diff --git a/.github/workflows/comment-on-asciidoc-changes.yml b/.github/workflows/comment-on-asciidoc-changes.yml deleted file mode 100644 index 8e5f836b1..000000000 --- a/.github/workflows/comment-on-asciidoc-changes.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -name: Comment on PR for .asciidoc changes - -on: - # We need to use pull_request_target to be able to comment on PRs from forks - pull_request_target: - types: - - synchronize - - opened - - reopened - branches: - - main - - master - - "9.0" - -jobs: - comment-on-asciidoc-change: - permissions: - contents: read - pull-requests: write - uses: elastic/docs-builder/.github/workflows/comment-on-asciidoc-changes.yml@main diff --git a/.mergify.yml b/.mergify.yml index f886533dd..12deb49a4 100644 --- a/.mergify.yml +++ b/.mergify.yml @@ -31,7 +31,7 @@ pull_request_rules: - name: backport patches to 8.x branch conditions: - merged - - base=main + - base=9.0 - label=backport-8.x actions: backport: @@ -42,10 +42,24 @@ pull_request_rules: title: "[{{ destination_branch }}] {{ title }} (backport #{{ number }})" labels: - backport + - name: backport patches to 8.18 branch + conditions: + - merged + - base=9.0 + - label=backport-8.18 + actions: + backport: + assignees: + - "{{ author }}" + branches: + - "8.18" + title: "[{{ destination_branch }}] {{ title }} (backport #{{ number }})" + labels: + - backport - name: backport patches to 8.17 branch conditions: - merged - - base=main + - base=9.0 - label=backport-8.17 actions: backport: @@ -59,7 +73,7 @@ pull_request_rules: - name: backport patches to 8.16 branch conditions: - merged - - base=main + - base=9.0 - label=backport-8.16 actions: backport: @@ -73,7 +87,7 @@ pull_request_rules: - name: backport patches to 8.15 branch conditions: - merged - - base=main + - base=9.0 - label=backport-8.15 actions: backport: @@ -87,7 +101,7 @@ pull_request_rules: - name: backport patches to 8.14 branch conditions: - merged - - base=main + - base=9.0 - label=backport-8.14 actions: backport: @@ -101,7 +115,7 @@ pull_request_rules: - name: backport patches to 8.13 branch conditions: - merged - - base=main + - base=9.0 - label=backport-8.13 actions: backport: @@ -115,7 +129,7 @@ pull_request_rules: - name: backport patches to 8.12 branch conditions: - merged - - base=main + - base=9.0 - label=backport-8.12 actions: backport: @@ -129,7 +143,7 @@ pull_request_rules: - name: backport patches to 8.11 branch conditions: - merged - - base=main + - base=9.0 - label=backport-8.11 actions: backport: @@ -143,7 +157,7 @@ pull_request_rules: - name: backport patches to 8.10 branch conditions: - merged - - base=main + - base=9.0 - label=backport-8.10 actions: backport: @@ -157,7 +171,7 @@ pull_request_rules: - name: backport patches to 8.9 branch conditions: - merged - - base=main + - base=9.0 - label=backport-8.9 actions: backport: @@ -171,7 +185,7 @@ pull_request_rules: - name: backport patches to 8.8 branch conditions: - merged - - base=main + - base=9.0 - label=backport-8.8 actions: backport: @@ -185,7 +199,7 @@ pull_request_rules: - name: backport patches to 8.7 branch conditions: - merged - - base=main + - base=9.0 - label=backport-8.7 actions: backport: @@ -199,7 +213,7 @@ pull_request_rules: - name: backport patches to 8.6 branch conditions: - merged - - base=main + - base=9.0 - label=backport-8.6 actions: backport: @@ -213,7 +227,7 @@ pull_request_rules: - name: backport patches to 8.5 branch conditions: - merged - - base=main + - base=9.0 - label=backport-8.5 actions: backport: @@ -227,7 +241,7 @@ pull_request_rules: - name: backport patches to 8.4 branch conditions: - merged - - base=main + - base=9.0 - label=backport-8.4 actions: backport: @@ -241,7 +255,7 @@ pull_request_rules: - name: backport patches to 8.3 branch conditions: - merged - - base=main + - base=9.0 - label=backport-8.3 actions: backport: @@ -255,7 +269,7 @@ pull_request_rules: - name: backport patches to 8.2 branch conditions: - merged - - base=main + - base=9.0 - label=backport-8.2 actions: backport: @@ -269,7 +283,7 @@ pull_request_rules: - name: backport patches to 8.1 branch conditions: - merged - - base=main + - base=9.0 - label=backport-8.1 actions: backport: @@ -283,7 +297,7 @@ pull_request_rules: - name: backport patches to 8.0 branch conditions: - merged - - base=main + - base=9.0 - label=backport-8.0 actions: backport: @@ -297,7 +311,7 @@ pull_request_rules: - name: backport patches to 7.17 branch conditions: - merged - - base=main + - base=9.0 - label=backport-7.17 actions: backport: @@ -311,7 +325,7 @@ pull_request_rules: - name: notify the backport policy conditions: - -label~=^backport - - base=main + - base=9.0 actions: comment: message: | diff --git a/docs/en/install-upgrade/breaking.asciidoc b/docs/en/install-upgrade/breaking.asciidoc index d8a82e4c0..1e5456129 100644 --- a/docs/en/install-upgrade/breaking.asciidoc +++ b/docs/en/install-upgrade/breaking.asciidoc @@ -5,14 +5,14 @@ Before you upgrade, you must review the breaking changes for each product you use and make the necessary changes so your code is compatible with {version}. // tag::breaking-changes-links[] -** {apm-guide-ref}/apm-breaking.html[APM breaking changes] -** {beats-ref}/breaking-changes.html[{beats} breaking changes] -** {ref}/breaking-changes.html[{es} migration guide] -** {security-guide}/release-notes.html[{elastic-sec} release notes] -** {enterprise-search-ref}/changelog.html[{ents} release notes] -** {fleet-guide}/release-notes.html[{fleet} and {agent} release notes] -** {kibana-ref}/release-notes.html[{kib} release notes] -** {logstash-ref}/breaking-changes.html[{ls} breaking changes] +// ** {apm-guide-ref}/apm-breaking.html[APM breaking changes] +// ** {beats-ref}/breaking-changes.html[{beats} breaking changes] +** <> +** <> +// ** {enterprise-search-ref}/changelog.html[{ents} release notes] +// ** {fleet-guide}/release-notes.html[{fleet} and {agent} release notes] +** <> +** <> // end::breaking-changes-links[] // tag::breaking-changes-admon[] diff --git a/docs/en/install-upgrade/index.asciidoc b/docs/en/install-upgrade/index.asciidoc index 962c0f702..b2cf3dfad 100644 --- a/docs/en/install-upgrade/index.asciidoc +++ b/docs/en/install-upgrade/index.asciidoc @@ -1,15 +1,6 @@ [[elastic-stack]] = Elastic Installation and Upgrade Guide -:apm-repo-dir: {apm-server-root}/docs -:beats-repo-dir: {beats-root}/libbeat/docs -:es-repo-dir: {elasticsearch-root}/docs/reference -:hadoop-repo-dir: {elasticsearch-hadoop-root}/docs/src/reference/asciidoc -:security-repo-dir: {security-docs-root}/docs -:kib-repo-dir: {kibana-root}/docs -:ls-repo-dir: {logstash-root}/docs -:obs-repo-dir: {observability-docs-root}/docs/en/observability - include::{docs-root}/shared/versions/stack/{source_branch}.asciidoc[] include::{docs-root}/shared/attributes.asciidoc[] @@ -23,10 +14,36 @@ include::installing-stack-demo-secure.asciidoc[] include::air-gapped-install.asciidoc[] +include::serverless-changelog.asciidoc[] + +include::breaking.asciidoc[] + +include::release-notes/release-notes.asciidoc[leveloffset=+1] + +include::release-notes/release-notes-beats.asciidoc[leveloffset=+2] + +include::release-notes/release-notes-security.asciidoc[leveloffset=+2] + +include::release-notes/release-notes-elasticsearch.asciidoc[leveloffset=+2] + +include::release-notes/release-notes-fleet-agent.asciidoc[leveloffset=+2] + +include::release-notes/release-notes-kibana.asciidoc[leveloffset=+2] + +include::release-notes/release-notes-logstash.asciidoc[leveloffset=+2] + include::upgrading-stack.asciidoc[] +include::upgrade-orchestrator.asciidoc[] + +include::upgrade-deployment-cluster.asciidoc[] + include::upgrading-stack-cloud.asciidoc[] +include::upgrade-on-ece.asciidoc[] + +include::upgrade-on-eck.asciidoc[] + include::upgrading-stack-on-prem.asciidoc[] include::upgrading-elasticsearch.asciidoc[] @@ -41,6 +58,4 @@ include::upgrading-kibana.asciidoc[] // include::upgrading-agent.asciidoc[] -include::breaking.asciidoc[] - include::redirects.asciidoc[] diff --git a/docs/en/install-upgrade/release-notes/release-notes-beats-beta1.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-beats-beta1.asciidoc new file mode 100644 index 000000000..4a536a288 --- /dev/null +++ b/docs/en/install-upgrade/release-notes/release-notes-beats-beta1.asciidoc @@ -0,0 +1,114 @@ +// Use these for links to issue and pulls. Note issues and pulls redirect one to +// each other on Github, so don't worry too much on using the right prefix. +:issue: https://github.com/elastic/beats/issues/ +:pull: https://github.com/elastic/beats/pull/ + += Beats version 9.0.0-beta1 + +https://github.com/elastic/beats/compare/v8.17.2\...v9.0.0-beta1[View commits] + +== Breaking changes + +*Affecting all Beats* + +- Set default Kafka version to 2.1.0 in Kafka output and Filebeat. {pull}41662[41662] +- Replace default Ubuntu-based images with UBI-minimal-based ones. {pull}42150[42150] +- removed support for a single `-` to precede multi-letter command line arguments. Use `--` instead. {issue}42117[42117] {pull}42209[42209] + +*Filebeat* + +- Filebeat fails to start if there is any input with a duplicated ID. It logs the duplicated IDs and the offending inputs configurations. {pull}41731[41731] +- Filestream inputs with duplicated IDs will fail to start. An error is logged showing the ID and the full input configuration. {issue}41938[41938] {pull}41954[41954] +- Filestream inputs can define `allow_deprecated_id_duplication: true` to run keep the previous behaviour of running inputs with duplicated IDs. {issue}41938[41938] {pull}41954[41954] +- The Filestream input only starts to ingest a file when it is >= 1024 bytes in size. This happens because the fingerprint is the default file identity now. To restore the previous behaviour, set `file_identity.native: ~` and `prospector.scanner.fingerprint.enabled: false`. {issue}40197[40197] {pull}41762[41762] +- Filebeat fails to start when its configuration contains usage of the deprecated `log` or `container` inputs. However, they can still be used when `allow_deprecated_use: true` is set in their configuration. {pull}42295[42295] + +*Osquerybeat* + +- Upgrade osquery version to 5.13.1. {pull}40849[40849] + +*Packetbeat* + +- Use base-16 for reporting `serial_number` value in TLS fields in line with the ECS recommendation. {pull}41542[41542] + +*Winlogbeat* + +- Default to use raw API and delete older XML implementation. {pull}42275[42275] + +== Bug fixes + +*Auditbeat* + +- hasher: Add a cached hasher for upcoming backend. {pull}41952[41952] +- Split common tty definitions. {pull}42004[42004] + +*Filebeat* + +- Redact authorization headers in HTTPJSON debug logs. {pull}41920[41920] +- Further rate limiting fix in the Okta provider of the Entity Analytics input. {issue}40106[40106] {pull}41977[41977] +- The `_id` generation process for S3 events has been updated to incorporate the LastModified field. This enhancement ensures that the `_id` is unique. {pull}42078[42078] +- Fix truncation of bodies in request tracing by limiting bodies to 10% of the maximum file size. {pull}42327[42327] +- [Journald] Fixes handling of `journalctl` restart. A known symptom was broken multiline messages when there was a restart of journalctl while aggregating the lines. {issue}41331[41331] {pull}42595[42595] + +*Metricbeat* + +- Fix bug where Metricbeat unintentionally triggers Windows ASR. {pull}42177[42177] +- Remove `hostname` field from ZooKeeper's `mntr` data stream. {pull}41887[41887] + +*Packetbeat* + +- Properly marshal nested structs in ECS fields, fixing issues with mixed cases in field names. {pull}42116[42116] + +== Added + +*Auditbeat* + +- Improve logging in system/socket. {pull}41571[41571] + +*Filebeat* + +- Added out of the box support for Amazon EventBridge notifications over SQS to S3 input. {pull}40006[40006] +- Update CEL mito extensions to v1.16.0. {pull}41727[41727] +- Filebeat's registry is now added to the Elastic-Agent diagnostics bundle. {issue}33238[33238] {pull}41795[41795] +- Add `unifiedlogs` input for MacOS. {pull}41791[41791] +- Add evaluation state dump debugging option to CEL input. {pull}41335[41335] +- Rate limiting operability improvements in the Okta provider of the Entity Analytics input. {issue}40106[40106] {pull}41977[41977] +- Rate limiting fault tolerance improvements in the Okta provider of the Entity Analytics input. {issue}40106[40106] {pull}42094[42094] +- Introduce ignore older and start timestamp filters for AWS S3 input. {pull}41804[41804] +- Journald input now can report its status to Elastic-Agent. {issue}39791[39791] {pull}42462[42462] +- Publish events progressively in the Okta provider of the Entity Analytics input. {issue}40106[40106] {pull}42567[42567] +- Journald `include_matches.match` now accepts `+` to represent a logical disjunction (OR). {issue}40185[40185] {pull}42517[42517] +- The journald input is now generally available. {pull}42107[42107] + +*Heartbeat* + +- Add support for RFC7231 methods to HTTP monitors. {pull}41975[41975] + +*Metricbeat* + +- Add `use_kubeadm` config option in kubernetes module in order to toggle kubeadm-config API requests. {pull}40086[40086] +- Preserve queries for debugging when `merge_results: true` in SQL module. {pull}42271[42271] +- Collect more fields from ES node/stats metrics and only those that are necessary. {pull}42421[42421] + +*Metricbeat* +- Add benchmark module. {pull}41801[41801] + +*Osquerybeat* + +- Increase maximum query timeout to 24 hours. {pull}42356[42356] + +*Winlogbeat* + +- Properly set events `UserData` when experimental API is used. {pull}41525[41525] +- Include XML is respected for experimental API. {pull}41525[41525] +- Forwarded events use renderedtext info for experimental API. {pull}41525[41525] +- Language setting is respected for experimental API. {pull}41525[41525] +- Language setting also added to decode XML wineventlog processor. {pull}41525[41525] +- Format embedded messages in the experimental API. {pull}41525[41525] +- Make the experimental API GA and rename it to winlogbeat-raw. {issue}39580[39580] {pull}41770[41770] +- Remove 22 clause limitation. {issue}35047[35047] {pull}42187[42187] +- Add handling for recoverable publisher disabled errors. {issue}35316[35316] {pull}42187[42187] + +*Functionbeat* + +- Remove Functionbeat binaries from CI pipelines. {issue}40745[40745] {pull}41506[41506] diff --git a/docs/en/install-upgrade/release-notes/release-notes-beats-rc1.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-beats-rc1.asciidoc new file mode 100644 index 000000000..56bdf253c --- /dev/null +++ b/docs/en/install-upgrade/release-notes/release-notes-beats-rc1.asciidoc @@ -0,0 +1,56 @@ +// Use these for links to issue and pulls. Note issues and pulls redirect one to +// each other on Github, so don't worry too much on using the right prefix. +:issue: https://github.com/elastic/beats/issues/ +:pull: https://github.com/elastic/beats/pull/ + +[[release-notes-9.0.0-rc1]] +=== Beats version 9.0.0-rc1 +https://github.com/elastic/beats/compare/v9.0.0-beta1\...v9.0.0-rc1[View commits] + +==== Breaking changes + +*Affecting all Beats* + +- The Beats logger and file output rotate files when necessary. The beat now forces a file rotation when unexpectedly writing to a file through a symbolic link. + +*Metricbeat* + +- Remove kibana.settings metricset since the API was removed in 8.0. {issue}30592[30592] {pull}42937[42937] +- Removed support for the Enterprise Search module. {pull}42915[42915] + +==== Bugfixes + +*Filebeat* + +- Fixed race conditions in the global ratelimit processor that could drop events or apply rate limiting incorrectly. {pull}42966[42966] +- Prevent computer details being returned for user queries by Activedirectory Entity Analytics provider. {issue}11818[11818] {pull}42796[42796] +- Handle unexpectedEOF error in aws-s3 input and enforce retrying using download failed error. {pull}42420[42756] +- Prevent azureblobstorage input from logging key details during blob fetch operations. {pull}43169[43169] + +*Metricbeat* + +- Add AWS OwningAccount support for cross account monitoring. {issue}40570[40570] {pull}40691[40691] +- Fix logging argument number mismatch in Metricbeat(Redis). {pull}43072[43072] + +*Winlogbeat* + +- Reset EventLog if error EOF is encountered. {pull}42826[42826] +- Implement backoff on error retrial. {pull}42826[42826] +- Fix boolean key in security pipelines and sync pipelines with integration. {pull}43027[43027] + +==== Added + +*Affecting all Beats* + +- Update Go version to 1.24.0. {pull}42705[42705] + +*Filebeat* + +- Add `etw` input fallback to attach an already existing session. {pull}42847[42847] +- Update CEL mito extensions to v1.17.0. {pull}42851[42851] +- Winlog input now can report its status to Elastic-Agent. {pull}43089[43089] +- Add configuration option to limit HTTP Endpoint body size. {pull}43171[43171] + +*Metricbeat* + +- Add a new `match_by_parent_instance` option to `perfmon` module. {pull}43002[43002] diff --git a/docs/en/install-upgrade/release-notes/release-notes-beats.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-beats.asciidoc new file mode 100644 index 000000000..65e039106 --- /dev/null +++ b/docs/en/install-upgrade/release-notes/release-notes-beats.asciidoc @@ -0,0 +1,13 @@ +// Use these for links to issue and pulls. Note issues and pulls redirect one to +// each other on Github, so don't worry too much on using the right prefix. +:issue: https://github.com/elastic/beats/issues/ +:pull: https://github.com/elastic/beats/pull/ + +[[release-notes-beats-9.0.0]] += Beats release notes +++++ +Beats +++++ + +include::release-notes-beats-rc1.asciidoc[leveloffset=-1] +include::release-notes-beats-beta1.asciidoc[leveloffset=+1] \ No newline at end of file diff --git a/docs/en/install-upgrade/release-notes/release-notes-elasticsearch-beta1.