589f49f442
Co-authored-by: Tyler Smalley <tylersmalley@me.com> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
342 lines
13 KiB
Plaintext
342 lines
13 KiB
Plaintext
[[breaking-changes-8.0]]
|
|
== Breaking changes in 8.0
|
|
++++
|
|
<titleabbrev>8.0</titleabbrev>
|
|
++++
|
|
|
|
This section discusses the changes that you need to be aware of when migrating
|
|
your application to Kibana 8.0.
|
|
|
|
coming[8.0.0]
|
|
|
|
See also <<whats-new>> and <<release-notes>>.
|
|
|
|
* <<breaking_80_index_pattern_changes>>
|
|
* <<breaking_80_setting_changes>>
|
|
|
|
//NOTE: The notable-breaking-changes tagged regions are re-used in the
|
|
//Installation and Upgrade Guide
|
|
|
|
[float]
|
|
[[breaking_80_index_pattern_changes]]
|
|
=== Index pattern changes
|
|
|
|
[float]
|
|
==== Removed support for time-based internal index patterns
|
|
*Details:* Time-based interval index patterns were deprecated in 5.x. In 6.x,
|
|
you could no longer create time-based interval index patterns, but they continued
|
|
to function as expected. Support for these index patterns has been removed in 8.0.
|
|
|
|
*Impact:* You must migrate your time_based index patterns to a wildcard pattern,
|
|
for example, `logstash-*`.
|
|
|
|
|
|
[float]
|
|
[[breaking_80_setting_changes]]
|
|
=== Settings changes
|
|
|
|
// tag::notable-breaking-changes[]
|
|
[float]
|
|
==== Multitenancy by changing `kibana.index` is no longer supported
|
|
*Details:* `kibana.index`, `xpack.reporting.index` and `xpack.task_manager.index` can no longer be specified.
|
|
|
|
*Impact:* Users who relied on changing these settings to achieve multitenancy should use *Spaces*, cross-cluster replication, or cross-cluster search instead. To migrate to *Spaces*, users are encouraged to use saved object management to export their saved objects from a tenant into the default tenant in a space. Improvements are planned to improve on this workflow. See https://github.com/elastic/kibana/issues/82020 for more details.
|
|
|
|
[float]
|
|
==== Legacy browsers are now rejected by default
|
|
*Details:* `csp.strict` is now enabled by default, so Kibana will fail to load for older, legacy browsers that do not enforce basic Content Security Policy protections - notably Internet Explorer 11.
|
|
|
|
*Impact:* To allow Kibana to function for these legacy browsers, set `csp.strict: false`. Since this is about enforcing a security protocol, we *strongly discourage* disabling `csp.strict` unless it is critical that you support Internet Explorer 11.
|
|
|
|
[float]
|
|
==== Default logging timezone is now the system's timezone
|
|
*Details:* In prior releases the timezone used in logs defaulted to UTC. We now use the host machine's timezone by default.
|
|
|
|
*Impact:* To restore the previous behavior, in kibana.yml use the pattern layout, with a date modifier:
|
|
[source,yaml]
|
|
-------------------
|
|
logging:
|
|
appenders:
|
|
custom:
|
|
type: console
|
|
layout:
|
|
type: pattern
|
|
pattern: "%date{ISO8601_TZ}{UTC}"
|
|
-------------------
|
|
See https://github.com/elastic/kibana/pull/90368 for more details.
|
|
|
|
[float]
|
|
==== Responses are never logged by default
|
|
*Details:* Previously responses would be logged if either `logging.json` was true, `logging.dest` was specified, or a `TTY` was detected. With the new logging configuration, these are provided by a dedicated logger.
|
|
|
|
*Impact:* To restore the previous behavior, in `kibana.yml` enable `debug` for the `http.server.response` logger:
|
|
[source,yaml]
|
|
-------------------
|
|
logging:
|
|
appenders:
|
|
custom:
|
|
type: console
|
|
layout:
|
|
type: pattern
|
|
loggers:
|
|
- name: http.server.response
|
|
appenders: [custom]
|
|
level: debug
|
|
-------------------
|
|
See https://github.com/elastic/kibana/pull/87939 for more details.
