to this public https://github.com/elastic/kibana/issues/198136[Github issue]. +[source,esql] +------------------- +| STATS count=COUNT(*) BY ?field +------------------- -image::images/legacy-visualizations.png[New Legacy tab in the Create Visualization window] +* Variable time ranges? Bind function configuration settings to a control + +[source,esql] +------------------- +| BUCKET(@timestamp, ?interval), +------------------- + +* …or make the function itself dynamic + +[source,esql] +------------------- +| STATS metric = ?function +------------------- + +image::https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte42dfaa404bfc2d6/67d2e31e2e4dc59da190d78f/dashboard-esql-controls.gif[Editing ES|QL controls from a dashboard] [discrete] -==== Improving CSV download for tables -When exporting tables in CSV in the past, you may have encountered issues with incorrect formatting of the data, rows, and columns. These issues have now been addressed and your exported CSV file shows exactly what you see in {kib}. +==== Dashboard layout engine with improved performance and usability -image::images/csv-download-1.png[Exported CSV in the past] -_Exported CSV in the past_ +We’ve rebuilt the Dashboard layout engine for faster authoring and improved performance. The new engine makes resize events behave more predictably, allows drag-and-drop of panels above and below the visible part of the dashboard, and improves browser performance to create a more responsive experience. Read more about the engineering behind this engine in our https://www.elastic.co/search-labs/blog/kibana-dashboard-build-layout[blog post]. -image::images/csv-download-2.png[Exported CSV now, with formatting improvements] -_Exported CSV now_ +image::https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdefc1239170c7d95/67c239a724e52cd96fe6ed11/dashboard-layout-engine.gif[Dragging and dropping a dashboard panel below the visible part of the dashboard] +[discrete] +=== Managing {kib} and data -//[discrete] -//=== Alerting, cases, and connectors +[discrete] +==== File uploader enhancements +You can now access the file uploader via a flyout on the Search Overview page and Search Playground. This release also adds support for uploading multiple files with a single action. + +image::https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0957c51279df4bec/67c23ac28c6f4e7a59b7f3c6/file-uploader-enhancements-8.18.gif[Uploading multiple files with the file uploader] [discrete] === Alerting, cases, and connectors [discrete] -==== Alerting scalability improvements -The {kib} alerting framework delivers enhanced scalability to meet the demands of growing workloads and is available across all {ecloud} hosted deployments. These improvements will provide you with 10x the existing capacity to run task-manager tasks -- alerting rules, connector actions, etc. We are observing the following performance improvements on early adopters of the new {kib} alerting framework: +==== Case templates are Generally Available + +Case templates are now Generally Available. Case templates provide useful starting points for investigations in both Security and Observability. Add templates in Case Settings and leverage them as a starting point in any new case. -** 10x reduction in alerting task delays -** 2x increase in task execution throughput on average -** 50% fewer requests to Elasticsearch, resulting in lower overhead +image::images/add-template-flyout.png[The Add template flyout in Case Settings, width=90%] -These customers are now enjoying higher alerting capacity and faster response times without the need for any additional configuration or hardware. Furthermore, these improvements also bring in a new unparalleled scalability for our largest alerting customers, enabling deployments of up to 192 {kib} nodes running alerting rules. +[discrete] +==== Case observables -We are very excited to see how these enhancements empower your alerting strategies with faster, more efficient, and scalable performance. +Case observables enable structured data collection. You can now add common observables to any case out of the box and extend the types of observable case data to include custom options. [discrete] -==== Support for case file attachments through API actions -The latest enhancements to {kib} Cases introduce highly requested functionality for managing security incidents and workflows. You can now use the public API to attach files to cases to enrich them with supporting documentation, evidence, and other critical information. This improvement marks a significant enhancement in case management, providing incident response teams with greater flexibility to include all relevant details directly within their cases. +==== Certified for ServiceNow Xanadu release -Additionally, this release expands integration capabilities with third-party systems such as ServiceNow and Tines. You can now programmatically update cases through API calls from external platforms, streamlining workflows and fostering seamless collaboration across tools. These features make it easier to automate case updates and efficiently track complex security incidents in real time. For more details, check out the https://www.elastic.co/docs/api/doc/kibana/v8/operation/operation-createcasedefaultspace[API documentation]. +The Service Now connector is certified for the Xanadu release. [discrete] -==== Jira Connector now supports Jira Data Center -This release introduces support for Jira Data Center, expanding the existing integration capabilities previously available only for Jira Cloud instances. With this enhancement, organizations using on-premises Jira Data Center can now seamlessly integrate with {kib}, enabling more efficient workflows and streamlined incident management. +==== Assign users to a case -With this update, users can create and manage Jira issues directly from {kib}, regardless of their Jira deployment model. This expanded compatibility highlights our commitment to supporting diverse customer deployment setups and delivering enhanced functionality tailored to enterprise environments. +You can now enable a role to assign users to a case. + +[discrete] +==== Attach file API +You can now manage case attachments programmatically with new CRUD operations on the case attachments API. Check out the https://www.elastic.co/docs/api/doc/kibana/operation/operation-addcasefiledefaultspace[API documentation] to learn more. \ No newline at end of file