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-elasticsearch-beta1.asciidoc new file mode 100644 index 000000000..b422d8d8d --- /dev/null +++ b/docs/en/install-upgrade/release-notes/release-notes-elasticsearch-beta1.asciidoc @@ -0,0 +1,1156 @@ += {es} version 9.0.0-beta1 + +[discrete] +[[breaking-changes-9.0-beta1]] +== Breaking changes + +The following changes in {es} 9.0 might affect your applications +and prevent them from operating normally. +Before upgrading to 9.0, review these changes and take the described steps +to mitigate the impact. + +[discrete] +[[breaking_90_aggregations_changes]] +=== Aggregations changes + +[[remove_date_histogram_boolean_support]] +.Remove date histogram boolean support +[%collapsible] +==== +*Details* + +Elasticsearch no longer allows running Date Histogram aggregations over boolean fields. Instead, use Terms aggregation for boolean fields. + +*Impact* + +We expect the impact to be minimal, as this never produced good results, and has been deprecated for years. +==== + +[discrete] +[[breaking_90_analysis_changes]] +=== Analysis changes + +[[snowball_stemmers_have_been_upgraded]] +.Snowball stemmers have been upgraded +[%collapsible] +==== +*Details* + +Lucene 10 ships with an upgrade of its Snowball stemmers. For details see https://github.com/apache/lucene/issues/13209. Users using Snowball stemmers that are experiencing changes in search behaviour on existing data are advised to reindex. + +*Impact* + +The upgrade should generally provide improved stemming results. Small changes in token analysis can lead to mismatches with previously index data, so existing indices using Snowball stemmers as part of their analysis chain should be reindexed. +==== + +[[german2_snowball_stemmer_an_alias_for_german_stemmer]] +.The "german2" snowball stemmer is now an alias for the "german" stemmer +[%collapsible] +==== +*Details* + +Lucene 10 has merged the improved "german2" snowball language stemmer with the "german" stemmer. For Elasticsearch, "german2" is now a deprecated alias for "german". This may results in slightly different tokens being generated for terms with umlaut substitution (like "ue" for "ü" etc...) + +*Impact* + +Replace usages of "german2" with "german" in analysis configuration. Old indices that use the "german" stemmer should be reindexed if possible. +==== + +[[persian_analyzer_has_stemmer_by_default]] +.The 'persian' analyzer has stemmer by default +[%collapsible] +==== +*Details* + +Lucene 10 has added a final stemming step to its PersianAnalyzer that Elasticsearch exposes as 'persian' analyzer. Existing indices will keep the old non-stemming behaviour while new indices will see the updated behaviour with added stemming. Users that wish to maintain the non-stemming behaviour need to define their own analyzer as outlined in {ref}/analysis-lang-analyzer.html#persian-analyzer[Persion analyzer]. Users that wish to use the new stemming behaviour for existing indices will have to reindex their data. + +*Impact* + +Indexing with the 'persian' analyzer will produce slightly different tokens. Users should check if this impacts their search results. If they wish to maintain the legacy non-stemming behaviour they can define their own analyzer equivalent as explained in {ref}/analysis-lang-analyzer.html#persian-analyzer[Persian analyzer]. +==== + +[[korean_dictionary_for_nori_has_been_updated]] +.The Korean dictionary for Nori has been updated +[%collapsible] +==== +*Details* + +Lucene 10 ships with an updated Korean dictionary (mecab-ko-dic-2.1.1). For details see https://github.com/apache/lucene/issues/11452. Users experiencing changes in search behaviour on existing data are advised to reindex. + +*Impact* + +The change is small and should generally provide better analysis results. Existing indices for full-text use cases should be reindexed though. +==== + +[discrete] +[[breaking_90_cluster_and_node_setting_changes]] +=== Cluster and node setting changes + +[[configuring_bind_dn_in_an_ldap_or_active_directory_ad_realm_without_corresponding_bind_password_will_prevent_node_from_starting]] +.Configuring a bind DN in an LDAP or Active Directory (AD) realm without a corresponding bind password will prevent node from starting +[%collapsible] +==== +*Details* + +For LDAP or AD authentication realms, setting a bind DN (via the `xpack.security.authc.realms.ldap.*.bind_dn` or `xpack.security.authc.realms.active_directory.*.bind_dn` realm settings) without a bind password is a misconfiguration that may prevent successful authentication to the node. Nodes will fail to start if a bind DN is specified without a password. + +*Impact* + +If you have a bind DN configured for an LDAP or AD authentication realm, set a bind password for {ref}/ldap-realm.html#ldap-realm-configuration[LDAP] or {ref}/active-directory-realm.html#ad-realm-configuration[Active Directory]. Configuring a bind DN without a password prevents the misconfigured node from starting. +==== + +[[deprecated_tracing_apm_settings_got_removed]] +.Deprecated tracing.apm.* settings got removed. +[%collapsible] +==== +*Details* + +Deprecated `tracing.apm.*` settings got removed, use respective `telemetry.*` / `telemetry.tracing.*` settings instead. + +*Impact* + +9.x nodes will refuse to start if any such setting (including secret settings) is still present. +==== + +[[limit_bytesizeunit_to_2_decimals]] +.Limit `ByteSizeUnit` to 2 decimals +[%collapsible] +==== +*Details* + +In the past, byte values like `1.25 mb` were allowed but deprecated. Now, values with up to two decimal places are allowed, unless the unit is bytes, in which case no decimals are allowed. Values with too many decimal places result in an error. + +*Impact* + +Values with more than two decimal places, like `0.123 mb` will be rejected as an error, where in the past, they'd be accepted with a deprecation warning. +==== + +[[minimum_shard_balancer_threshold_1_0]] +.Minimum shard balancer threshold is now 1.0 +[%collapsible] +==== +*Details* + +Earlier versions of {es} accepted any non-negative value for `cluster.routing.allocation.balance.threshold`, but values smaller than `1.0` do not make sense and have been ignored since version 8.6.1. From 9.0.0 these nonsensical values are now forbidden. + +*Impact* + +Do not set `cluster.routing.allocation.balance.threshold` to a value less than `1.0`. +==== + +[[remove_tlsv1_1_from_default_protocols]] +.Remove TLSv1.1 from default protocols +[%collapsible] +==== +*Details* + +TLSv1.1 is no longer enabled by default. Prior to version 9.0, Elasticsearch would attempt to enable TLSv1.1 if the JDK supported it. In most cases, including all cases where Elasticsearch 8 was running with the bundled JDK, the JDK would not support TLSv1.1, so that protocol would not be available in Elasticsearch. However, if Elasticsearch was running on an old JDK or a JDK that have been reconfigured to support TLSv1.1, then the protocol would automatically be available within Elasticsearch. As of Elasticsearch 9.0, this is no longer true. If you wish to enable TLSv1.1 then you must enable it within the JDK and also enable it within Elasticsearch by using the `ssl.supported_protocols` setting. + +*Impact* + +Most users will not be impacted. If your Elastisearch 8 cluster was using a custom JDK and you relied on TLSv1.1, then you will need to explicitly enable TLSv1.1 within Elasticsearch (as well as enabling it within your JDK) +==== + +[[remove_client_type_setting]] +.Remove `client.type` setting +[%collapsible] +==== +*Details* + +The node setting `client.type` has been ignored since the node client was removed in 8.0. The setting is now removed. + +*Impact* + +Remove the `client.type` setting from `elasticsearch.yml` +==== + +[[remove_cluster_routing_allocation_disk_watermark_enable_for_single_data_node_setting]] +.Remove `cluster.routing.allocation.disk.watermark.enable_for_single_data_node` setting +[%collapsible] +==== +*Details* + +Prior to 7.8, whenever a cluster had only a single data node, the watermarks would not be respected. In order to change this in 7.8+ in a backwards compatible way, we introduced the `cluster.routing.allocation.disk.watermark.enable_for_single_data_node` node setting. The setting was deprecated in 7.14 and was made to accept only true in 8.0 + +*Impact* + +No known end user impact +==== + +[[remove_deprecated_xpack_searchable_snapshot_allocate_on_rolling_restart_setting]] +.Remove deprecated `xpack.searchable.snapshot.allocate_on_rolling_restart` setting +[%collapsible] +==== +*Details* + +The `xpack.searchable.snapshot.allocate_on_rolling_restart` setting was created as an escape-hatch just in case relying on the `cluster.routing.allocation.enable=primaries` setting for allocating searchable snapshots during rolling restarts had some unintended side-effects. It has been deprecated since 8.2.0. + +*Impact* + +Remove `xpack.searchable.snapshot.allocate_on_rolling_restart` from your settings if present. +==== + +[[remove_unsupported_legacy_value_for_discovery_type]] +.Remove unsupported legacy value for `discovery.type` +[%collapsible] +==== +*Details* + +Earlier versions of {es} had a `discovery.type` setting which permitted values that referred to legacy discovery types. From v9.0.0 onwards, the only supported values for this setting are `multi-node` (the default) and `single-node`. + +*Impact* + +Remove any value for `discovery.type` from your `elasticsearch.yml` configuration file. +==== + +[discrete] +[[breaking_90_index_setting_changes]] +=== Index setting changes + +[[remove_ability_to_read_frozen_indices]] +.Remove the ability to read frozen indices +[%collapsible] +==== +*Details* + +The ability to read frozen indices has been removed. (Frozen indices are no longer useful due to improvements in heap memory usage. The ability to freeze indices was removed in 8.0.) + +*Impact* + +Users must unfreeze any frozen indices before upgrading. +==== + +[discrete] +[[breaking_90_ingest_changes]] +=== Ingest changes + +[[remove_ecs_option_on_user_agent_processor]] +.Remove `ecs` option on `user_agent` processor +[%collapsible] +==== +*Details* + +The `user_agent` ingest processor no longer accepts the `ecs` option. (It was previously deprecated and ignored.) + +*Impact* + +Users should stop using the `ecs` option when creating instances of the `user_agent` ingest processor. The option will be removed from existing processors stored in the cluster state on upgrade. +==== + +[[remove_ignored_fallback_option_on_geoip_processor]] +.Remove ignored fallback option on GeoIP processor +[%collapsible] +==== +*Details* + +The option fallback_to_default_databases on the geoip ingest processor has been removed. (It was deprecated and ignored since 8.0.0.) + +*Impact* + +Customers should stop remove the noop fallback_to_default_databases option on any geoip ingest processors. +==== + +[discrete] +[[breaking_90_logging_changes]] +=== Logging changes + +[[deprecation_logging_value_change_for_data_stream_dataset_event_dataset]] +.Deprecation logging value change for "data_stream.dataset" and "event.dataset" +[%collapsible] +==== +*Details* + +This change modifies the "data_stream.dataset" and "event.dataset" value for deprecation logging +to use the value `elasticsearch.deprecation` instead of `deprecation.elasticsearch`. This is now +consistent with other values where the name of the service is the first part of the key. + +*Impact* + +If you are directly consuming deprecation logs for "data_stream.dataset" and "event.dataset" and filtering on +this value, you will need to update your filters to use `elasticsearch.deprecation` instead of +`deprecation.elasticsearch`. +==== + +[discrete] +[[breaking_90_logs_changes]] +=== Logs changes + +[[conditionally_enable_logsdb_by_default]] +.Conditionally enable logsdb by default +[%collapsible] +==== +*Details* + +Logsdb index mode will be enabled by default for data streams matching with `logs-*-*` pattern. +When upgrading from 8.18.2 or later to 9.x, if data streams matching with `log-*-*` exist, +then logsdb will not be enabled by default. + +For versions prior to 8.18.2, it is strongly advised to first upgrade to 8.18.2 or later prior to upgrading to 9.0.x. Otherwise, logsdb will be enabled by default regardless of whether matching data streams exist. + +*Impact* + +Logsdb reduce storage footprint in Elasticsearch for logs, but there are side effects +to be taken into account that are described in the {ref}/logs-data-stream.html[Logsdb docs]. +==== + +[discrete] +[[breaking_90_mapping_changes]] +=== Mapping changes + +[[remove_support_for_type_fields_copy_to_boost_in_metadata_field_definition]] +.Remove support for type, fields, copy_to and boost in metadata field definition +[%collapsible] +==== +*Details* + +The type, fields, copy_to and boost parameters are no longer supported in metadata field definition starting with version 9. + +*Impact* + +Users providing type, fields, copy_to or boost as part of metadata field definition should remove them from their mappings. +==== + +[[turn_source_meta_fieldmappers_mode_attribute_into_no_op]] +.Turn `_source` meta fieldmapper's mode attribute into a no-op +[%collapsible] +==== +*Details* + +The `mode` mapping attribute of `_source` metadata field mapper has been turned into a no-op. Instead the `index.mapping.source.mode` index setting should be used to configure source mode. + +*Impact* + +Configuring the `mode` attribute for the `_source` meta field mapper will have no effect on indices created with Elasticsearch 9.0.0 or later. Note that `_source.mode` configured on indices before upgrading to 9.0.0 or later will remain efficive after upgrading. +==== + +[discrete] +[[breaking_90_packaging_changes]] +=== Packaging changes + +[[disable_machine_learning_on_macos_x86_64]] +.Disable machine learning on macOS x86_64 +[%collapsible] +==== +*Details* + +The machine learning plugin is permanently disabled on macOS x86_64. For the last three years Apple has been selling hardware based on the arm64 architecture, and support will increasingly focus on this architecture in the future. Changes to upstream dependencies of Elastic's machine learning functionality have made it unviable for Elastic to continue to build machine learning on macOS x86_64. + +*Impact* + +To continue to use machine learning functionality on macOS please switch to an arm64 machine (Apple silicon). Alternatively, it will still be possible to run Elasticsearch with machine learning enabled in a Docker container on macOS x86_64. +==== + +[discrete] +[[breaking_90_rest_api_changes]] +=== REST API changes + +[[apply_more_strict_parsing_of_actions_in_bulk_api]] +.Apply more strict parsing of actions in bulk API +[%collapsible] +==== +*Details* + +Previously, the following classes of malformed input were deprecated but not rejected in the action lines of the a bulk request: missing closing brace; additional keys after the action (which were ignored); additional data after the closing brace (which was ignored). They will now be considered errors and rejected. + +*Impact* + +Users must provide well-formed input when using the bulk API. (They can request REST API compatibility with v8 to get the previous behaviour back as an interim measure.) +==== + +[[change_most_elasticsearch_timeouts_to_429_response_instead_of_5xx]] +.Change most Elasticsearch timeouts to 429 response instead of 5xx +[%collapsible] +==== +*Details* + +When a timeout occurs in most REST requests, whether via a per-request timeout, or a system default, the request would return a 5xx response code. The response code from those APIs when a timeout occurs is now 429. + +*Impact* + +Adjust any code relying on retrying on 5xx responses for timeouts to look for a 429 response code and inspect the response to determine whether a timeout occured. +==== + +[[error_json_structure_has_changed_when_detailed_errors_are_disabled]] +.Error JSON structure has changed when detailed errors are disabled +[%collapsible] +==== +*Details* + +This change modifies the JSON format of error messages returned to REST clients +when detailed messages are turned off. +Previously, JSON returned when an exception occurred, and `http.detailed_errors.enabled: false` was set, +just consisted of a single `"error"` text field with some basic information. +Setting `http.detailed_errors.enabled: true` (the default) changed this field +to an object with more detailed information. +With this change, non-detailed errors now have the same structure as detailed errors. `"error"` will now always +be an object with, at a minimum, a `"type"` and `"reason"` field. Additional fields are included when detailed +errors are enabled. +To use the previous structure for non-detailed errors, use the v8 REST API. + +*Impact* + +If you have set `http.detailed_errors.enabled: false` (the default is `true`) +the structure of JSON when any exceptions occur now matches the structure when +detailed errors are enabled. +To use the previous structure for non-detailed errors, use the v8 REST API. +==== + +[[remove_any_references_to_org_elasticsearch_core_restapiversion_v_7]] +.Remove any references to org.elasticsearch.core.RestApiVersion#V_7 +[%collapsible] +==== +*Details* + +This PR removes all references to V_7 in the Rest API. V7 features marked for deprecation have been removed. + +*Impact* + +This change is breaking for any external plugins/clients that rely on the V_7 enum or deprecated version 7 functionality +==== + +[[remove_cluster_state_from_cluster_reroute_response]] +.Remove cluster state from `/_cluster/reroute` response +[%collapsible] +==== +*Details* + +The `POST /_cluster/reroute` API no longer returns the cluster state in its response. The `?metric` query parameter to this API now has no effect and its use will be forbidden in a future version. + +*Impact* + +Cease usage of the `?metric` query parameter when calling the `POST /_cluster/reroute` API. +==== + +[[remove_deprecated_local_attribute_from_alias_apis]] +.Remove deprecated local attribute from alias APIs +[%collapsible] +==== +*Details* + +The following APIs no longer accept the `?local` query parameter: `GET /_alias`, `GET /_aliases`, `GET /_alias/{name}`, `HEAD /_alias/{name}`, `GET /{index}/_alias`, `HEAD /{index}/_alias`, `GET /{index}/_alias/{name}`, `HEAD /{index}/_alias/{name}`, `GET /_cat/aliases`, and `GET /_cat/aliases/{alias}`. This parameter has been deprecated and ignored since version 8.12. + +*Impact* + +Cease usage of the `?local` query parameter when calling the listed APIs. +==== + +[[remove_legacy_params_from_range_query]] +.Remove legacy params from range query +[%collapsible] +==== +*Details* + +The deprecated range query parameters `to`, `from`, `include_lower`, and `include_upper` are no longer supported. + +*Impact* + +Users should use `lt`, `lte`, `gt`, and `gte` query parameters instead. +==== + +[[remove_old_knn_search_tech_preview_api_in_v9]] +.Remove old `_knn_search` tech preview API in v9 +[%collapsible] +==== +*Details* + +The original, tech-preview api for vector search, `_knn_search`, has been removed in v9. For all vector search operations, you should utilize the `_search` endpoint. + +*Impact* + +The `_knn_search` API is now inaccessible without providing a compatible-with flag for v8. +==== + +[[remove_support_for_deprecated_force_source_highlighting_parameter]] +.Remove support for deprecated `force_source` highlighting parameter +[%collapsible] +==== +*Details* + +The deprecated highlighting `force_source` parameter is no longer supported. + +*Impact* + +Users should remove usages of the `force_source` parameter from their search requests. +==== + +[[remove_unfreeze_rest_endpoint]] +.Remove unfreeze REST endpoint +[%collapsible] +==== +*Details* + +The `/{index}/_unfreeze` REST endpoint is no longer supported. This API was deprecated, and the corresponding `/{index}/_freeze` endpoint was removed in 8.0. + +*Impact* + +None, since it is not possible to have a frozen index in a version which is readable by Elasticsearch 9.0 +==== + +[[removing_support_for_types_field_in_watcher_search]] +.Removing support for types field in watcher search +[%collapsible] +==== +*Details* + +Previously, setting the `input.search.request.types` field in the payload when creating a watcher to an empty array was allowed, although it resulted in a deprecation warning and had no effect (and any value other than an empty array would result in an error). Now, support for this field is entirely removed, and the empty array will also result in an error. + +*Impact* + +Users should stop setting this field (which did not have any effect anyway). +==== + +[[restrict_connector_apis_to_manage_monitor_connector_privileges]] +.Restrict Connector APIs to manage/monitor_connector privileges +[%collapsible] +==== +*Details* + +Connector APIs now enforce the manage_connector and monitor_connector privileges (introduced in 8.15), replacing the previous reliance on index-level permissions for .elastic-connectors and .elastic-connectors-sync-jobs in API calls. + +*Impact* + +Connector APIs now require manage_connector and monitor_connector privileges +==== + +[[set_allow_partial_search_results_true_by_default]] +.Set allow_partial_search_results=true by default +[%collapsible] +==== +*Details* + +Before this change, in case of shard failures, EQL queries always returned an error. With this change, they will keep running and will return partial results. + +*Impact* + +EQL queries that would previously fail due to shard failures, will now succeed and return partial results. The previous defaults can be restored by setting `xpack.eql.default_allow_partial_results` cluster setting to `false` or setting with `allow_partial_search_results` to `false` in the query request. +==== + +[discrete] +[[breaking_90_search_changes1]] +=== Search changes + +[[adjust_random_score_default_field_to_seq_no_field]] +.Adjust `random_score` default field to `_seq_no` field +[%collapsible] +==== +*Details* + +When providing a 'seed' parameter to a 'random_score' function in the 'function_score' query but NOT providing a 'field', the default 'field' is switched from '_id' to '_seq_no'. + +*Impact* + +The random scoring and ordering may change when providing a 'seed' and not providing a 'field' to a 'random_score' function. +==== + +[[change_semantic_text_to_act_like_normal_text_field]] +.Change semantic text to act like a normal text field +[%collapsible] +==== +*Details* + +The previous semantic_text format used a complex subfield structure in _source to store the embeddings. This complicated interactions/integrations with semantic_text fields and _source in general. This new semantic_text format treats it as a normal text field, where the field's value in _source is the value assigned by the user. + +*Impact* + +Users who parsed the subfield structure of the previous semantic_text format in _source will need to update their parsing logic. The new format does not directly expose the chunks and embeddings generated from the input text. The new format will be applied to all new indices, any existing indices will continue to use the previous format. +==== + +[discrete] +[[breaking_90_transform_changes]] +=== Transform changes + +[[remove_data_frame_transforms_roles]] +.Remove `data_frame_transforms` roles +[%collapsible] +==== +*Details* + +`data_frame_transforms_admin` and `data_frame_transforms_user` were deprecated in Elasticsearch 7 and are being removed in Elasticsearch 9. `data_frame_transforms_admin` is now `transform_admin`. `data_frame_transforms_user` is now `transform_user`. Users must call the `_update` API to replace the permissions on the Transform before the Transform can be started. + +*Impact* + +Transforms created with either the `data_frame_transforms_admin` or the `data_frame_transforms_user` role will fail to start. The Transform will remain in a `stopped` state, and its health will be red while displaying permission failures. +==== + +The following pull requests relate to breaking changes: + +Aggregations:: +* Remove date histogram boolean support {es-pull}118484[#118484] + +Allocation:: +* Increase minimum threshold in shard balancer {es-pull}115831[#115831] +* Remove `cluster.routing.allocation.disk.watermark.enable_for_single_data_node` setting {es-pull}114207[#114207] +* Remove cluster state from `/_cluster/reroute` response {es-pull}114231[#114231] (issue: {es-issue}88978[#88978]) + +Analysis:: +* Snowball stemmers have been upgraded {es-pull}114146[#114146] +* The 'german2' stemmer is now an alias for the 'german' snowball stemmer {es-pull}113614[#113614] +* The 'persian' analyzer has stemmer by default {es-pull}113482[#113482] (issue: {es-issue}113050[#113050]) +* The Korean dictionary for Nori has been updated {es-pull}114124[#114124] + +Authentication:: +* Configuring a bind DN in an LDAP or Active Directory (AD) realm without a corresponding bind password +will prevent node from starting {es-pull}118366[#118366] + +Cluster Coordination:: +* Remove unsupported legacy value for `discovery.type` {es-pull}112903[#112903] + +EQL:: +* Set allow_partial_search_results=true by default {es-pull}120267[#120267] + +Extract&Transform:: +* Restrict Connector APIs to manage/monitor_connector privileges {es-pull}119863[#119863] + +Highlighting:: +* Remove support for deprecated `force_source` highlighting parameter {es-pull}116943[#116943] + +Indices APIs:: +* Apply more strict parsing of actions in bulk API {es-pull}115923[#115923] +* Remove deprecated local attribute from alias APIs {es-pull}115393[#115393] +* Remove the ability to read frozen indices {es-pull}120108[#120108] +* Remove unfreeze REST endpoint {es-pull}119227[#119227] + +Infra/Core:: +* Change Elasticsearch timeouts to 429 response instead of 5xx {es-pull}116026[#116026] +* Limit `ByteSizeUnit` to 2 decimals {es-pull}120142[#120142] +* Remove `client.type` setting {es-pull}118192[#118192] (issue: {es-issue}104574[#104574]) +* Remove any references to org.elasticsearch.core.RestApiVersion#V_7 {es-pull}118103[#118103] + +Infra/Logging:: +* Change `deprecation.elasticsearch` keyword to `elasticsearch.deprecation` {es-pull}117933[#117933] (issue: {es-issue}83251[#83251]) + +Infra/Metrics:: +* Deprecated tracing.apm.* settings got removed. {es-pull}119926[#119926] + +Infra/REST API:: +* Output a consistent format when generating error json {es-pull}90529[#90529] (issue: {es-issue}89387[#89387]) + +Ingest Node:: +* Remove `ecs` option on `user_agent` processor {es-pull}116077[#116077] +* Remove ignored fallback option on GeoIP processor {es-pull}116112[#116112] + +Logs:: +* Conditionally enable logsdb by default for data streams matching with logs-*-* pattern. {es-pull}121049[#121049] (issue: {es-issue}106489[#106489]) + +Machine Learning:: +* Disable machine learning on macOS x86_64 {es-pull}104125[#104125] + +Mapping:: +* Remove support for type, fields, `copy_to` and boost in metadata field definition {es-pull}118825[#118825] +* Turn `_source` meta fieldmapper's mode attribute into a no-op {es-pull}119072[#119072] (issue: {es-issue}118596[#118596]) + +Search:: +* Adjust `random_score` default field to `_seq_no` field {es-pull}118671[#118671] +* Change Semantic Text To Act Like A Normal Text Field {es-pull}120813[#120813] +* Remove legacy params from range query {es-pull}116970[#116970] + +Snapshot/Restore:: +* Remove deprecated `xpack.searchable.snapshot.allocate_on_rolling_restart` setting {es-pull}114202[#114202] + +TLS:: +* Remove TLSv1.1 from default protocols {es-pull}121731[#121731] + +Transform:: +* Remove `data_frame_transforms` roles {es-pull}117519[#117519] + +Vector Search:: +* Remove old `_knn_search` tech preview API in v9 {es-pull}118104[#118104] + +Watcher:: +* Removing support for types field in watcher search {es-pull}120748[#120748] + +[discrete] +[[deprecated-9.0-beta1]] +== Deprecations + +The following functionality has been deprecated in {es} 9.0 +and will be removed in a future version. +While this won't have an immediate impact on your applications, +we strongly encourage you to take the described steps to update your code +after upgrading to 9.0. + +To find out if you are using any deprecated functionality, +enable {ref}/logging.html#deprecation-logging[deprecation logging]. + +[discrete] +[[deprecations_90_authorization]] +=== Authorization deprecations + +[[deprecate_certificate_based_remote_cluster_security_model]] +.Deprecate certificate based remote cluster security model +[%collapsible] +==== +*Details* + +-| {ref}/remote-clusters-cert.html[Certificate-based remote cluster security model] is deprecated and will be removed in a future major version. Users are encouraged to {ref}/remote-clusters-migrate.html[migrate remote clusters from certificate to API key authentication]. The {ref}/remote-clusters-api-key.html[API key-based security model] is preferred way to configure remote clusters, as it allows to follow security best practices when setting up remote cluster connections and defining fine-grained access control. + +*Impact* + +-| If you have configured remote clusters with certificate-based security model, you should {ref}/remote-clusters-migrate.html[migrate remote clusters from certificate to API key authentication]. Configuring a remote cluster using {ref}/remote-clusters-cert.html[certificate authentication], generates a warning in the deprecation logs. +==== + +[discrete] +[[deprecations_90_es_ql]] +=== ES|QL deprecations + +[[drop_support_for_brackets_from_metadata_syntax]] +.Drop support for brackets from METADATA syntax +[%collapsible] +==== +*Details* + +Please describe the details of this change for the release notes. You can use asciidoc. + +*Impact* + +Please describe the impact of this change to users +==== + +[discrete] +[[deprecations_90_rest_api]] +=== REST API deprecations + +[[document_type_deprecated_on_simulate_pipeline_api]] +.Document `_type` deprecated on simulate pipeline API +[%collapsible] +==== +*Details* + +Passing a document with a `_type` property is deprecated in the `/_ingest/pipeline/{id}/_simulate` and `/_ingest/pipeline/_simulate` APIs. + +*Impact* + +Users should already have stopped using mapping types, which were deprecated in {es} 7. This deprecation warning will fire if they specify mapping types on documents pass to the simulate pipeline API. +==== + +[[inference_api_deprecate_elser_service]] +.Deprecate elser service +[%collapsible] +==== +*Details* + +The `elser` service of the inference API will be removed in an upcoming release. Please use the elasticsearch service instead. + +*Impact* + +In the current version there is no impact. In a future version, users of the `elser` service will no longer be able to use it, and will be required to use the `elasticsearch` service to access elser through the inference API. +==== + +[discrete] +[[deprecations_90_rollup]] +=== Rollup deprecations + +[[emit_deprecation_warning_when_executing_one_of_rollup_apis]] +.Emit deprecation warning when executing one of the rollup APIs +[%collapsible] +==== +*Details* + +Rollup is already deprecated since 8.11.0 via documentation and since 8.15.0 it is no longer possible to create new rollup jobs in clusters without rollup usage. This change updates the rollup APIs to emit a deprecation warning. + +*Impact* + +Returning a deprecation warning when using one of the rollup APIs. +==== + +[discrete] +[[deprecations_90_transform]] +=== Transform deprecations + +[[removing_index_alias_creation_for_deprecated_transforms_notification_index]] +.Removing index alias creation for deprecated transforms notification index +[%collapsible] +==== +*Details* + +As part of the migration from 7.x to 8.x, the `.data-frame-notifications-1` index was deprecated and replaced with the `.transform-notifications-000002` index. The index is no longer created by default, all writes are directed to the new index, and any clusters with the deprecated index will have an alias created to ensure that reads are still retrieving data that was written to the index before the migration to 8.x. This change removes the alias from the deprecated index in 9.x. Any clusters with the alias present will retain it, but it will not be created on new clusters. + +*Impact* + +No known end user impact. +==== + +The following pull requests relate to deprecations: + +ES|QL:: +* Drop support for brackets from METADATA syntax {es-pull}119846[#119846] (issue: {es-issue}115401[#115401]) + +Ingest Node:: +* Fix `_type` deprecation on simulate pipeline API {es-pull}116259[#116259] + +Machine Learning:: +* Removing index alias creation for deprecated transforms notification index {es-pull}117583[#117583] +* [Inference API] Deprecate elser service {es-pull}113216[#113216] + +Rollup:: +* Emit deprecation warning when executing one of the rollup APIs {es-pull}113131[#113131] + +Security:: +* Deprecate certificate based remote cluster security model {es-pull}120806[#120806] + +[[bug-9.0.0]] +[float] +== Bug fixes + +Aggregations:: +* Handle with `illegalArgumentExceptions` negative values in HDR percentile aggregations {es-pull}116174[#116174] (issue: {es-issue}115777[#115777]) + +Analysis:: +* Analyze API to return 400 for wrong custom analyzer {es-pull}121568[#121568] (issue: {es-issue}121443[#121443]) + +CAT APIs:: +* Fix cat_component_templates documentation {es-pull}120487[#120487] + +CRUD:: +* Preserve thread context when waiting for segment generation in RTG {es-pull}114623[#114623] +* Preserve thread context when waiting for segment generation in RTG {es-pull}117148[#117148] + +Data streams:: +* Avoid updating settings version in `MetadataMigrateToDataStreamService` when settings have not changed {es-pull}118704[#118704] +* Block-writes cannot be added after read-only {es-pull}119007[#119007] (issue: {es-issue}119002[#119002]) +* Ensure removal of index blocks does not leave key with null value {es-pull}122246[#122246] +* Match dot prefix of migrated DS backing index with the source index {es-pull}120042[#120042] +* Refresh source index before reindexing data stream index {es-pull}120752[#120752] (issue: {es-issue}120314[#120314]) +* `ReindexDataStreamIndex` bug in assertion caused by reference equality {es-pull}121325[#121325] + +Downsampling:: +* Copy metrics and `default_metric` properties when downsampling `aggregate_metric_double` {es-pull}121727[#121727] (issues: {es-issue}119696[#119696], {es-issue}96076[#96076]) + +EQL:: +* Fix JOIN command validation (not supported) {es-pull}122011[#122011] + +ES|QL:: +* Allow the data type of `null` in filters {es-pull}118324[#118324] (issue: {es-issue}116351[#116351]) +* Correct line and column numbers of missing named parameters {es-pull}120852[#120852] +* Drop null columns in text formats {es-pull}117643[#117643] (issue: {es-issue}116848[#116848]) +* Fix ENRICH validation for use of wildcards {es-pull}121911[#121911] +* Fix ROUND() with unsigned longs throwing in some edge cases {es-pull}119536[#119536] +* Fix TDigestState.read CB leaks {es-pull}114303[#114303] (issue: {es-issue}114194[#114194]) +* Fix TopN row size estimate {es-pull}119476[#119476] (issue: {es-issue}106956[#106956]) +* Fix `AbstractShapeGeometryFieldMapperTests` {es-pull}119265[#119265] (issue: {es-issue}119201[#119201]) +* Fix a bug in TOP {es-pull}121552[#121552] +* Fix async stop sometimes not properly collecting result {es-pull}121843[#121843] (issue: {es-issue}121249[#121249]) +* Fix attribute set equals {es-pull}118823[#118823] +* Fix double lookup failure on ESQL {es-pull}115616[#115616] (issue: {es-issue}111398[#111398]) +* Fix queries with document level security on lookup indexes {es-pull}120617[#120617] (issue: {es-issue}120509[#120509]) +* Fix writing for LOOKUP status {es-pull}119296[#119296] (issue: {es-issue}119086[#119086]) +* Limit memory usage of `fold` {es-pull}118602[#118602] +* Limit size of query {es-pull}117898[#117898] +* Remove redundant sorts from execution plan {es-pull}121156[#121156] +* Revert unwanted ES|QL lexer changes from PR #120354 {es-pull}120538[#120538] + +Health:: +* Do not recommend increasing `max_shards_per_node` {es-pull}120458[#120458] + +Indices APIs:: +* Add `?master_timeout` to `POST /_ilm/migrate_to_data_tiers` {es-pull}120883[#120883] +* Fix broken yaml test `30_create_from` {es-pull}120662[#120662] +* Include hidden indices in `DeprecationInfoAction` {es-pull}118035[#118035] (issue: {es-issue}118020[#118020]) + +Inference:: +* [Inference API] Put back legacy EIS URL setting {es-pull}121207[#121207] + +Infra/Core:: +* Epoch Millis Rounding Down and Not Up 2 {es-pull}118353[#118353] +* Wrap jackson exception on malformed json string {es-pull}114445[#114445] (issue: {es-issue}114142[#114142]) + +Infra/Logging:: +* Move `SlowLogFieldProvider` instantiation to node construction {es-pull}117949[#117949] + +Infra/Metrics:: +* Make `randomInstantBetween` always return value in range [minInstant, `maxInstant]` {es-pull}114177[#114177] + +Infra/Plugins:: +* Remove unnecessary entitlement {es-pull}120959[#120959] +* Restrict agent entitlements to the system classloader unnamed module {es-pull}120546[#120546] + +Infra/REST API:: +* Fixed a `NullPointerException` in `_capabilities` API when the `path` parameter is null. {es-pull}113413[#113413] (issue: {es-issue}113413[#113413]) + +Infra/Scripting:: +* Register mustache size limit setting {es-pull}119291[#119291] + +Infra/Settings:: +* Don't allow secure settings in YML config (109115) {es-pull}115779[#115779] (issue: {es-issue}109115[#109115]) + +Ingest Node:: +* Add warning headers for ingest pipelines containing special characters {es-pull}114837[#114837] (issue: {es-issue}104411[#104411]) +* Fix geoip databases index access after system feature migration {es-pull}121196[#121196] + +Logs:: +* Always check if index mode is logsdb {es-pull}116922[#116922] + +Machine Learning:: +* Change format for Unified Chat {es-pull}121396[#121396] +* Fix get all inference endponts not returning multiple endpoints sharing model deployment {es-pull}121821[#121821] +* Fixing bedrock event executor terminated cache issue {es-pull}118177[#118177] (issue: {es-issue}117916[#117916]) +* Fixing bug setting index when parsing Google Vertex AI results {es-pull}117287[#117287] +* Updating Inference Update API documentation to have the correct PUT method {es-pull}121048[#121048] +* Wait for up to 2 seconds for yellow status before starting search {es-pull}115938[#115938] (issues: {es-issue}107777[#107777], {es-issue}105955[#105955], {es-issue}107815[#107815], {es-issue}112191[#112191]) +* [Inference API] Fix unique ID message for inference ID matches trained model ID {es-pull}119543[#119543] (issue: {es-issue}111312[#111312]) + +Mapping:: +* Enable New Semantic Text Format Only On Newly Created Indices {es-pull}121556[#121556] +* Fix propagation of dynamic mapping parameter when applying `copy_to` {es-pull}121109[#121109] (issue: {es-issue}113049[#113049]) +* Fix realtime get of nested fields with synthetic source {es-pull}119575[#119575] (issue: {es-issue}119553[#119553]) +* Merge field mappers when updating mappings with [subobjects:false] {es-pull}120370[#120370] (issue: {es-issue}120216[#120216]) +* Tweak `copy_to` handling in synthetic `_source` to account for nested objects {es-pull}120974[#120974] (issue: {es-issue}120831[#120831]) + +Network:: +* Remove ChunkedToXContentBuilder {es-pull}119310[#119310] (issue: {es-issue}118647[#118647]) + +Search:: +* Catch and handle disconnect exceptions in search {es-pull}115836[#115836] +* Fix leak in `DfsQueryPhase` and introduce search disconnect stress test {es-pull}116060[#116060] (issue: {es-issue}115056[#115056]) +* Fix/QueryBuilderBWCIT_muted_test {es-pull}117831[#117831] +* In this pr, a 400 error is returned when _source / _seq_no / _feature / _nested_path / _field_names is requested, rather a 5xx {es-pull}117229[#117229] +* Inconsistency in the _analyzer api when the index is not included {es-pull}115930[#115930] +* Remove duplicate code in ESIntegTestCase {es-pull}120799[#120799] +* SearchStatesIt failures reported by CI {es-pull}117618[#117618] (issues: {es-issue}116617[#116617], {es-issue}116618[#116618]) +* Skip fetching _inference_fields field in legacy semantic_text format {es-pull}121720[#121720] +* Test/107515 restore template with match only text mapper it fail {es-pull}120392[#120392] (issue: {es-issue}107515[#107515]) +* Updated Date Range to Follow Documentation When Assuming Missing Values {es-pull}112258[#112258] (issue: {es-issue}111484[#111484]) +* `CrossClusterIT` `testCancel` failure {es-pull}117750[#117750] (issue: {es-issue}108061[#108061]) +* `SearchServiceTests.testParseSourceValidation` failure {es-pull}117963[#117963] + +Snapshot/Restore:: +* Add undeclared Azure settings, modify test to exercise them {es-pull}118634[#118634] +* Fork post-snapshot-delete cleanup off master thread {es-pull}122047[#122047] +* Retry throttled snapshot deletions {es-pull}113237[#113237] +* Use the system index descriptor in the snapshot blob cache cleanup task {es-pull}120937[#120937] (issue: {es-issue}120518[#120518]) + +Store:: +* Do not capture `ClusterChangedEvent` in `IndicesStore` call to #onClusterStateShardsClosed {es-pull}120193[#120193] + +Vector Search:: +* Apply default k for knn query eagerly {es-pull}118774[#118774] +* Fix `bbq_hnsw` merge file cleanup on random IO exceptions {es-pull}119691[#119691] (issue: {es-issue}119392[#119392]) + +Watcher:: +* Watcher history index has too many indexed fields - {es-pull}117701[#117701] (issue: {es-issue}71479[#71479]) + +[[enhancement-9.0.0]] +[float] +== Enhancements + +Allocation:: +* Add a not-master state for desired balance {es-pull}116904[#116904] +* Only publish desired balance gauges on master {es-pull}115383[#115383] +* Reset relocation/allocation failure counter on node join/shutdown {es-pull}119968[#119968] + +Authentication:: +* Allow `SSHA-256` for API key credential hash {es-pull}120997[#120997] + +Authorization:: +* Allow kibana_system user to manage .reindexed-v8-internal.alerts indices {es-pull}118959[#118959] +* Grant necessary Kibana application privileges to `reporting_user` role {es-pull}118058[#118058] +* Make reserved built-in roles queryable {es-pull}117581[#117581] +* [Security Solution] Add `create_index` to `kibana_system` role for index/DS `.logs-endpoint.action.responses-*` {es-pull}115241[#115241] +* [Security Solution] allows `kibana_system` user to manage .reindexed-v8-* Security Solution indices {es-pull}119054[#119054] + +CCS:: +* Resolve/cluster allows querying for cluster info only (no index expression required) {es-pull}119898[#119898] + +CRUD:: +* Remove INDEX_REFRESH_BLOCK after index becomes searchable {es-pull}120807[#120807] +* Suppress merge-on-recovery for older indices {es-pull}113462[#113462] + +Cluster Coordination:: +* Include `clusterApplyListener` in long cluster apply warnings {es-pull}120087[#120087] + +Data streams:: +* Add action to create index from a source index {es-pull}118890[#118890] +* Add index and reindex request settings to speed up reindex {es-pull}119780[#119780] +* Add rest endpoint for `create_from_source_index` {es-pull}119250[#119250] +* Add sanity check to `ReindexDatastreamIndexAction` {es-pull}120231[#120231] +* Adding a migration reindex cancel API {es-pull}118291[#118291] +* Adding get migration reindex status {es-pull}118267[#118267] +* Consistent mapping for OTel log and event bodies {es-pull}120547[#120547] +* Filter deprecated settings when making dest index {es-pull}120163[#120163] +* Ignore closed indices for reindex {es-pull}120244[#120244] +* Improve how reindex data stream index action handles api blocks {es-pull}120084[#120084] +* Initial work on `ReindexDatastreamIndexAction` {es-pull}116996[#116996] +* Make `requests_per_second` configurable to throttle reindexing {es-pull}120207[#120207] +* Optimized index sorting for OTel logs {es-pull}119504[#119504] +* Report Deprecated Indices That Are Flagged To Ignore Migration Reindex As A Warning {es-pull}120629[#120629] +* Update data stream deprecations warnings to new format and filter searchable snapshots from response {es-pull}118562[#118562] + +Distributed:: +* Make various alias retrieval APIs wait for cluster to unblock {es-pull}117230[#117230] +* Metrics for incremental bulk splits {es-pull}116765[#116765] +* Use Azure blob batch API to delete blobs in batches {es-pull}114566[#114566] + +EQL:: +* Add support for partial shard results {es-pull}116388[#116388] +* Optional named arguments for function in map {es-pull}118619[#118619] + +ES|QL:: +* Add ES|QL cross-cluster query telemetry collection {es-pull}119474[#119474] +* Add a `LicenseAware` interface for licensed Nodes {es-pull}118931[#118931] (issue: {es-issue}117405[#117405]) +* Add a `PostAnalysisAware,` distribute verification {es-pull}119798[#119798] +* Add a standard deviation aggregating function: STD_DEV {es-pull}116531[#116531] +* Add cluster level reduction {es-pull}117731[#117731] +* Add nulls support to Categorize {es-pull}117655[#117655] +* Async search responses have CCS metadata while searches are running {es-pull}117265[#117265] +* Check for early termination in Driver {es-pull}118188[#118188] +* Do not serialize `EsIndex` in plan {es-pull}119580[#119580] +* ESQL - Remove restrictions for disjunctions in full text functions {es-pull}118544[#118544] +* ESQL - enabling scoring with METADATA `_score` {es-pull}113120[#113120] +* ESQL Add esql hash function {es-pull}117989[#117989] +* ESQL Support IN operator for Date nanos {es-pull}119772[#119772] (issue: {es-issue}118578[#118578]) +* ESQL: CATEGORIZE as a `BlockHash` {es-pull}114317[#114317] +* ESQL: Enterprise license enforcement for CCS {es-pull}118102[#118102] +* ES|QL: Partial result on demand for async queries {es-pull}118122[#118122] +* Enable KQL function as a tech preview {es-pull}119730[#119730] +* Enable LOOKUP JOIN in non-snapshot builds {es-pull}121193[#121193] (issue: {es-issue}121185[#121185]) +* Enable node-level reduction by default {es-pull}119621[#119621] +* Enable physical plan verification {es-pull}118114[#118114] +* Ensure cluster string could be quoted {es-pull}120355[#120355] +* Esql - Support date nanos in date extract function {es-pull}120727[#120727] (issue: {es-issue}110000[#110000]) +* Esql - support date nanos in date format function {es-pull}120143[#120143] (issue: {es-issue}109994[#109994]) +* Esql Support date nanos on date diff function {es-pull}120645[#120645] (issue: {es-issue}109999[#109999]) +* Esql bucket function for date nanos {es-pull}118474[#118474] (issue: {es-issue}118031[#118031]) +* Esql compare nanos and millis {es-pull}118027[#118027] (issue: {es-issue}116281[#116281]) +* Esql implicit casting for date nanos {es-pull}118697[#118697] (issue: {es-issue}118476[#118476]) +* Extend `TranslationAware` to all pushable expressions {es-pull}120192[#120192] +* Hash functions {es-pull}118938[#118938] +* Implement a `MetricsAware` interface {es-pull}121074[#121074] +* LOOKUP JOIN using field-caps for field mapping {es-pull}117246[#117246] +* Lookup join on multiple join fields not yet supported {es-pull}118858[#118858] +* Move scoring in ES|QL out of snapshot {es-pull}120354[#120354] +* Optimize ST_EXTENT_AGG for `geo_shape` and `cartesian_shape` {es-pull}119889[#119889] +* Push down filter passed lookup join {es-pull}118410[#118410] +* Resume Driver on cancelled or early finished {es-pull}120020[#120020] +* Rewrite TO_UPPER/TO_LOWER comparisons {es-pull}118870[#118870] (issue: {es-issue}118304[#118304]) +* ST_EXTENT_AGG optimize envelope extraction from doc-values for cartesian_shape {es-pull}118802[#118802] +* Smarter field caps with subscribable listener {es-pull}116755[#116755] +* Support partial sort fields in TopN pushdown {es-pull}116043[#116043] (issue: {es-issue}114515[#114515]) +* Support some stats on aggregate_metric_double {es-pull}120343[#120343] (issue: {es-issue}110649[#110649]) +* Take named parameters for identifier and pattern out of snapshot {es-pull}121850[#121850] +* Term query for ES|QL {es-pull}117359[#117359] +* Update grammar to rely on `indexPattern` instead of identifier in join target {es-pull}120494[#120494] +* `_score` should not be a reserved attribute in ES|QL {es-pull}118435[#118435] (issue: {es-issue}118460[#118460]) + +Engine:: +* Defer unpromotable shard refreshes until index refresh blocks are cleared {es-pull}120642[#120642] +* POC mark read-only {es-pull}119743[#119743] + +Experiences:: +* Integrate IBM watsonx to Inference API for re-ranking task {es-pull}117176[#117176] + +Geo:: +* Optimize indexing points with index and doc values set to true {es-pull}120271[#120271] + +Health:: +* Increase `replica_unassigned_buffer_time` default from 3s to 5s {es-pull}112834[#112834] + +ILM+SLM:: +* Add a `replicate_for` option to the ILM `searchable_snapshot` action {es-pull}119003[#119003] + +Indices APIs:: +* Add `remove_index_block` arg to `_create_from` api {es-pull}120548[#120548] +* Remove index blocks by default in `create_from` {es-pull}120643[#120643] +* Run `TransportGetComponentTemplateAction` on local node {es-pull}116868[#116868] +* Run `TransportGetComposableIndexTemplate` on local node {es-pull}119830[#119830] +* Run `TransportGetIndexTemplateAction` on local node {es-pull}119837[#119837] +* introduce new categories for deprecated resources in deprecation API {es-pull}120505[#120505] + +Inference:: +* Add version prefix to Inference Service API path {es-pull}117095[#117095] +* Remove Elastic Inference Service feature flag and deprecated setting {es-pull}120842[#120842] +* Update sparse text embeddings API route for Inference Service {es-pull}118025[#118025] +* [Elastic Inference Service] Add ElasticInferenceService Unified ChatCompletions Integration {es-pull}118871[#118871] + +Infra/CLI:: +* Strengthen encryption for elasticsearch-keystore tool to AES 256 {es-pull}119749[#119749] + +Infra/Circuit Breakers:: +* Add link to Circuit Breaker "Data too large" exception message {es-pull}113561[#113561] + +Infra/Core:: +* Add support for specifying reindexing script for system index migration {es-pull}119001[#119001] +* Change default Docker image to be based on UBI minimal instead of Ubuntu {es-pull}116739[#116739] + +Infra/Metrics:: +* Add `ensureGreen` test method for use with `adminClient` {es-pull}113425[#113425] + +Infra/REST API:: +* A new query parameter `?include_source_on_error` was added for create / index, update and bulk REST APIs to control +if to include the document source in the error response in case of parsing errors. The default value is `true`. {es-pull}120725[#120725] + +Infra/Scripting:: +* Add a `mustache.max_output_size_bytes` setting to limit the length of results from mustache scripts {es-pull}114002[#114002] + +Infra/Settings:: +* Introduce `IndexSettingDeprecatedInV8AndRemovedInV9` Setting property {es-pull}120334[#120334] +* Run `TransportClusterGetSettingsAction` on local node {es-pull}119831[#119831] + +Ingest Node:: +* Optimize `IngestCtxMap` construction {es-pull}120833[#120833] +* Optimize `IngestDocMetadata` `isAvailable` {es-pull}120753[#120753] +* Optimize `IngestDocument` `FieldPath` allocation {es-pull}120573[#120573] +* Optimize some per-document hot paths in the geoip processor {es-pull}120824[#120824] +* Returning ignored fields in the simulate ingest API {es-pull}117214[#117214] +* Run `GetPipelineTransportAction` on local node {es-pull}120445[#120445] +* Run `TransportGetEnrichPolicyAction` on local node {es-pull}121124[#121124] +* Run template simulation actions on local node {es-pull}120038[#120038] + +License:: +* Bump `TrialLicenseVersion` to allow starting new trial on 9.0 {es-pull}120198[#120198] + +Logs:: +* Add LogsDB option to route on sort fields {es-pull}116687[#116687] +* Add a new index setting to skip recovery source when synthetic source is enabled {es-pull}114618[#114618] +* Configure index sorting through index settings for logsdb {es-pull}118968[#118968] (issue: {es-issue}118686[#118686]) +* Optimize loading mappings when determining synthetic source usage and whether host.name can be sorted on. {es-pull}120055[#120055] + +Machine Learning:: +* Add DeBERTa-V2/V3 tokenizer {es-pull}111852[#111852] +* Add Inference Unified API for chat completions for OpenAI {es-pull}117589[#117589] +* Add Jina AI API to do inference for Embedding and Rerank models {es-pull}118652[#118652] +* Add enterprise license check for Inference API actions {es-pull}119893[#119893] +* Adding chunking settings to `IbmWatsonxService` {es-pull}114914[#114914] +* Adding default endpoint for Elastic Rerank {es-pull}117939[#117939] +* Adding endpoint creation validation for all task types to remaining services {es-pull}115020[#115020] +* Check for presence of error object when validating streaming responses from integrations in the inference API {es-pull}118375[#118375] +* Ignore failures from renormalizing buckets in read-only index {es-pull}118674[#118674] +* Inference duration and error metrics {es-pull}115876[#115876] +* Migrate stream to core error parsing {es-pull}120722[#120722] +* Remove all mentions of eis and gateway and deprecate flags that do {es-pull}116692[#116692] +* Remove deprecated sort from reindex operation within dataframe analytics procedure {es-pull}117606[#117606] +* Retry on `ClusterBlockException` on transform destination index {es-pull}118194[#118194] +* [Inference API] fix spell words: covertToString to convertToString {es-pull}119922[#119922] + +Mapping:: +* Add Optional Source Filtering to Source Loaders {es-pull}113827[#113827] + +Network:: +* Allow http unsafe buffers by default {es-pull}116115[#116115] +* Http stream activity tracker and exceptions handling {es-pull}119564[#119564] +* Remove HTTP content copies {es-pull}117303[#117303] +* `ConnectTransportException` returns retryable BAD_GATEWAY {es-pull}118681[#118681] (issue: {es-issue}118320[#118320]) + +Ranking:: +* Set default reranker for text similarity reranker to Elastic reranker {es-pull}120551[#120551] + +Recovery:: +* Allow archive and searchable snapshots indices in N-2 version {es-pull}118941[#118941] +* Trigger merges after recovery {es-pull}113102[#113102] + +Reindex:: +* Change Reindexing metrics unit from millis to seconds {es-pull}115721[#115721] + +Search:: +* Add match support for `semantic_text` fields {es-pull}117839[#117839] +* Add support for `sparse_vector` queries against `semantic_text` fields {es-pull}118617[#118617] +* Add support for knn vector queries on `semantic_text` fields {es-pull}119011[#119011] +* Adding linear retriever to support weighted sums of sub-retrievers {es-pull}120222[#120222] +* Address and remove any references of RestApiVersion version 7 {es-pull}117572[#117572] +* Feat: add a user-configurable timeout parameter to the `_resolve/cluster` API {es-pull}120542[#120542] +* Make semantic text part of the text family {es-pull}119792[#119792] +* Only aggregations require at least one shard request {es-pull}115314[#115314] +* Prevent data nodes from sending stack traces to coordinator when `error_trace=false` {es-pull}118266[#118266] +* Propagate status codes from shard failures appropriately {es-pull}118016[#118016] (issue: {es-issue}118482[#118482]) + +Security:: +* Add refresh `.security` index call between security migrations {es-pull}114879[#114879] + +Snapshot/Restore:: +* Add IMDSv2 support to `repository-s3` {es-pull}117748[#117748] (issue: {es-issue}105135[#105135]) +* Expose operation and request counts separately in repository stats {es-pull}117530[#117530] (issue: {es-issue}104443[#104443]) +* Retry `S3BlobContainer#getRegister` on all exceptions {es-pull}114813[#114813] +* Retry internally when CAS upload is throttled [GCS] {es-pull}120250[#120250] (issue: {es-issue}116546[#116546]) +* Track shard snapshot progress during node shutdown {es-pull}112567[#112567] + +Suggesters:: +* Extensible Completion Postings Formats {es-pull}111494[#111494] + +TSDB:: +* Increase field limit for OTel metrics to 10 000 {es-pull}120591[#120591] + +Transform:: +* Add support for `extended_stats` {es-pull}120340[#120340] +* Auto-migrate `max_page_search_size` {es-pull}119348[#119348] +* Create upgrade mode {es-pull}117858[#117858] +* Wait while index is blocked {es-pull}119542[#119542] +* [Deprecation] Add `transform_ids` to outdated index {es-pull}120821[#120821] + +Vector Search:: +* Even better(er) binary quantization {es-pull}117994[#117994] +* Speed up bit compared with floats or bytes script operations {es-pull}117199[#117199] + +[[feature-9.0.0]] +[float] +== New features + +CRUD:: +* Metrics for indexing failures due to version conflicts {es-pull}119067[#119067] + +ES|QL:: +* ESQL - Add Match function options {es-pull}120360[#120360] +* ESQL - Allow full text functions disjunctions for non-full text functions {es-pull}120291[#120291] +* ESQL: Enable async get to support formatting {es-pull}111104[#111104] (issue: {es-issue}110926[#110926]) +* Expand type compatibility for match function and operator {es-pull}117555[#117555] +* ST_EXTENT aggregation {es-pull}117451[#117451] (issue: {es-issue}104659[#104659]) +* Support ST_ENVELOPE and related (ST_XMIN, ST_XMAX, ST_YMIN, ST_YMAX) functions {es-pull}116964[#116964] (issue: {es-issue}104875[#104875]) + +Extract&Transform:: +* [Connector API] Support hard deletes with new URL param in delete endpoint {es-pull}120200[#120200] +* [Connector API] Support soft-deletes of connectors {es-pull}118669[#118669] +* [Connector APIs] Enforce index prefix for managed connectors {es-pull}117778[#117778] + +Highlighting:: +* Add Highlighter for Semantic Text Fields {es-pull}118064[#118064] + +Infra/Core:: +* Infrastructure for assuming cluster features in the next major version {es-pull}118143[#118143] + +Machine Learning:: +* ES|QL categorize with multiple groupings {es-pull}118173[#118173] +* Support mTLS for the Elastic Inference Service integration inside the inference API {es-pull}119679[#119679] +* [Inference API] Add node-local rate limiting for the inference API {es-pull}120400[#120400] + +Mapping:: +* Add option to store `sparse_vector` outside `_source` {es-pull}117917[#117917] + +Ranking:: +* Add a generic `rescorer` retriever based on the search request's rescore functionality {es-pull}118585[#118585] (issue: {es-issue}118327[#118327]) + +Relevance:: +* Add Multi-Field Support for Semantic Text Fields {es-pull}120128[#120128] + +Vector Search:: +* Add new experimental `rank_vectors` mapping for late-interaction second order ranking {es-pull}118804[#118804] +* KNN vector rescoring for quantized vectors {es-pull}116663[#116663] +* Mark bbq indices as GA and add rolling upgrade integration tests {es-pull}121105[#121105] + +[[upgrade-9.0.0]] +[float] +== Upgrades + +Infra/Core:: +* Bump major version for feature migration system indices {es-pull}117243[#117243] +* Update ASM 9.7 -> 9.7.1 to support JDK 24 {es-pull}118094[#118094] + +Machine Learning:: +* Automatically rollover legacy .ml-anomalies indices {es-pull}120913[#120913] +* Automatically rollover legacy ml indices {es-pull}120405[#120405] +* Change the auditor to write via an alias {es-pull}120064[#120064] + +Search:: +* Upgrade to Lucene 10 {es-pull}114741[#114741] +* Upgrade to Lucene 10.1.0 {es-pull}119308[#119308] + + diff --git a/docs/en/install-upgrade/release-notes/release-notes-elasticsearch-rc1.