|
|
|
|
[float]
|
|
==== Logging destination is specified by the appender
|
|
*Details:* Previously log destination would be `stdout` and could be changed to `file` using `logging.dest`. With the new logging configuration, you can specify the destination using appenders.
|
|
|
|
*Impact:* To restore the previous behavior and log records to *stdout*, in `kibana.yml` use an appender with `type: console`.
|
|
[source,yaml]
|
|
-------------------
|
|
logging:
|
|
appenders:
|
|
custom:
|
|
type: console
|
|
layout:
|
|
type: pattern
|
|
root:
|
|
appenders: [default, custom]
|
|
-------------------
|
|
|
|
To send logs to `file` with a given file path, you should define a custom appender with `type:file`:
|
|
[source,yaml]
|
|
-------------------
|
|
logging:
|
|
appenders:
|
|
file:
|
|
type: file
|
|
fileName: /var/log/kibana.log
|
|
layout:
|
|
type: pattern
|
|
root:
|
|
appenders: [default, file]
|
|
-------------------
|
|
|
|
[float]
|
|
==== Set log verbosity with root
|
|
*Details:* Previously logging output would be specified by `logging.silent` (none), `logging.quiet` (error messages only) and `logging.verbose` (all). With the new logging configuration, set the minimum required log level.
|
|
|
|
*Impact:* To restore the previous behavior, in `kibana.yml` specify `logging.root.level`:
|
|
[source,yaml]
|
|
-------------------
|
|
# suppress all logs
|
|
logging:
|
|
root:
|
|
level: off
|
|
-------------------
|
|
|
|
[source,yaml]
|
|
-------------------
|
|
# only log error messages
|
|
logging:
|
|
root:
|
|
level: error
|
|
-------------------
|
|
|
|
[source,yaml]
|
|
-------------------
|
|
# log all events
|
|
logging:
|
|
root:
|
|
level: all
|
|
-------------------
|
|
|
|
[float]
|
|
==== Declare log message format
|
|
*Details:* Previously all events would be logged in `json` format when `logging.json` was true. With the new logging configuration you can specify the output format with layouts. You can choose between `json` and pattern format depending on your needs.
|
|
|
|
*Impact:* To restore the previous behavior, in `kibana.yml` configure the logging format for each custom appender with the `appender.layout` property. There is no default for custom appenders and each one must be configured expilictly.
|
|
|
|
[source,yaml]
|
|
-------------------
|
|
logging:
|
|
appenders:
|
|
custom_console:
|
|
type: console
|
|
layout:
|
|
type: pattern
|
|
custom_json:
|
|
type: console
|
|
layout:
|
|
type: json
|
|
loggers:
|
|
- name: plugins.myPlugin
|
|
appenders: [custom_console]
|
|
root:
|
|
appenders: [default, custom_json]
|
|
level: warn
|
|
-------------------
|
|
|
|
[float]
|
|
==== Configure log rotation with the rolling-file appender
|
|
*Details:* Previously log rotation would be enabled when `logging.rotate.enabled` was true.
|
|
|
|
*Impact:* To restore the previous behavior, in `kibana.yml` use the `rolling-file` appender.
|
|
|
|
[source,yaml]
|
|
-------------------
|
|
logging:
|
|
appenders:
|
|
rolling-file:
|
|
type: rolling-file
|
|
fileName: /var/logs/kibana.log
|
|
policy:
|
|
type: size-limit
|
|
size: 50mb
|
|
strategy:
|
|
type: numeric
|
|
pattern: '-%i'
|
|
max: 2
|
|
layout:
|
|
type: pattern
|
|
loggers:
|
|
- name: plugins.myPlugin
|
|
appenders: [rolling-file]
|
|
-------------------
|
|
|
|
[float]
|
|
==== `xpack.security.authProviders` is no longer valid
|
|
*Details:* The deprecated `xpack.security.authProviders` setting in the `kibana.yml` file has been removed.
|
|
|
|
*Impact:* Use `xpack.security.authc.providers` instead.
|
|
|
|
[float]
|
|
==== `xpack.security.authc.providers` has changed value format
|
|
*Details:* `xpack.security.authc.providers` setting in the `kibana.yml` has changed value format.
|
|
|
|
*Impact:* Array of provider types as a value is no longer supported, use extended object format instead.
|
|
|
|
[float]
|
|
==== `xpack.security.authc.saml` is no longer valid
|
|
*Details:* The deprecated `xpack.security.authc.saml` setting in the `kibana.yml` file has been removed.
|
|
|
|
*Impact:* Configure SAML authentication providers using `xpack.security.authc.providers.saml.{provider unique name}.*` settings instead.
|
|
|
|
[float]
|
|
==== `xpack.security.authc.oidc` is no longer valid
|
|
*Details:* The deprecated `xpack.security.authc.oidc` setting in the `kibana.yml` file has been removed.
|
|
|
|
*Impact:* Configure OpenID Connect authentication providers using `xpack.security.authc.providers.oidc.{provider unique name}.*` settings instead.
|
|
|
|
[float]
|
|
==== `xpack.security.public` is no longer valid
|
|
*Details:* Previously Kibana was choosing the appropriate Elasticsearch SAML realm automatically using the `Assertion Consumer Service`
|
|
URL that it derived from the actual server address and `xpack.security.public` setting. Starting in 8.0.0, the deprecated `xpack.security.public` setting in the `kibana.yml` file has been removed and the Elasticsearch SAML realm name that Kibana will use should be specified explicitly.
|
|
|
|
*Impact:* Define `xpack.security.authc.providers.saml.{provider unique name}.realm` when using the SAML authentication providers instead.
|
|
|
|
[float]
|
|
==== `/api/security/v1/saml` endpoint is no longer supported
|
|
*Details:* The deprecated `/api/security/v1/saml` endpoint is no longer supported.
|
|
|
|
*Impact:* Rely on `/api/security/saml/callback` endpoint when using SAML instead. This change should be reflected in Elasticsearch and Identity Provider SAML settings.
|
|
|
|
[float]
|
|
==== `/api/security/v1/oidc` endpoint is no longer supported
|
|
*Details:* The deprecated `/api/security/v1/oidc` endpoint is no longer supported.
|
|
|
|
*Impact:* Rely on `/api/security/oidc/callback` endpoint when using OpenID Connect instead. This change should be reflected in Elasticsearch and OpenID Connect Provider settings.
|
|
|
|
[float]
|
|
==== `/api/security/v1/oidc` endpoint is no longer supported for Third Party initiated login
|
|
*Details:* The deprecated `/api/security/v1/oidc` endpoint is no longer supported for Third Party initiated login.
|
|
|
|
*Impact:* Rely on `/api/security/oidc/initiate_login` endpoint when using Third Party initiated OpenID Connect login instead. This change should be reflected in Elasticsearch and OpenID Connect Provider settings.
|
|
|
|
[float]
|
|
==== `/api/security/v1/oidc/implicit` endpoint is no longer supported
|
|
*Details:* The deprecated `/api/security/v1/oidc/implicit` endpoint is no longer supported.
|
|
|
|
*Impact:* Rely on `/api/security/oidc/implicit` endpoint when using OpenID Connect Implicit Flow instead. This change should be reflected in OpenID Connect Provider settings.
|
|
|
|
[float]
|
|
=== `optimize` directory is now in the `data` folder
|
|
*Details:* Generated bundles have moved to the configured `path.data` folder.
|
|
|
|
*Impact:* Any workflow that involved manually clearing generated bundles will have to be updated with the new path.