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-elasticsearch-rc1.asciidoc new file mode 100644 index 000000000..7e9f06153 --- /dev/null +++ b/docs/en/install-upgrade/release-notes/release-notes-elasticsearch-rc1.asciidoc @@ -0,0 +1,229 @@ += {es} version 9.0.0-rc1 + +[[breaking-9.0.0-rc1]] +[float] +=== Breaking changes + +The following changes in {es} 9.0 might affect your applications +and prevent them from operating normally. +Before upgrading to 9.0, review these changes and take the described steps +to mitigate the impact. +Also check out <>. + +[discrete] +[[breaking_90_cluster_and_node_setting_changes-rc1]] +==== Cluster and node setting changes + +[[drop_tls_rsa_cipher_support_for_jdk_24]] +.Drop `TLS_RSA` cipher support for JDK 24 +[%collapsible] +==== +*Details* + +This change removes `TLS_RSA` ciphers from the list of default supported ciphers, for Elasticsearch deployments running on JDK 24. + +*Impact* + +The dropped ciphers are `TLS_RSA_WITH_AES_256_GCM_SHA384`, `TLS_RSA_WITH_AES_128_GCM_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA256`, `TLS_RSA_WITH_AES_128_CBC_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA`, and `TLS_RSA_WITH_AES_128_CBC_SHA`. TLS connections to Elasticsearch using these ciphers will no longer work. Please configure your clients to use one of supported cipher suites. +==== + +// TLS:: +// * Drop `TLS_RSA` cipher support for JDK 24 {es-pull}123600[#123600] + +[discrete] +[[deprecated-9.0-rc1]] +=== Deprecations + +The following functionality has been deprecated in {es} 9.0 +and will be removed in a future version. +Also check out <>. + +While this won't have an immediate impact on your applications, +we strongly encourage you to take the described steps to update your code +after upgrading to 9.0. + +To find out if you are using any deprecated functionality, +enable {ref}/logging.html#deprecation-logging[deprecation logging]. + +[discrete] +[[deprecations_90_rest_api-rc1]] +==== REST API deprecations + +[[add_deprecation_warning_for_flush_api]] +.Add deprecation warning for flush API +[%collapsible] +==== +*Details* + +The anomaly detection job flush API is deprecated since it is only required for the post data API, which was deprecated since 7.11.0. + +*Impact* + +This should have a minimal impact on users as the flush API is only required for the post data API, which was deprecated since 7.11.0. +==== + +// Machine Learning:: +// * Add deprecation warning for flush API {es-pull}121667[#121667] (issue: {es-issue}121506[#121506]) + +[discrete] +[[deprecations_90_search-rc1]] +==== Search deprecations + +[[deprecate_behavioral_analytics_crud_apis]] +.Deprecate Behavioral Analytics CRUD apis +[%collapsible] +==== +*Details* + +Behavioral Analytics has been deprecated as of 9.0.0 and will be removed in a future release. The APIs will still work for now, but will emit warning headers that the API has been deprecated. + +*Impact* + +Behavioral Analytics has been deprecated as of 9.0.0 and will be removed in a future release. +==== + +// Search:: +// * Deprecate Behavioral Analytics CRUD apis {es-pull}122960[#122960] + +[[bug-9.0.0-rc1]] +[float] +=== Bug fixes + +Analysis:: +* Adjust exception thrown when unable to load hunspell dict {es-pull}123743[#123743] + +Data streams:: +* Updating `TransportRolloverAction.checkBlock` so that non-write-index blocks do not prevent data stream rollover {es-pull}122905[#122905] + +Downsampling:: +* Improve downsample performance by avoiding to read unnecessary dimension values when downsampling. {es-pull}124451[#124451] + +ES|QL:: +* Add support to VALUES aggregation for spatial types {es-pull}122886[#122886] (issue: {es-issue}122413[#122413]) +* Avoid over collecting in Limit or Lucene Operator {es-pull}123296[#123296] +* Change the order of the optimization rules {es-pull}124335[#124335] +* ESQL: Remove estimated row size assertion {es-pull}122762[#122762] (issue: {es-issue}121535[#121535]) +* ES|QL: Fix scoring for full text functions {es-pull}124540[#124540] +* Fix early termination in `LuceneSourceOperator` {es-pull}123197[#123197] +* Fix function registry concurrency issues on constructor {es-pull}123492[#123492] (issue: {es-issue}123430[#123430]) +* Implicit numeric casting for CASE/GREATEST/LEAST {es-pull}122601[#122601] (issue: {es-issue}121890[#121890]) +* Lazy collection copying during node transform {es-pull}124424[#124424] +* Reduce iteration complexity for plan traversal {es-pull}123427[#123427] +* Revive inlinestats {es-pull}122257[#122257] +* Revive some more of inlinestats functionality {es-pull}123589[#123589] +* Use a must boolean statement when pushing down to Lucene when scoring is also needed {es-pull}124001[#124001] (issue: {es-issue}123967[#123967]) + +Engine:: +* Hold store reference in `InternalEngine#performActionWithDirectoryReader(...)` {es-pull}123010[#123010] (issue: {es-issue}122974[#122974]) + +Highlighting:: +* Restore V8 REST compatibility around highlight `force_source` parameter {es-pull}124873[#124873] + +Indices APIs:: +* Avoid hoarding cluster state references during rollover {es-pull}124107[#124107] (issue: {es-issue}123893[#123893]) +* Updates the deprecation info API to not warn about system indices and data streams {es-pull}122951[#122951] + +Infra/Core:: +* Fix system data streams to be restorable from a snapshot {es-pull}124651[#124651] (issue: {es-issue}89261[#89261]) +* Have create index return a bad request on poor formatting {es-pull}123761[#123761] +* Include data streams when converting an existing resource to a system resource {es-pull}121392[#121392] +* Prevent rare starvation bug when using scaling `EsThreadPoolExecutor` with empty core pool size. {es-pull}124732[#124732] (issue: {es-issue}124667[#124667]) +* System Index Migration Failure Results in a Non-Recoverable State {es-pull}122326[#122326] +* System data streams are not being upgraded in the feature migration API {es-pull}124884[#124884] (issue: {es-issue}122949[#122949]) + +Ingest Node:: +* Fix geoip databases index access after system feature migration (again) {es-pull}122938[#122938] +* Fix geoip databases index access after system feature migration (take 3) {es-pull}124604[#124604] + +Machine Learning:: +* Add `ElasticInferenceServiceCompletionServiceSettings` {es-pull}123155[#123155] +* Add enterprise license check to inference action for semantic text fields {es-pull}122293[#122293] +* Avoid potentially throwing calls to Task#getDescription in model download {es-pull}124527[#124527] +* Fix serialising the inference update request {es-pull}122278[#122278] +* Migrate `model_version` to `model_id` when parsing persistent elser inference endpoints {es-pull}124769[#124769] (issue: {es-issue}124675[#124675]) +* Retry on streaming errors {es-pull}123076[#123076] +* Set Connect Timeout to 5s {es-pull}123272[#123272] +* [Inference API] Fix output stream ordering in `InferenceActionProxy` {es-pull}124225[#124225] + +Mapping:: +* Avoid serializing empty `_source` fields in mappings {es-pull}122606[#122606] +* Merge template mappings properly during validation {es-pull}124784[#124784] (issue: {es-issue}123372[#123372]) + +Ranking:: +* Fix LTR query feature with phrases (and two-phase) queries {es-pull}125103[#125103] + +Search:: +* Do not let `ShardBulkInferenceActionFilter` unwrap / rewrap ESExceptions {es-pull}123890[#123890] +* Don't generate stacktrace in `TaskCancelledException` {es-pull}125002[#125002] +* Fix concurrency issue in `ScriptSortBuilder` {es-pull}123757[#123757] +* Handle search timeout in `SuggestPhase` {es-pull}122357[#122357] (issue: {es-issue}122186[#122186]) +* Let MLTQuery throw IAE when no analyzer is set {es-pull}124662[#124662] (issue: {es-issue}124562[#124562]) + +Snapshot/Restore:: +* Fork post-snapshot-delete cleanup off master thread {es-pull}122731[#122731] +* This PR fixes a bug whereby partial snapshots of system datastreams could be used to restore system features. {es-pull}124931[#124931] + +Suggesters:: +* Return an empty suggestion when suggest phase times out {es-pull}122575[#122575] (issue: {es-issue}122548[#122548]) + +Transform:: +* If the Transform is configured to write to an alias as its destination index, when the delete_dest_index parameter is set to true, then the Delete API will now delete the write index backing the alias {es-pull}122074[#122074] (issue: {es-issue}121913[#121913]) + +Vector Search:: +* Knn vector rescoring to sort score docs {es-pull}122653[#122653] (issue: {es-issue}119711[#119711]) + +[[enhancement-9.0.0-rc1]] +[float] +=== Enhancements + +Authorization:: +* Do not fetch reserved roles from native store when Get Role API is called {es-pull}121971[#121971] + +Data streams:: +* Retry ILM async action after reindexing data stream {es-pull}124149[#124149] +* Set cause on create index request in create from action {es-pull}124363[#124363] + +Downsampling:: +* Improve downsample performance by buffering docids and do bulk processing {es-pull}124477[#124477] +* Improve rolling up metrics {es-pull}124739[#124739] + +ES|QL:: +* Allow skip shards with `_tier` and `_index` in ES|QL {es-pull}123728[#123728] +* ES|QL - Add scoring for full text functions disjunctions {es-pull}121793[#121793] +* Fix Driver status iterations and `cpuTime` {es-pull}123290[#123290] (issue: {es-issue}122967[#122967]) +* Push down `StartsWith` and `EndsWith` functions to Lucene {es-pull}123381[#123381] (issue: {es-issue}123067[#123067]) +* Reuse child `outputSet` inside the plan where possible {es-pull}124611[#124611] + +Infra/CLI:: +* Ignore _JAVA_OPTIONS {es-pull}124843[#124843] + +Infra/Core:: +* Improve size limiting string message {es-pull}122427[#122427] + +Infra/REST API:: +* Indicate when errors represent timeouts {es-pull}124936[#124936] + +Ingest Node:: +* Allow setting the `type` in the reroute processor {es-pull}122409[#122409] (issue: {es-issue}121553[#121553]) + +[[feature-9.0.0-rc1]] +[float] +=== New features + +ES|QL:: +* Initial support for unmapped fields {es-pull}119886[#119886] + +Search:: +* Added optional parameters to QSTR ES|QL function {es-pull}121787[#121787] (issue: {es-issue}120933[#120933]) + +[[upgrade-9.0.0-rc1]] +[float] +=== Upgrades + +Infra/Core:: +* Permanently switch from Java SecurityManager to Entitlements. The Java SecurityManager has been deprecated since Java 17, and it is now completely disabled in Java 24. In order to retain an similar level of protection, Elasticsearch implemented its own protection mechanism, Entitlements. Starting with this version, Entitlements will permanently replace the Java SecurityManager. {es-pull}124865[#124865] + +Packaging:: +* Update bundled JDK to Java 24 {es-pull}125159[#125159] + +Security:: +* Bump nimbus-jose-jwt to 10.0.2 {es-pull}124544[#124544] + +Snapshot/Restore:: +* Upgrade AWS SDK to v1.12.746 {es-pull}122431[#122431] + + diff --git a/docs/en/install-upgrade/release-notes/release-notes-elasticsearch.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-elasticsearch.asciidoc new file mode 100644 index 000000000..1f8448065 --- /dev/null +++ b/docs/en/install-upgrade/release-notes/release-notes-elasticsearch.asciidoc @@ -0,0 +1,8 @@ +[[release-notes-elasticsearch-9.0.0]] += {es} release notes +++++ +{es} +++++ + +include::release-notes-elasticsearch-rc1.asciidoc[leveloffset=+1] +include::release-notes-elasticsearch-beta1.asciidoc[leveloffset=+1] \ No newline at end of file diff --git a/docs/en/install-upgrade/release-notes/release-notes-fleet-agent-beta1.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-fleet-agent-beta1.asciidoc new file mode 100644 index 000000000..273540225 --- /dev/null +++ b/docs/en/install-upgrade/release-notes/release-notes-fleet-agent-beta1.asciidoc @@ -0,0 +1,132 @@ +// Use these for links to issue and pulls. +:kibana-issue: https://github.com/elastic/kibana/issues/ +:kibana-pull: https://github.com/elastic/kibana/pull/ +:beats-issue: https://github.com/elastic/beats/issues/ +:beats-pull: https://github.com/elastic/beats/pull/ +:agent-libs-pull: https://github.com/elastic/elastic-agent-libs/pull/ +:agent-issue: https://github.com/elastic/elastic-agent/issues/ +:agent-pull: https://github.com/elastic/elastic-agent/pull/ +:fleet-server-issue: https://github.com/elastic/fleet-server/issues/ +:fleet-server-pull: https://github.com/elastic/fleet-server/pull/ + +// begin 9.0.0-beta1 relnotes + +[[release-notes-fleet-agent-9.0.0-beta1]] +== {fleet} and {agent} 9.0.0-beta1 + +Review important information about the {fleet} and {agent} 9.0.0-beta1 release. + +[discrete] +[[security-updates-9.0.0-beta1]] +=== Security updates + +{agent}:: +* Update Go version to 1.22.10. {agent-pull}6236[#6236] + +[discrete] +[[breaking-changes-9.0.0-beta1]] +=== Breaking changes + +Breaking changes can prevent your application from optimal operation and +performance. Before you upgrade, review the breaking changes, then mitigate the +impact to your application. + +{fleet}:: + +[discrete] +[[breaking-198434-fleet]] +.Removed deprecated `epm` Fleet APIs. +[%collapsible] +==== +*Details* + +Removed `GET/POST/DELETE /epm/packages/:pkgkey` APIs in favor of the `GET/POST/DELETE /epm/packages/:pkgName/:pkgVersion`: + +** Removed `experimental` query parameter in `GET /epm/packages` and `GET /epm/categories` +** Removed `response` in response in `* /epm/packages*` and `GET /epm/categories` +** Removed `savedObject` in `/epm/packages` response in favor of `installationInfo` + +For more information, refer to ({kibana-pull}198434[#198434]). +==== + +[discrete] +[[breaking-198313-fleet]] +.Removed deprecated Fleet APIs for agents endpoints. +[%collapsible] +==== +*Details* + +Removed the following API endpoints: + +* `POST /service-tokens` in favor of `POST /service_tokens` +* `GET /agent-status` in favor `GET /agent_status` +* `PUT /agents/:agentid/reassign` in favor of `POST /agents/:agentid/reassign` + +Removed deprecated parameters or responses: + +* Removed `total` from `GET /agent_status` response +* Removed `list` from `GET /agents` response + +For more information, refer to ({kibana-pull}198313[#198313]). +==== + +{agent}:: +* Support for `cloud-defend` (Defend for Containers) has been removed in this release. The package has been removed from the {agent} packaging scripts and template Kubernetes files. {agent-pull}5481[#5481] +* The default values for `username` and `password` have been removed for when {agent} is running in container mode. The {es} `api_key` can now be set in that mode using the `ELASTICSEARCH_API_KEY` environment variable. {agent-pull}5536[#5536] +* The default Ubuntu-based Docker images used for {agent} have been changed to UBI-minimal-based images, to reduce the overall footprint of the agent Docker images and to improve compliance with enterprise standards. {agent-pull}6427[#6427] +* The deprecated `--path.install` flag declaration has been removed from the {agent} `paths` command and its use removed from the `container` and `enroll` commands. {agent-pull}6461[#6461] {agent-issue}2489[#2489] +* The default {agent} installation and ugprade have been changed to include only the `agentbeat`, `endpoint-security` and `pf-host-agent` components. Additional components can be included using flags. {agent-pull}6542[#6542] + +[discrete] +[[new-features-9.0.0-beta1]] +=== New features + +The 9.0.0-beta1 release Added the following new and notable features. + +{fleet}:: +* Add new setting allowing automatic deletion of unenrolled agents in {fleet} settings. ({kibana-pull}195544[#195544]) + +{agent}:: +* Add the Azure Asset Inventory definition to Cloudbeat. {agent-pull}5323[#5323] +* Add a new Kubernetes deployment of the Elastic Distribution of OTel Collector named "gateway" to the Helm kube-stack deployment. {agent-pull}6444[#6444] +* Add the filesource providert to composable inputs. The provider watches for changes of the files and updates the values of the variables when the content of the file changes. {agent-pull}6587[#6587] {agent-issue}6362[#6362] +* Add the jmxreceiver to the Elastic Distribution of OTel Collector. {agent-pull}6601[#6601] +* Add support for context variables in outputs as well as a default provider prefix. {agent-pull}6602[#6602] {agent-issue}6376[#6376] +* Add the Nginx receiver and Redis receiver OTel components. {agent-pull}6627[#6627] +* Add new `--id` (`ELASTIC_AGENT_ID` environment variable for container) and `--replace-token` (`FLEET_REPLACE_TOKEN` environment variable for container) enrollment options. {agent-pull}6498[#6498] + +[discrete] +[[enhancements-9.0.0-beta1]] +=== Enhancements + +{fleet}:: +* Improve filtering and visibility of `Uninstalled` and `Orphaned` agents in {fleet}, by differentiating them from `Offline` agents. ({kibana-pull}205815[#205815]) +* Introduce air-gapped configuration for bundled packages. ({kibana-pull}202435[#202435]) +* Update removed parameters of the {fleet} -> {ls} output configurations. ({kibana-pull}210115[#210115]) +* Update the maximum supported package version. ({kibana-pull}196675[#196675]) + +{fleet-server}:: +* Replace the use of `context.TODO` and `context.Background` in logger function calls for most use cases. {fleet-server-pull}4168[#4168] {fleet-server-issue}3087[#3087] +* Refactor the API constructor to use functional opts instead of a long list of pointers. {fleet-server-pull}4169[#4169] {fleet-server-issue}3823[#3823] +* Remove the deprecated `policy_throttle` configuration setting in favour of the newer `policy-limit`. {fleet-server-pull}4288[#4288] +* Add the ability for {agent} to enroll using a specific ID. {fleet-server-pull}4290[#4290] {fleet-server-issue}4226[#4226] + +{agent}:: +* Add the Filebeat receiver into {agent}. {agent-pull}5833[#5833] +* Update OTel components to v0.119.0. {agent-pull}6713[#6713] + +[discrete] +[[bug-fixes-9.0.0-beta1]] +=== Bug fixes + +{fleet}:: +* Fix a validation error that occurs on multi-text input fields. ({kibana-pull}205768[#205768]) + +{fleet-server}:: +* Adding a context timeout to the bulker flush so it times out if it takes more time than the deadline. {fleet-server-pull}3986[#3986] +* Remove a race condition that may occur when remote {es} outputs are used. {fleet-server-pull}4171[#4171] +* Use the `chi/middleware.Throttle` package to track in-flight requests and return a 429 response when the limit is reached. {fleet-server-pull}4402[#4402] {fleet-server-issue}4400[#4400] + +{agent}:: +* Fix logical race conditions in the `kubernetes_secrets` provider. {agent-pull}6623[#6623] +* Resolve the proxy to inject into agent component configurations using the Go `http` package. {agent-pull}6675[#6675] {agent-issue}6209[#6209] + +// end 9.0.0-beta1 relnotes \ No newline at end of file diff --git a/docs/en/install-upgrade/release-notes/release-notes-fleet-agent-rc1.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-fleet-agent-rc1.asciidoc new file mode 100644 index 000000000..70513d2de --- /dev/null +++ b/docs/en/install-upgrade/release-notes/release-notes-fleet-agent-rc1.asciidoc @@ -0,0 +1,83 @@ +// Use these for links to issue and pulls. +:kibana-issue: https://github.com/elastic/kibana/issues/ +:kibana-pull: https://github.com/elastic/kibana/pull/ +:beats-issue: https://github.com/elastic/beats/issues/ +:beats-pull: https://github.com/elastic/beats/pull/ +:agent-libs-pull: https://github.com/elastic/elastic-agent-libs/pull/ +:agent-issue: https://github.com/elastic/elastic-agent/issues/ +:agent-pull: https://github.com/elastic/elastic-agent/pull/ +:fleet-server-issue: https://github.com/elastic/fleet-server/issues/ +:fleet-server-pull: https://github.com/elastic/fleet-server/pull/ + +// begin 9.0.0-rc1 relnotes + +[[release-notes-fleet-agent-9.0.0-rc1]] +== {fleet} and {agent} 9.0.0-rc1 + +[discrete] +[[security-updates-fleet-agent-9.0.0-rc1]] +=== Security updates + +{fleet-server}:: +* Update Go version to 1.24.0. {fleet-server-pull}4543[#4543] + +{agent}:: +* Update Go version to 1.24.0. {agent-pull}7248[#7248] + +[discrete] +[[breaking-changes-fleet-agent-9.0.0-rc1]] +=== Breaking changes + +Breaking changes can prevent your application from optimal operation and +performance. Before you upgrade, review the breaking changes, then mitigate the +impact to your application. + +[discrete] +//[[breaking-7145]] +.The {agent} Docker container location has changed +[%collapsible] +==== +The {agent} Docker container is no longer availble from `docker.elastic.co/beats/elastic-agent`. Use `docker.elastic.co/elastic-agent/elastic-agent` instead. +==== + + +[discrete] +[[enhancements-fleet-agent-9.0.0-rc1]] +=== Enhancements + +{agent}:: +* Include all metadata that is sent to {fleet} in the `agent-info.yaml` file in diagnostics by default. {agent-pull}7029[#7029] +* Update OTel components to v0.120.x. {agent-pull}7050[#7050] +* Adds the ApiKey prefix to the the OTLP managed header configurations. {agent-pull}7063[#7063] +* Add MOtel sample configurations. {agent-pull}6841[#6841] +* Improve `kubernetes_secrets` provider secret logging. {agent-pull}6713[#6713] +* Update `elastic-agent-libs` to v0.18.8. {agent-pull}7234[#7234] +* Add an `elastic.agent.fips` attribute to the `local_metadata` sent to {fleet}. {agent-pull}7112[#7112] + +{fleet-server}:: +* Validate pbkdf2 settings for FIPS compliance. {fleet-server-pull}4542[#4542] +* Update the {agent} upgrade process to prevent FIPS to non-FIPS upgrades. {fleet-server-pull}7312[#7312] + +[discrete] +[[bug-fixes-fleet-agent-9.0.0-rc1]] +=== Bug fixes + +{agent}:: +* Change how Windows process handles are obtained when assigning sub-processes to Job objects. {agent-pull}6825[#6825] +* Fix a potential deadlock case in OTelManager error handling. {agent-pull}6927[#6927] {agent-issue}6119[#6119] +* Fix the TSDB `version_conflict_engine_exception` error caused by incorrect `kube-stack` Helm values. {agent-pull}6928[#6928] +* Make enroll command backoff more conservative. {agent-pull}6983[#6983] +* Add conditions to the `copy_fields` processor. {agent-pull}6730[#6730] {agent-issue}5299[#5299] +* Fix deadlock handling in OTelManager. {agent-pull}6927[#6927] {agent-issue}6119[#6119] +* Fix TSDB version_conflict_engine_exception caused by incorrect kube-stack Helm values. {agent-pull}6928[#6928] +* Add missing null checks to AST methods. {agent-pull}7009[#7009] +* Set the `spec.replicas` field to fix the deployment of the Kubernetes Otel operator. {agent-pull}7011[#7011] +* Fix an issue where `FixPermissions` on Windows incorrectly returned an error message due to improper handling of Windows API return values. {agent-pull}7370[#7370] +* Support IPv6 hosts in the {agent} GRPC configuration. {agent-pull}7035[#7035] +* Support IPv6 hosts in the {agent} monitoring http configuration. {agent-pull}7073[#7073] +* Support IPv6 hosts in the {agent} enroll URL. {agent-pull}7036[#7036] +* Fix permissions for Windows on not found paths and files errors. {agent-pull}7305[#7305] {agent-issue}7301[#7301] +* Make `otelcol` executable in the Docker image. {agent-pull}7345[#7345] {agent-issue}6763[#6763] +* Fixes the {es} exporter configuration in `opentelemetry-kube-stack` values. {agent-pull}7380[#7380] + +// end 9.0.0-rc1 relnotes \ No newline at end of file diff --git a/docs/en/install-upgrade/release-notes/release-notes-fleet-agent.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-fleet-agent.asciidoc new file mode 100644 index 000000000..93a675d53 --- /dev/null +++ b/docs/en/install-upgrade/release-notes/release-notes-fleet-agent.asciidoc @@ -0,0 +1,17 @@ +[[release-notes-fleet-agent-9.0.0]] += {fleet} and {agent} release notes +++++ +{fleet} and {agent} +++++ + +This section summarizes the changes in each release. + +* <> + +Also see: + +* <> +* <> + +include::release-notes-fleet-agent-rc1.asciidoc[] +include::release-notes-fleet-agent-beta1.asciidoc[] diff --git a/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc new file mode 100644 index 000000000..8b2bbd34e --- /dev/null +++ b/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc @@ -0,0 +1,454 @@ +[[release-notes-kibana-9.0.0]] += {kib} 9.0.0-rc1 release notes +++++ +{kib} +++++ + + +Review the following information about the {kib} 9.0.0 release. + +[float] +[[kibana-highlights-9.0.0]] +== Highlights + +[[highlight-borealis]] +*New UI theme*. {kib} 9.0 introduces a more modern and refined look and feel. This new theme brings a vibrant color palette, improved dark mode support (including honoring your system preferences), and more that will bring your data in Kibana to life. + +[float] +[[kibana-known-issues-9.0.0]] +== Known issues + +// tag::known-issue-211850[] +.Upgrade Assistant - Rollup jobs need to be stopped before rollup indices are reindexed. +[%collapsible] +==== +*Details* + +Rollup indices, like all indices, created in 7.x or earlier need to be reindexed in preparation for migration to 9.0. However, in addition to the normal reindex process the rollup job also needs to be accounted for. It needs to be stopped before reindexing begins otherwise there may be a gap in rollup data. The job can be restarted when reindexing is complete. + +This needs to be performed manually until addressed in the upgrade assistant code. + +For more information, refer to https://github.com/elastic/kibana/issues/211850[#211850]. +==== +// end::known-issue-211850[] + + +[float] +[[kibana-breaking-changes-9.0.0]] +== Breaking changes + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade to 9.0.0, review the breaking changes, then mitigate the impact to your application. + +//Needs to be added to upgrade notes and detailed +[discrete] +[[breaking-193792]] +.Usage restrictions on Kibana's internal APIs. +[%collapsible] +==== +*Details* + +Starting with this release, requests to internal Kibana APIs are globally restricted by default. This change is designed to provide more flexibility in making breaking changes to internal APIs while protecting external consumers from unexpected disruptions. + +Key Changes: + +* Internal API Access: External consumers no longer have access to Kibana’s internal APIs, which are now strictly reserved for internal development and subject to frequent changes. This helps ensure that external integrations only interact with stable, public APIs. +* Error Handling: When a request is made to an internal API without the proper internal identifier (header or query parameter), Kibana will respond with a 400 Bad Request error, indicating that the route exists but is not allowed under the current Kibana configuration. + +For more information, refer to ({kibana-pull}193792[#193792]). +==== + +**Alerts and cases** + +//Needs to be added to upgrade notes and detailed +[discrete] +[[breaking-198435]] +.Removed 7.x deprecated kibana.yml settings. +[%collapsible] +==== +*Details* + +The following deprecated configuration settings were removed: + +- `xpack.actions.customHostSettings.ssl.rejectUnauthorized` +- `xpack.actions.whitelistedHosts` +- `xpack.actions.rejectUnauthorized` +- `xpack.actions.proxyRejectUnauthorizedCertificates` +- `xpack.alerts.healthCheck` +- `xpack.alerts.invalidateApiKeysTask.interval` +- `xpack.alerts.invalidateApiKeysTask.removalDelay` +- `xpack.alerting.defaultRuleTaskTimeout` + +For more information, refer to ({kibana-pull}198435[#198435]). +==== + +//Needs to be added to upgrade notes and detailed +[discrete] +[[deprecation-208208]] +.Removed deprecated Cases APIs. +[%collapsible] +==== +*Details* + +The following Cases APIs were removed: + +- Get case status +- Get user actions +- Get all comments + +For more information, refer to ({kibana-pull}208208[#208208]), ({kibana-pull}208086[#208086]), and ({kibana-pull}207926[#207926]). +==== + +//Needs to be added to upgrade notes and detailed +[discrete] +[[deprecation-203148]] +.Removed deprecated alerts routes. +[%collapsible] +==== +*Details* + +The deprecated legacy alerts routes `api/alerts/alert` were removed. For more information, refer to ({kibana-pull}203148[#203148]). +==== + +**Discover and dashboards** + +//Needs to be added to upgrade notes and detailed +[discrete] +[[breaking-203927]] +.Disabled search sessions by default. +[%collapsible] +==== + +Search sessions are now disabled by default. For more information, refer to (#203927). + +*Details* + +The button in Discover and Dashboards to create a new search session will no longer appear. + +*Impact* + +This impacts all users. + +*Action* + +To enable search sessions for all users, please set `data.search.sessions.enabled: true` in `kibana.yml`. + +==== + +//Already added to upgrade notes +[discrete] +[[breaking-202863]] +.Saved query privileges have been reworked. +[%collapsible] +==== +*Details* + +Saved query privileges have been reworked to rely solely on a single global `savedQueryManagement` privilege, and eliminate app-specific overrides (e.g. implicit access with `all` privilege for Discover, Dashboard, Maps, and Visualize apps). This change simplifies the security model and ensures consistency in the saved query management UI across Kibana, but results in different handling of saved query privileges for new user roles, and minor breaking changes to the existing management UX. +For more information, refer to {kibana-pull}202863[#202863]. + +*Impact* + +The `savedQueryManagement` feature privilege now globally controls access to saved query management for all new user roles. Regardless of privileges for Discover, Dashboard, Maps, or Visualize, new user roles follow this behaviour: + +* If `savedQueryManagement` is `none`, the user cannot see or access the saved query management UI or APIs. +* If `savedQueryManagement` is `read`, the user can load queries from the UI and access read APIs, but cannot save queries from the UI or make changes to queries through APIs. +* If `savedQueryManagement` is `all`, the user can both load and save queries from the UI and through APIs. + +*Action* + +Existing user roles that were previously implicitly granted access to saved queries through the dashboard, discover, visualize, or maps feature privileges will retain that access to prevent breaking changes. While no action is required for existing roles, it’s still advisable to audit relevant roles and re-save them to migrate to the latest privileges model. For new roles, ensure that the savedQueryManagement privilege is set as needed. +==== + +//Needs to be added to upgrade notes and detailed +[discrete] +[[breaking-202679]] +.Removed `discover:searchFieldsFromSource` setting. +[%collapsible] +==== +The `discover:searchFieldsFromSource` advanced setting has been removed. + +*Details* + +Users can no longer configure Discover to load fields from `_source`. This is an internal optimization and should have little impact on users. https://github.com/elastic/kibana/pull/202679 +==== + +//Needs to be added to upgrade notes and detailed +[discrete] +[[breaking-201254]] +.Removed the legacy table in Discover. +[%collapsible] +==== +*Details* + +It's no longer possible to use the legacy documents table in Discover. To that effect, the `doc_table:legacy` and `truncate:maxHeight` deprecated advanced settings have been removed. For more information, refer to ({kibana-pull}201254[#201254]). + +*Impact* + +This is primarily a UX change and should have little impact on Discover users. + +==== + +//Already added to upgrade notes +[discrete] +[[breaking-202250]] +.Scripted field creation has been disabled in the Data Views management page. +[%collapsible] +==== +*Details* + +The ability to create new scripted fields has been removed from the *Data Views* management page in 9.0. Existing scripted fields can still be edited or deleted, and the creation UI can be accessed by navigating directly to `/app/management/kibana/dataViews/dataView/{dataViewId}/create-field`, but we recommend migrating to runtime fields or ES|QL queries instead to prepare for removal. +For more information, refer to {kibana-pull}202250[#202250]. + +*Impact* + +It will no longer be possible to create new scripted fields directly from the *Data Views* management page. + +*Action* + +Migrate to runtime fields or ES|QL instead of creating new scripted fields. Existing scripted fields can still be edited or deleted. +==== + + + +**Elastic Observability solution** + +//Needs to be added to upgrade notes and detailed +[discrete] +[[breaking-202278]] +.Profiling now defaults to 19Hz sampling frequency. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}202278[#202278]). +==== + +//Needs to be added to upgrade notes and detailed +[discrete] +[[deprecation-203996]] +.Disabled log stream and settings pages. +[%collapsible] +==== +*Details* + +Logs Stream and the logs settings page in Observability are removed. Use the Discover application, which now offers a contextual experience for logs, to explore your logs. The logs stream panel in dashboards is removed, use Discover sessions instead. + +For more information, refer to ({kibana-pull}203996[#203996]). +==== + +//Needs to be added to upgrade notes and detailed +[discrete] +[[deprecation-203685]] +.Removed Logs Explorer. +[%collapsible] +==== +*Details* + +Logs Explorer has been removed. Instead, you can use Discover, that was improved to provide an optimal logs exploration experience. For more information, refer to ({kibana-pull}203685[#203685]). +==== + +**Elastic Security solution** + +For the Elastic Security 9.0.0 release information, refer to <>. + +**Data ingestion and Fleet** + +//Needs to be added to upgrade notes and detailed +[discrete] +[[breaking-198799]] +.Removed deprecated settings API endpoints in Fleet. +[%collapsible] +==== +*Details* + + +* `GET/DELETE/POST enrollment-api-keys`: removed in favor of `GET/DELETE/POST enrollment_api_keys` +* Removed `list` property from `GET enrollment_api_keys` response in favor of `items` +* `GET/POST /settings`: `fleet_server_hosts` was removed from the response and body + +For more information, refer to ({kibana-pull}198799[#198799]). +==== + +//Needs to be added to upgrade notes and detailed +[discrete] +[[breaking-198313]] +.Removed deprecated Fleet APIs for agents endpoints. +[%collapsible] +==== +*Details* + + +Removed API endpoints: + +* `POST /service-tokens` in favor of `POST /service_tokens` +* `GET /agent-status` in favor `GET /agent_status` +* `PUT /agents/:agentid/reassign` in favor of `POST /agents/:agentid/reassign` + +Removed deprecated parameters or responses: + +* Removed `total` from `GET /agent_status` response +* Removed `list` from `GET /agents` response + +For more information, refer to ({kibana-pull}198313[#198313]). +==== + +//Needs to be added to upgrade notes and detailed +[discrete] +[[breaking-198434]] +.Removed deprecated `epm` Fleet APIs. +[%collapsible] +==== +*Details* + + +* Removed `GET/POST/DELETE /epm/packages/:pkgkey` APIs in favor of `GET/POST/DELETE /epm/packages/:pkgName/:pkgVersion` +* Removed `experimental` query parameter in `GET /epm/packages` and `GET /epm/categories` +* Removed `response` in response in `* /epm/packages*` and `GET /epm/categories` +* Removed `savedObject` in `/epm/packages` response in favor of `installationInfo` + +For more information, refer to ({kibana-pull}198434[#198434]). +==== + +//Needs to be added to upgrade notes and detailed +[discrete] +[[breaking-199226]] +.Removed deprecated `topics` property for kafka output in favor of the `topic` property. +[%collapsible] +==== +*Details* + +Removed deprecated property `topics` from output APIs in response and requests (`(GET|POST|PUT) /api/fleet/outputs`) in favor of the `topic` property. For more information, refer to ({kibana-pull}199226[#199226]). +==== + +//Needs to be added to upgrade notes and detailed +[discrete] +[[breaking-196887]] +.Limit pagination size to 100 when retrieving full policy or `withAgentCount` in Fleet. +[%collapsible] +==== +*Details* + +In addition to the new pagination limit size of 100, retrieving agent policies without agent count is now the new default behavior, and a new query parameter `withAgentCount` was added to retrieve the agent count. + +For more information, refer to ({kibana-pull}196887[#196887]). +==== + +**Reporting** + +//Needs to be added to upgrade notes and detailed +[discrete] +[[breaking-200834]] +.Now using Kibana feature privileges only to control access to reporting features. +[%collapsible] +==== +*Details* + +The default system of granting users the privilege to generate reports has changed. Rather than assigning users the `reporting_user` role, administrators should create a custom role that grants report-creation privileges using Kibana application privileges. For more information, refer to ({kibana-pull}200834[#200834]). +==== + + +//Needs to be added to upgrade notes and detailed +[discrete] +[[breaking-199033]] +.Removed the "Download CSV" export type functionality. +[%collapsible] +==== +*Details* + +The functionality that allowed to download a CSV export from a dashboard's saved search panel without creating a report has been removed. To export CSV data from a dashboard panel, you may use the action menu of a saved search panel in a dashboard to generate a CSV report, and download the report from a toast popup when the report has finished generating. For more information, refer to ({kibana-pull}199033[#199033]). +==== + + +**Kibana security** + +//Needs to be added to upgrade notes and detailed +[discrete] +[[breaking-213123]] +.Removed default `--openssl-legacy-provider`. +[%collapsible] +==== +*Details* + +Legacy OpenSSL algorithms have been disabled by default. Further information on which algorithms can be found at https://docs.openssl.org/3.0/man7/OSSL_PROVIDER-legacy. These can be re-enabled by adding `--openssl-legacy-provider` to $KBN_PATH_CONF/node.options. For more information, refer to ({kibana-pull}213123[#213123]). +==== + +//Needs to be added to upgrade notes and detailed +[discrete] +[[deprecation-203856]] +.Removed `TLSv1.1` from the default set of supported protocols. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}203856[#203856]). +==== + + + +[float] +[[kibana-deprecations-9.0.0]] +== Deprecations + +The following functionality is deprecated in 9.0.0, and will be removed in 10.0.0. +Deprecated functionality does not have an immediate impact on your application, but we strongly recommend +you make the necessary updates after you upgrade to 9.0.0. + + +[discrete] +[[deprecation-201313]] +.Removed ephemeral tasks from task manager, action, and alerting plugins. +[%collapsible] +==== +*Details* + + +Deprecates the following configuration settings: + +* `xpack.task_manager.ephemeral_tasks.enabled` +* `xpack.task_manager.ephemeral_tasks.request_capacity` +* `xpack.alerting.maxEphemeralActionsPerAlert` + +No action is required on the user's end. These settings will no longer have any effect as ephemeral tasks are now removed. + +For more information, refer to ({kibana-pull}201313[#201313]). +==== + + +[discrete] +[[kibana-deprecation-197802]] +.Removed `visualization:colorMapping` advanced setting. +[%collapsible] +==== +*Details* + +The `visualization:colorMapping` advanced setting for TSVB and Visualize charts has been removed. You can switch to Lens charts, which offer a more advanced, per-chart color mapping feature with enhanced configuration options. For more details, refer to link:https://github.com/elastic/kibana/pull/162389[#162389]. +==== + + +[float] +[[features-9.0.0]] +== Features +{kib} 9.0.0 adds the following new and notable features. + +Data ingestion and Fleet:: +* New setting allowing automatic deletion of unenrolled agents in Fleet settings ({kibana-pull}195544[#195544]). +Elastic Security solution:: +* For the Elastic Security 9.0.0 release information, refer to <>. + +//For more information about the features introduced in 9.0.0, refer to <>. + +//For detailed information about the 9.0.0 release, review the enhancements and bug fixes. + +[float] +[[kibana-enhancement-v9.0.0]] +== Enhancements +//Dashboards & Visualizations:: +Data ingestion and Fleet:: +* Improves filtering and visibility of `Uninstalled` and `Orphaned` agents in Fleet, by differentiating them from `Offline` agents ({kibana-pull}205815[#205815]). +* Introduces air-gapped configuration for bundled packages ({kibana-pull}202435[#202435]). +* Updates removed parameters of the Fleet -> Logstash output configurations ({kibana-pull}210115[#210115]). +* Updates max supported package version ({kibana-pull}196675[#196675]). +//* Remove old bundled.yaml from oas, fixed tags ({kibana-pull}194788[#194788]). +Elastic Observability solution:: +* Split Up SLO Details from Overview. Static data that describes the SLO definition has been moved to a separate tab, making charts and valuable information about SLIs faster to access. ({kibana-pull}212826[#212826]). +* Adds the reason message to the rules recovery context ({kibana-pull}211411[#211411]). +* Adds a link to the location badge on synthetics SLOs that sends to the Monitors page with a filter applied that matches the location of the origin SLO ({kibana-pull}210695[#210695]). +Elastic Security solution:: +* For the Elastic Security 9.0.0 release information, refer to <>. +Kibana security:: +* Updates `js-yaml` to `4.1.0` ({kibana-pull}190678[#190678]). +Machine Learning:: +* Removes use of `ignore_throttled` ({kibana-pull}199107[#199107]). +Platform:: +* Adds warning header to deprecated API endpoints ({kibana-pull}205926[#205926]). +* Sets HTTP2 as default if SSL is enabled and adds deprecation log if SSL is not enabled or protocol is set to HTTP1 ({kibana-pull}204384[#204384]). + +[float] +[[kibana-fixes-v9.0.0]] +== Fixes +Dashboards & Visualizations:: +* Fixes an issue in Lens where colors behind text were not correctly assigned, such as in `Pie`, `Treemap` and `Mosaic` charts. +//* Fixes an issue with `Amsterdam` theme where charts render with the incorrect background color ({kibana-pull}209595[#209595]). +* Fixes an issue where changing the *Ignore timeout results* control setting wasn't taken into account ({kibana-pull}208611[#208611]). +* Force returns 0 on empty buckets on count if `null` flag is disabled ({kibana-pull}207308[#207308]). +* Fixes infinite loading time for some charts due to search context reload ({kibana-pull}203150[#203150]). +Data ingestion and Fleet:: +* Fixes a validation error happening on multi-text input fields ({kibana-pull}205768[#205768]). +Elastic Observability solution:: +* Fixes an issue where clicking on the name badge for a synthetics monitor on an SLO details page would lead to a page that failed to load monitor details ({kibana-pull}210695[#210695]). +* Allows use of wildcard filters in SLO queries when DSL filters are also used ({kibana-pull}213119[#213119]). +* Fixes chat on the Alerts page ({kibana-pull}197126[#197126]). +* Fixes an error that could prevent the Observability Infrastructure Inventory view from loading after an upgrade due to missing versioning on inventory_view_saved_object ({kibana-pull}207007[#207007]). +Elastic Security solution:: +* For the Elastic Security 9.0.0 release information, refer to <>. +Platform:: +* Fixes several interface inconsistencies on the Space creation and settings pages ({kibana-pull}197303[#197303]). diff --git a/docs/en/install-upgrade/release-notes/release-notes-logstash-rc1.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-logstash-rc1.asciidoc new file mode 100644 index 000000000..e9b785415 --- /dev/null +++ b/docs/en/install-upgrade/release-notes/release-notes-logstash-rc1.asciidoc @@ -0,0 +1,126 @@ += {ls} version 9.0.0-rc1 + +== Breaking changes + +[[pipeline-buffer-type]] +=== Pipeline buffer type changed to 'heap' + +Set `pipeline.buffer.type` to `direct` to continue using direct memory with {agent}, {beats}, TCP, and HTTP input plugins https://github.com/elastic/logstash/pull/16500[#16500] + +[[removed-params]] +=== Removed deprecated params + +`http.*` params replaced by `api.*` are removed https://github.com/elastic/logstash/pull/16552[#16552] + +`event_api.tags.illegal` no longer exists. +Instead, {ls} generates `_tagsparsefailure` in the event `tags` and the illegal value is written to the `_tags` field https://github.com/elastic/logstash/pull/16461[#16461] + +[[removed-modules]] +=== Removed {ls} modules + +Removed netflow, fb_apache and azure https://github.com/elastic/logstash/pull/16514[#16514] + +Removed Arcsight module and the modules framework https://github.com/elastic/logstash/pull/16794[#16794] + +Removed ingest-converter https://github.com/elastic/logstash/pull/16453[#16453] + +[[jdk-11-support-drop]] +=== JDK 11 support drop + +Starting with {ls} 9.0, we no longer support Java 11 https://github.com/elastic/logstash/pull/16443[#16443] + +[[docker-base-image-change]] +=== Docker base image change + +{ls} on Docker, Ubuntu base image changed to UBI https://github.com/elastic/logstash/pull/16599[#16599] + +[[allow-superuser]] +=== {ls} does not run with superuser by default + +Starting with 9.0, set `allow_superuser` to `true` if you prefer running {ls} as a superuser https://github.com/elastic/logstash/pull/16558[#16558] + +[[allow-legacy-monitoring]] +=== {ls} introduces new setting to allow legacy internal monitoring + +Starting from 9.0, set `xpack.monitoring.allow_legacy_collection` to `true` to explicitly permit legacy monitoring https://github.com/elastic/logstash/pull/16586[#16586] + +[[avoid-collision-on-json-fileds]] +=== {ls} avoids JSON log lines collision + +`log.format.json.fix_duplicate_message_fields` config is enabled by default to avoid collision on `message` field in log lines when `log.format` is JSON https://github.com/elastic/logstash/pull/16578[#16578] + + +[[logstash-900-rc1-features-enhancements]] +== Features and enhancements + +* Use UBI9 as base image https://github.com/elastic/logstash/pull/17174[#17174] +* Improve plugins remove command to support multiple plugins https://github.com/elastic/logstash/pull/17030[#17030] +* Allow concurrent Batch deserialization https://github.com/elastic/logstash/pull/17050[#17050] + + +[[logstash-900-rc1-fixes]] +== Fixes + +* Fix pqcheck and pqrepair on Windows https://github.com/elastic/logstash/pull/17210[#17210] +* Fix empty node stats pipelines https://github.com/elastic/logstash/pull/17185[#17185] + +[[logstash-900-rc1-plugins]] +== Plugin releases + +*elastic_integration Filter - 9.0.0* + +* 9.0 prerelease compatible plugin version https://github.com/elastic/logstash-filter-elastic_integration/pull/265[#265] + +*Elasticsearch Filter - 4.1.0* + +* Remove deprecated SSL settings https://github.com/logstash-plugins/logstash-filter-elasticsearch/pull/183[#183] + +*Http Filter - 2.0.0* + +* Remove deprecated SSL settings https://github.com/logstash-plugins/logstash-filter-http/pull/54[#54] + +*Beats Input - 7.0.1* + +* Remove deprecated SSL settings https://github.com/logstash-plugins/logstash-input-beats/pull/508[#508] + +*Elastic_serverless_forwarder Input - 2.0.0* + +* Remove deprecated SSL settings https://github.com/logstash-plugins/logstash-input-elastic_serverless_forwarder/pull/11[#11] + +* Promote from technical preview to GA https://github.com/logstash-plugins/logstash-input-elastic_serverless_forwarder/pull/10[#10] + +*Elasticsearch Input - 5.0.0* + +* Remove deprecated SSL settings https://github.com/logstash-plugins/logstash-input-elasticsearch/pull/213[#213] + +*Http Input - 4.1.0* + +* Remove deprecated SSL settings https://github.com/logstash-plugins/logstash-input-http/pull/182[#182] + +*Http_poller Input - 6.0.0* + +* Remove deprecated SSL settings https://github.com/logstash-plugins/logstash-input-http_poller/pull/149[#149] + +*Tcp Input - 7.0.0* + +* Remove deprecated SSL settings https://github.com/logstash-plugins/logstash-input-tcp/pull/228[#228] + +*Kafka Integration - 11.6.0* + +* Support additional `oauth` and `sasl` configuration options for configuring kafka client https://github.com/logstash-plugins/logstash-integration-kafka/pull/189[#189] + +*Snmp Integration - 4.0.6* + +* [DOC] Fix typo in snmptrap migration section https://github.com/logstash-plugins/logstash-integration-snmp/pull/74[#74] + +*Elasticsearch Output - 12.0.2* + +* Remove deprecated SSL settings https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1197[#1197] + +*Http Output - 6.0.0* + +* Remove deprecated SSL settings https://github.com/logstash-plugins/logstash-output-http/pull/147[#147] + +*Tcp Output - 7.0.0* + +* Remove deprecated SSL settings https://github.com/logstash-plugins/logstash-output-tcp/pull/58[#58] diff --git a/docs/en/install-upgrade/release-notes/release-notes-logstash.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-logstash.asciidoc new file mode 100644 index 000000000..d749f66d7 --- /dev/null +++ b/docs/en/install-upgrade/release-notes/release-notes-logstash.asciidoc @@ -0,0 +1,7 @@ +[[release-notes-logstash-9.0.0]] += {ls} release notes +++++ +{ls} +++++ + +include::release-notes-logstash-rc1.asciidoc[leveloffset=+1] diff --git a/docs/en/install-upgrade/release-notes/release-notes-security-beta1.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-security-beta1.asciidoc new file mode 100644 index 000000000..d33ebf9d2 --- /dev/null +++ b/docs/en/install-upgrade/release-notes/release-notes-security-beta1.asciidoc @@ -0,0 +1,60 @@ += {elastic-sec} version 9.0.0-beta1 + +[discrete] +[[breaking-changes-9.0.0-beta]] +== Breaking changes +* Refactors the Timeline HTTP API endpoints ({kibana-pull}200633[#200633]). +* Removes deprecated API endpoints for {elastic-defend} ({kibana-pull}199598[#199598]). +* Removes deprecated API endpoints for bulk CRUD actions on detection rules ({kibana-pull}197422[#197422], {kibana-pull}207906[#207906]). + +[discrete] +[[deprecations-9.0.0-beta]] +== Deprecations +* Renames the `integration-assistant` plugin to `automatic-import` to match the associated feature ({kibana-pull}207325[#207325]). +* Removes all legacy risk engine code and features ({kibana-pull}201810[#201810]). +* Removes deprecated API endpoints for {elastic-defend} ({kibana-pull}199598[#199598]). +* Deprecates the SIEM signals migration APIs ({kibana-pull}202662[#202662]). + +[discrete] +[[known-issue-9.0.0-beta]] +== Known issues + +// tag::known-issue[] +[discrete] +.Duplicate alerts can be produced from manually running threshold rules +[%collapsible] +==== +*Details* + +On November 12, 2024, it was discovered that manually running threshold rules could produce duplicate alerts if the date range was already covered by a scheduled rule execution. +==== +// end::known-issue[] + +// tag::known-issue[] +[discrete] +.Manually running custom query rules with suppression could suppress more alerts than expected +[%collapsible] +==== +*Details* + +On November 12, 2024, it was discovered that manually running a custom query rule with suppression could incorrectly inflate the number of suppressed alerts. +==== +// end::known-issue[] + +[discrete] +[[features-9.0.0-beta]] +== New features +* Enables Automatic Import to accept CEL log samples ({kibana-pull}206491[#206491]). +* Applies the latest Elastic UI framework (EUI) to {elastic-sec} features ({kibana-pull}204007[#204007], {kibana-pull}204908[#204908]). +* Adds the option to view {es} queries that run during rule execution for threshold, custom query, and {ml} rules ({kibana-pull}203320[#203320]). + +[discrete] +[[enhancements-9.0.0-beta]] +== Enhancements +* Enhances Automatic Import by including setup and troubleshooting documentation for each input type that's selected in the readme ({kibana-pull}206477[#206477]). +* Allows users to include `closed` alerts in risk score calculations ({kibana-pull}201909[#201909]). +* Adds the ability to continue to the Entity Analytics dashboard when there is no data ({kibana-pull}201363[#201363]). +* Modifies the privilege-checking behavior during rule execution. Now, only read privileges of extant indices are checked during rule execution ({kibana-pull}177658[#177658]). + +[discrete] +[[bug-fixes-9.0.0-beta]] +== Bug fixes +* Ensures that table actions use standard colors ({kibana-pull}207743[#207743]). \ No newline at end of file diff --git a/docs/en/install-upgrade/release-notes/release-notes-security-rc1.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-security-rc1.asciidoc new file mode 100644 index 000000000..566154e5b --- /dev/null +++ b/docs/en/install-upgrade/release-notes/release-notes-security-rc1.asciidoc @@ -0,0 +1,63 @@ += {elastic-sec} version 9.0.0-rc1 + +NOTE: All features introduced in 8.18.0 are also available in 9.0.0. + +[discrete] +[[breaking-changes-9.0.0-rc1]] +== Breaking changes +* Refactors the Timeline HTTP API endpoints ({kibana-pull}200633[#200633]). +* Removes deprecated API endpoints for {elastic-defend} ({kibana-pull}199598[#199598]). +* Removes deprecated API endpoints for bulk CRUD actions on detection rules ({kibana-pull}197422[#197422], {kibana-pull}207906[#207906]). + +[discrete] +[[deprecations-9.0.0-rc1]] +== Deprecations +* Renames the `integration-assistant` plugin to `automatic-import` to match the associated feature ({kibana-pull}207325[#207325]). +* Removes all legacy risk engine code and features ({kibana-pull}201810[#201810]). +* Removes deprecated API endpoints for {elastic-defend} ({kibana-pull}199598[#199598]). +* Deprecates the SIEM signals migration APIs ({kibana-pull}202662[#202662]). + +[discrete] +[[known-issue-9.0.0-rc1]] +== Known issues + +// tag::known-issue[] +[discrete] +.Duplicate alerts can be produced from manually running threshold rules +[%collapsible] +==== +*Details* + +On November 12, 2024, it was discovered that manually running threshold rules could produce duplicate alerts if the date range was already covered by a scheduled rule execution. +==== +// end::known-issue[] + +// tag::known-issue[] +[discrete] +.Manually running custom query rules with suppression could suppress more alerts than expected +[%collapsible] +==== +*Details* + +On November 12, 2024, it was discovered that manually running a custom query rule with suppression could incorrectly inflate the number of suppressed alerts. +==== +// end::known-issue[] + +[discrete] +[[features-9.0.0-rc1]] +== New features +* Enables Automatic Import to accept CEL log samples ({kibana-pull}206491[#206491]). +* Applies the latest Elastic UI framework (EUI) to {elastic-sec} features ({kibana-pull}204007[#204007], {kibana-pull}204908[#204908]). +* Adds the option to view {es} queries that run during rule execution for threshold, custom query, and {ml} rules ({kibana-pull}203320[#203320]). + +[discrete] +[[enhancements-9.0.0-rc1]] +== Enhancements +* Enhances Automatic Import by including setup and troubleshooting documentation for each input type that's selected in the readme ({kibana-pull}206477[#206477]). +* Allows users to include `closed` alerts in risk score calculations ({kibana-pull}201909[#201909]). +* Adds the ability to continue to the Entity Analytics dashboard when there is no data ({kibana-pull}201363[#201363]). +* Modifies the privilege-checking behavior during rule execution. Now, only read privileges of extant indices are checked during rule execution ({kibana-pull}177658[#177658]). + +[discrete] +[[bug-fixes-9.0.0-rc1]] +== Bug fixes +* Ensures that table actions use standard colors ({kibana-pull}207743[#207743]). +* Fixes a bug with the **Save and continue** button on a {fleet} form ({kibana-pull}211563[#211563]). \ No newline at end of file diff --git a/docs/en/install-upgrade/release-notes/release-notes-security.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-security.asciidoc new file mode 100644 index 000000000..f3ce392ec --- /dev/null +++ b/docs/en/install-upgrade/release-notes/release-notes-security.asciidoc @@ -0,0 +1,8 @@ +[[release-notes-security-9.0.0]] += {elastic-sec} release notes +++++ +{elastic-sec} +++++ + +include::release-notes-security-rc1.asciidoc[leveloffset=+1] +include::release-notes-security-beta1.asciidoc[leveloffset=+1] \ No newline at end of file diff --git a/docs/en/install-upgrade/release-notes/release-notes.asciidoc b/docs/en/install-upgrade/release-notes/release-notes.asciidoc new file mode 100644 index 000000000..0f1be17e3 --- /dev/null +++ b/docs/en/install-upgrade/release-notes/release-notes.asciidoc @@ -0,0 +1,13 @@ +[[elastic-stack-release-notes]] += Release notes + +This section summarizes the changes in the {stack} releases. + +* <> +* <> +* <> +* <> +* <> +* <> + + diff --git a/docs/en/install-upgrade/serverless-changelog.asciidoc b/docs/en/install-upgrade/serverless-changelog.asciidoc new file mode 100644 index 000000000..a0bd8258a --- /dev/null +++ b/docs/en/install-upgrade/serverless-changelog.asciidoc @@ -0,0 +1,772 @@ +[[serverless-changelog]] +== Elastic Cloud Serverless changelog +++++ +Serverless changelog +++++ + +Review the latest improvements and changes to Elastic Cloud Serverless. + +For serverless API changes, refer to https://www.elastic.co/docs/api/changes[APIs Changelog]. + +For serverless changes in Cloud Console, refer to https://www.elastic.co/guide/en/cloud/current/ec-release-notes.html[Elasticsearch Service Documentation: Release notes]. + +[discrete] +[[serverless-changelog-04142025]] +=== April 14, 2025 + +[discrete] +[[features-enhancements-04142025]] +==== Features and enhancements +* Enables archiving of conversations in the Elastic Observability Serverless AI Assistant ({kibana-pull}216012[#216012]). +* Moves job and trained model management features into *Stack Management* ({kibana-pull}204290[#204290]). +* Adds Engine initialization API to Elastic Security Serverless ({kibana-pull}215663[#215663]). +* Allows creating an ES|QL control by entering a question mark (`?