|
|
|
|
[float]
|
|
=== kibana.keystore has moved from the `data` folder to the `config` folder
|
|
*Details:* By default, kibana.keystore has moved from the configured `path.data` folder to `<root>/config` for archive distributions
|
|
and `/etc/kibana` for package distributions. If a pre-existing keystore exists in the data directory that path will continue to be used.
|
|
|
|
[float]
|
|
[[breaking_80_user_role_changes]]
|
|
=== User role changes
|
|
|
|
[float]
|
|
=== `kibana_user` role has been removed and `kibana_admin` has been added.
|
|
|
|
*Details:* The `kibana_user` role has been removed and `kibana_admin` has been added to better
|
|
reflect its intended use. This role continues to grant all access to every
|
|
{kib} feature. If you wish to restrict access to specific features, create
|
|
custom roles with {kibana-ref}/kibana-privileges.html[{kib} privileges].
|
|
|
|
*Impact:* Any users currently assigned the `kibana_user` role will need to
|
|
instead be assigned the `kibana_admin` role to maintain their current
|
|
access level.
|
|
|
|
[float]
|
|
=== `kibana_dashboard_only_user` role has been removed.
|
|
|
|
*Details:* The `kibana_dashboard_only_user` role has been removed.
|
|
If you wish to restrict access to just the Dashboard feature, create
|
|
custom roles with {kibana-ref}/kibana-privileges.html[{kib} privileges].
|
|
|
|
*Impact:* Any users currently assigned the `kibana_dashboard_only_user` role will need to be assigned a custom role which only grants access to the Dashboard feature.
|
|
|
|
Granting additional cluster or index privileges may enable certain
|
|
**Stack Monitoring** features.
|
|
|
|
[float]
|
|
[[breaking_80_reporting_changes]]
|
|
=== Reporting changes
|
|
|
|
[float]
|
|
==== Legacy job parameters are no longer supported
|
|
*Details:* POST URL snippets that were copied in Kibana 6.2 or earlier are no longer supported. These logs have
|
|
been deprecated with warnings that have been logged throughout 7.x. Please use Kibana UI to re-generate the
|
|
POST URL snippets if you depend on these for automated PDF reports.
|
|
|
|
[float]
|
|
=== Configurations starting with `xpack.telemetry` are no longer valid
|
|
|
|
*Details:*
|
|
The `xpack.` prefix has been removed for all telemetry configurations.
|
|
|
|
*Impact:*
|
|
For any configurations beginning with `xpack.telemetry`, remove the `xpack` prefix. Use {kibana-ref}/telemetry-settings-kbn.html#telemetry-general-settings[`telemetry.enabled`] instead.
|
|
|
|
[float]
|
|
=== SysV init support has been removed
|
|
|
|
*Details:*
|
|
All supported operating systems support using systemd service files. Any system that doesn't already have service aliased to use kibana.service should use `systemctl start kibana.service` instead of the `service start kibana`.
|
|
|
|
*Impact:*
|
|
Any installations using `.deb` or `.rpm` packages using SysV will need to migrate to systemd.
|
|
|
|
[float]
|
|
=== TLS v1.0 and v1.1 are disabled by default
|
|
|
|
*Details:*
|
|
Support can be re-enabled by setting `--tls-min-1.0` in the `node.options` config file that can be found inside `kibana/config` folder or any other configured with the environment variable `KBN_PATH_CONF` (for example in Debian based system would be `/etc/kibana`).
|
|
|
|
*Impact:*
|
|
Browser and proxy clients communicating over TLS v1.0 and v1.1.
|
|
|
|
[float]
|
|
=== Platform removed from root folder name for `.tar.gz` and `.zip` archives
|
|
|
|
*Details:*
|
|
The output directory after extracting an archive no longer includes the target platform. For example, `kibana-8.0.0-linux-aarch64.tar.gz` will produce a folder named `kibana-8.0.0`.
|
|
|
|
*Impact:*
|
|
Configuration management tools and automation will need to be updated to use the new directory.
|
|
|
|
// end::notable-breaking-changes[]
|