`) in the query ({kibana-pull}216839[#216839]). +* Improves UI handling of multiple CVEs and package fields ({kibana-pull}216411[#216411]). +* Adds support for Windows MSI commands for Fleet and Elastic Agent installations ({kibana-pull}217217[#217217]). +* Reuses shared integration policies when duplicating agent policies in Fleet ({kibana-pull}217872[#217872]). +* Enables adding badges to all list items in the side navigation except the section header ({kibana-pull}217301[#217301]). + +[discrete] +[[fixes-04142025]] +==== Fixes +* Fixes error message when previewing index templates used by data streams ({kibana-pull}217604[#217604]). +* Wraps text in search bars ({kibana-pull}217556[#217556]). +* Adds support for `textBased` layers in ES|QL visualizations ({kibana-pull}216358[#216358]). +* Corrects the alert count displayed in *Monitor* details ({kibana-pull}216761[#216761]). +* Fixes the *Save visualization* action on the Monitors *Overview* tab ({kibana-pull}216695[#216695]). +* Removes direct function calling from the chat input Elastic Observability Serverless AI Assistant ({kibana-pull}217359[#217359]). +* Adds missing `aria-label` attributes to some buttons under the Services and Services Groups pages ({kibana-pull}217325[#217325]). +* Improves knowledge base installation flow and inference endpoint management ({kibana-pull}214133[#214133]). +* Improves `aria-label` for `EuiCodeBlock` on the APM onboarding page ({kibana-pull}217292[#217292]). +* Adds `source` and `target` fields to the `Dataset Quality Navigated` event ({kibana-pull}217575[#217575]). +* Improves `aria-label` attributes for latency correlations ({kibana-pull}217512[#217512]). +* Fixes navigation to the *Search Connectors* page ({kibana-pull}217749[#217749]). +* Sorts the *Environment* dropdown alphabetically in the APM UI ({kibana-pull}217710[#217710]). +* Ensures the Request Inspector shows accurate request and response data for successful scenarios ({kibana-pull}216519[#216519]). +* Fixes the `Change Point Detection` embeddable in dashboards ({kibana-pull}217178[#217178]). +* Fixes page crashes caused by the *Use full data* button ({kibana-pull}217291[#217291]). +* Filters inference connectors that lack existing endpoints in *Connectors* ({kibana-pull}217641[#217641]). +* Fixes focusability and keyboard access issues with the *Export* tab in the *Share this dashboard* modal ({kibana-pull}217313[#217313]). + +[discrete] +[[serverless-changelog-04072025]] +=== April 7, 2025 + +[discrete] +[[features-enhancements-04072025]] +==== Features and enhancements +* Adds keyboard navigation for drag-and-drop interactions in Dashboards ({kibana-pull}208286[#208286]). +* Adds 'Read More' and 'Read Less' functionality to fields in Document view in Discover ({kibana-pull}215326[#215326]). +* Injects and extracts tag references in Dashboards ({kibana-pull}214788[#214788]). +* Adds an option to User Settings that allows the Kibana interface to display in a high contrast mode ({kibana-pull}216242[#216242]). +* Adds a back external link indicator to the side navigation ({kibana-pull}215946[#215946]). +* Adds a default metrics dashboard for Node.js open telemetry in Elastic Observability Serverless ({kibana-pull}215735[#215735]). +* Replaces Sourcerer with the the Discover Data View picker in Elastic Security Serverless ({kibana-pull}210585[#210585]). +* Replaces Sourcerer in the global header in Elastic Security Serverless ({kibana-pull}216685[#216685]). +* Handles grouping in multivalue fields in Elastic Security Serverless ({kibana-pull}215913[#215913]). +* Adds validation and autocomplete support for the `CHANGE_POINT` command in ES|QL ({kibana-pull}216043[#216043]). +* Adds support for aggregrate filtering in the ES|QL editor ({kibana-pull}216379[#216379]). +* Changes the agent details last activity value to show the formatted datetime in Fleet ({kibana-pull}215531[#215531]). +* Allows SSL configuration to be disabled for the Fleet agent Logstash output ({kibana-pull}216216[#216216]). +* Enhances the display for anomaly time function values for Machine Learning ({kibana-pull}216142[#216142]). +* Adds Voyage AI and DeepSeek icons for Machine Learning ({kibana-pull}216651[#216651]). +* Moves rule settings to a flyout instead of a modal ({kibana-pull}216162[#216162]). + +[discrete] +[[fixes-04072025]] +==== Fixes +* Fixes a race condition in `useBatchedPublishingSubjects` in Dashboards and visualizations ({kibana-pull}216399[#216399]). +* Fixes State being dropped when editing visualize embeddables in Dashboards and visualizations ({kibana-pull}216901[#216901]). +* Updates the HTTP API response from 201 to 200 in Dashboards and visualizations ({kibana-pull}217054[#217054]). +* Fixes an issue where scaling edits weren't saved in Dashboards and visualizations ({kibana-pull}217235[#217235]). +* Fixes an issue where the Discover flyout closed when the focus was on filter ({kibana-pull}216630[#216630]). +* Fixes the CSV export for ES|QL embeddable in Discover ({kibana-pull}216325[#216325]). +* Fixes the JSON view for ES|QL record in DocViewer ({kibana-pull}216642[#216642]). +* Adds items count to fields accordion titled `aria-label` in Discover ({kibana-pull}216993[#216993]). +* Makes service inventory icons visible if the `agentName` is returned in Elastic Observability Serverless ({kibana-pull}216220[#216220]). +* Changes the TPM abbreviation to trace per minute for screen readers in Elastic Observability Serverless ({kibana-pull}216282[#216282]). +* Adds the `aria-label` to the fold traces button in Elastic Observability Serverless ({kibana-pull}216485[#216485]). +* Adds the `aria-label` to the technical preview badge in Elastic Observability Serverless ({kibana-pull}216483[#216483]). +* Allows only `.ndjson` files when bulk importing to the knowledge base in Elastic Observability Serverless ({kibana-pull}215433[#215433]). +* Fixes the span link invalid filter in Elastic Observability Serverless ({kibana-pull}215322[#215322]). +* Fixes the missing URL in the transaction summary in Elastic Observability Serverless ({kibana-pull}215397[#215397]). +* Fixes the query for transaction marks in Elastic Observability Serverless ({kibana-pull}215819[#215819]). +* Updates the `retrieve_elastic_doc` API test in Elastic Observability Serverless ({kibana-pull}215237[#215237]). +* Adds error text in the environment filter when the input is invalid in Elastic Observability Serverless ({kibana-pull}216782[#216782]). +* Fixes the fold/unfold button in traces waterfall explorer in Elastic Observability Serverless ({kibana-pull}216972[#216972]). +* Fixes the alert severity order in Elastic Security Serverless ({kibana-pull}215813[#215813]). +* Fixes the error callout placement on the **Entity Store** page's **Engine Status** tab in Elastic Security Serverless ({kibana-pull}216228[#216228]). +* Reads `config` from preconfigured connectors in AI Assistant and Attack Discovery in Elastic Security Serverless ({kibana-pull}216700[#216700]). +* Fixes bedrock `modelId` encoding in Elastic Security Serverless ({kibana-pull}216915[#216915]). +* Fixes the AI Assistant prompt in Elastic Security Serverless ({kibana-pull}217058[#217058]). +* Hides "not" operators from the suggestions menu in ES|QL ({kibana-pull}216355[#216355]). +* Fixes the CSV report time range when exporting from Discover in ES|QL ({kibana-pull}216792[#216792]). +* Fixes unenroll inactive agent tasks if the first set of agents returned is equal to `UNENROLLMENT_BATCH_SIZE` in Fleet ({kibana-pull}216283[#216283]). +* Supports integrations having secrets with multiple values in Fleet ({kibana-pull}216918[#216918]). +* Adds overlay to the add/edit integration page in Fleet ({kibana-pull}217151[#217151]). + +[discrete] +[[serverless-changelog-03312025]] +=== March 31, 2025 + +[discrete] +[[features-enhancements-03312025]] +==== Features and enhancements +* Introduced an embeddable trace waterfall visualization in Elastic Observability Serverless ({kibana-pull}216098[#216098]). +* Adds support for span links in Elastic Observability Serverless service maps ({kibana-pull}215645[#215645]). +* Enables KQL filting for TLS alerting rules in Elastic Observability Serverless ({kibana-pull}215110[#215110]). +* Ensures a 404 response is returned only when `screenshot_ref` is truly missing in Elastic Observability Serverless ({kibana-pull}215241[#215241]). +* Adds a rule gaps histogram to the Elastic Security Serverless rules dashboard ({kibana-pull}214694[#214694]). +* Adds support for multiple CVEs and improves the vulnerability data grid, flyout, and contextual flyout UI in Elastic Security Serverless ({kibana-pull}213039[#213039]). +* Updates API key permissions for refreshing data view API for Elastic Security Serverless ({kibana-pull}215738[#215738]). +* Adds the ability to limit notes per document instead of globally in Elastic Security Serverless ({kibana-pull}214922[#214922]). +* Adds the ability to add badges to subitems in the side navigation ({kibana-pull}214854[#214854]). + +[discrete] +[[fixes-03312025]] +==== Fixes +* Fixes color palette assignment issues in partition charts ({kibana-pull}215426[#215426]). +* Adjusted page height for the AI Assistant app in solution views ({kibana-pull}215646[#215646]). +* Adds `aria-label` to latency selector in Elastic Observabiity Serverless service overview ({kibana-pull}215644[#215644]). +* Adds `aria-label` to popover service in Elastic Observabiity Serverless service overview ({kibana-pull}215640[#215640]). +* Adds `aria-label` to "Try our new inventory" button in Elastic Observabiity Serverless ({kibana-pull}215633[#215633]). +* Adds `aria-label` to Transaction type select in Elastic Observabiity Serverless service overview ({kibana-pull}216014[#216014]). +* Fixes an issue when selecting monitor frequency ({kibana-pull}215823[#215823]). +* Implements the `nameTooltip` API for Elastic Observabiity Serverless dependency tables ({kibana-pull}215940[#215940]). +* Fixes a location filter issue in the Elastic Observabiity Serverless status rule executor ({kibana-pull}215514[#215514]). +* Generalized and consolidated custom Fleet onboarding logic in Elastic Observabiity Serverless ({kibana-pull}215561[#215561]). +* Fixes left margin positioning in Elastic Observabiity Serverless waterfall visualizations ({kibana-pull}216229[#216229]). +* Corrects risk score table refresh issues in the Elastic Security Serverless Entity Analytics Dashboard ({kibana-pull}215472[#215472]). +* Fixes the Elastic Security Serverless host details flyout left panel tabs ({kibana-pull}215672[#215672]). +* Fixes an issue where the Entity Store init API did not check for index privileges in Elastic Security Serverless ({kibana-pull}215329[#215329]). +* Adds `manage_ingest_pipeline` privilege check for Risk Engine enablement in Elastic Security Serverless ({kibana-pull}215544[#215544]). +* Updates API to dynamically retrieve `spaceID` for Elastic Security Serverless ({kibana-pull}216063[#216063]). +* Fixes the visibility of the ES|QL date picker ({kibana-pull}214728[#214728]). +* Enables the ES|QL time picker when time parameters are used with `cast` ({kibana-pull}215820[#215820]). +* Updates the Fleet minimum package spec version to 2.3 ({kibana-pull}214600[#214600]). +* Fixes text overflow and alignment in agent details integration input status in Fleet ({kibana-pull}215807[#215807]). +* Fixes pagination in the Anomaly Explorer Anomalies Table for Machine Learning ({kibana-pull}214714[#214714]). +* Ensure proper permissions for viewing Machine Learning nodes ({kibana-pull}215503[#215503]). +* Adds a custom link color option for the top banner ({kibana-pull}214241[#214241]). +* Updates the task state version after execution ({kibana-pull}215559[#215559]). + +[discrete] +[[serverless-changelog-03242025]] +=== March 24, 2025 + +[discrete] +[[features-03242025]] +==== Features and enhancements +* Enables smoother scrolling in Kibana ({kibana-pull}214512[#214512]). +* Adds `context.grouping` action variable in Custom threshold and APM rules ({kibana-pull}212895[#212895]). +* Adds the ability to create an APM availability or latency SLO for all services ({kibana-pull}214653[#214653]). +* Enables editing central config for EDOT Agents / SDKs ({kibana-pull}211468[#211468]). +* Uses Data View name for Rule Data View display ({kibana-pull}214495[#214495]). +* Highlights the code examples in our inline docs ({kibana-pull}214915[#214915]). +* Updates data feeds for anomaly detection jobs to exclude Elastic Agent and Beats processes ({kibana-pull}213927[#213927]). +* Adds Mustache lambdas for alerting action ({kibana-pull}213859[#213859]). +* Adds 'page reload' screen reader warning ({kibana-pull}214822[#214822]). + +[discrete] +[[fixes-03242025]] +==== Fixes +* Fixes color by value for Last value array mode ({kibana-pull}213917[#213917]). +* Fixes can edit check ({kibana-pull}213887[#213887]). +* Fixes opening a rollup data view in Discover ({kibana-pull}214656[#214656]). +* Fixes entry item in waterfall shouldn't be orphan ({kibana-pull}214700[#214700]). +* Filters out upstream orphans in waterfall ({kibana-pull}214704[#214704]). +* Fixes KB bulk import UI example ({kibana-pull}214970[#214970]). +* Ensures that when an SLO is created, its ID is verified across all spaces ({kibana-pull}214496[#214496]). +* Fixes contextual insights scoring ({kibana-pull}214259[#214259]). +* Prevents `getChildrenGroupedByParentId` from including the parent in the children list ({kibana-pull}214957[#214957]). +* Fixes ID overflow bug ({kibana-pull}215199[#215199]). +* Removes unnecessary `field service.environment` from top dependency spans endpoint ({kibana-pull}215321[#215321]). +* Fixes missing `user_agent` version field and shows it on the trace summary ({kibana-pull}215403[#215403]). +* Fixes rule preview works for form's invalid state ({kibana-pull}213801[#213801]). +* Fixes session view error on the alerts tab ({kibana-pull}214887[#214887]). +* Adds index privileges check to `applyDataViewIndices` ({kibana-pull}214803[#214803]). +* Changes the default Risk score lookback period from `30m` to `30d` ({kibana-pull}215093[#215093]). +* Fixes issue with alert grouping re-render ({kibana-pull}215086[#215086]). +* Limits the `transformID` length to 36 characters ({kibana-pull}213405[#213405]). +* Fixes Data view refresh not supporting the `indexPattern` parameter ({kibana-pull}215151[#215151]). +* Uses Risk Engine `SavedObject` intead of `localStorage` on the Risk Score web page ({kibana-pull}215304[#215304]). +* Fixes autocomplete for comments when there is a space ({kibana-pull}214696[#214696]). +* Makes sure that the variables in the editor are always up to date ({kibana-pull}214833[#214833]). +* Calculates the query for retrieving the values correctly ({kibana-pull}214905[#214905]). +* Fixes overlay in integrations on mobile ({kibana-pull}215312[#215312]). +* Fixes chart in single metric anomaly detection wizard ({kibana-pull}214837[#214837]). +* Fixes regression that caused the cases actions to disappear from the detections engine alerts table bulk actions menu ({kibana-pull}215111[#215111]). +* Changes "Close project" to "Log out" in nav menu in serverless mode ({kibana-pull}211463[#211463]). +* Fixes search profiler index reset field when query is changed ({kibana-pull}215420[#215420]). + +[discrete] +[[serverless-changelog-03172025]] +=== March 17, 2025 + +[discrete] +[[features-03172025]] +==== Features and enhancements +* Enables read-only editor mode in Lens to explore panel configuration ({kibana-pull}208554[#208554]). +* Allows sharing of Observability AI Assistant conversations ({kibana-pull}211854[#211854]). +* Adds context-aware logic to Logs view in Discover ({kibana-pull}211176[#211176]). +* Replaces the Alerts status filter with filter controls ({kibana-pull}198495[#198495]). +* Adds SSL fields to agent binary source settings ({kibana-pull}213211[#213211]). +* Allows users to create a snooze schedule for rules via API ({kibana-pull}210584[#210584]). +* Splits up the top dependencies API for improved speed and response size ({kibana-pull}211441[#211441]). +* Adds working default metrics dashboard for Python OTel ({kibana-pull}213599[#213599]). +* Includes spaceID in SLI documents ({kibana-pull}214278[#214278]). +* Adds support for the MV_EXPAND command with the ES|QL rule type ({kibana-pull}212675[#212675]). +* Enables endpoint actions for events ({kibana-pull}206857[#206857]). +* The {ref}/semantic-text.html[`semantic_text`] field type is now GA on {{serverless-full}}. +* Adds the ability for users to https://github.com/elastic/kibana/issues/174168[customize prebuilt rules]. Users can modify most rule parameters, export and import prebuilt rules — including customized ones — and upgrade prebuilt rules while retaining customization settings ({kibana-pull}212761[#212761]). + +[discrete] +[[fixes-03172025]] +==== Fixes +* Fixes a bug with ServiceNow where users could not create the connector from the UI form using OAuth ({kibana-pull}213658[#213658]). +* Prevents unnecessary re-render when switching between View and Edit modes ({kibana-pull}213902[#213902]). +* Adds `event-annotation-group` to saved object privileges for dashboards ({kibana-pull}212926[#212926]). +* Makes the Inspect configuration button permanently visible ({kibana-pull}213619[#213619]). +* Fixes service maps not building paths when the trace's root transaction has a `parent.id` ({kibana-pull}212998[#212998]). +* Fixes span links with OTel data ({kibana-pull}212806[#212806]). +* Makes {kib} retrieval namespace-specific ({kibana-pull}213505[#213505]). +* Ensures semantic queries contribute to scoring when retrieving knowledge from search connectors ({kibana-pull}213870[#213870]). +* Passes telemetry.sdk* data when loading a dashboard ({kibana-pull}214356[#214356]). +* Fixes `checkPrivilege` to query with indices ({kibana-pull}214002[#214002]). +* Adds support for rollup data views that reference aliases ({kibana-pull}212592[#212592]). +* Fixes an issue with the Save button not working when editing event filters ({kibana-pull}213805[#213805]). +* Fixes dragged elements becoming invisible when dragging-and-dropping in Lens ({kibana-pull}213928[#213928]). +* Fixes alignment of the Alerts table in the Rule Preview panel ({kibana-pull}214028[#214028]). +* Fixes Bedrock defaulting region to `us-east-1` ({kibana-pull}214251[#214251]). +* Fixes an issue with the Agent binary download field being blank when a policy uses the default download source ({kibana-pull}214360[#214360]). +* Fixes navigation issues with alert previews ({kibana-pull}213455[#213455]). +* Fixes an issue with changing the width of a Timeline column width bug ({kibana-pull}214178[#214178]). +* Reworks the `enforce_registry_filters` advanced option in Elastic Defend to align with Endpoint ({kibana-pull}214106[#214106]). +* Ensures cell actions are initialized in Event Rendered view and fixes cell action handling for nested event renderers ({kibana-pull}212721[#212721]). +* Supports `date_nanos` in `BUCKET` in the ES|QL editor ({kibana-pull}213319[#213319]). +* Fixes appearance of warnings in the ES|QL editor ({kibana-pull}213685[#213685]). +* Makes the Apply time range switch visible in the Job selection flyout when opened from the Anomaly Explorer ({kibana-pull}213382[#213382]). + +[discrete] +[[serverless-changelog-03102025]] +=== March 10, 2025 + +[discrete] +[[features-enhancements-03102025]] +==== New features and enhancements +* The Create Rule flyout, used by solutions, now features the improved rule form in Elastic Observability Serverless ({kibana-pull}206685[#206685]). +* Resolves duplicate conversations in Elastic Observability Serverless ({kibana-pull}208044[#208044]). +* Split the SLO Details view from the Overview page in Elastic Observability Serverless ({kibana-pull}212826[#212826]). +* Adds the reason message to the rules recovery context in Elastic Observability Serverless ({kibana-pull}211411[#211411]). +* Runtime metrics dashboards now support different ingest paths in Elastic Observability Serverless ({kibana-pull}211822[#211822]). +* Adds SSL options for Fleet Server hosts settings in Fleet ({kibana-pull}208091[#208091]). +* Introduces globe projection for Dashboards and visualizations ({kibana-pull}212437[#212437]). +* Registered a custom integrations search provider in Fleet ({kibana-pull}213013[#213013]). +* Adds support for searchAfter and PIT (point-in-time) parameters in the Get Agents List API in Fleet ({kibana-pull}213486[#213486]). +* Adds the ability for users to manage detection rules externally by utilizing the https://dac-reference.readthedocs.io/en/latest/dac_concept_and_workflows.html[Detection-as-Code principles]. To get started, refer to the https://github.com/elastic/detection-rules/blob/main/README.md#detections-as-code-dac[Elastic detection-rules repository DaC documentation]. + +[discrete] +[[fixes-03102025]] +==== Fixes +* Fixes an issue where Korean characters were split into two characters with a space in between when typing in the options list search input in Dashboards and visualizations ({kibana-pull}213164[#213164]). +* Prevented crashes when editing a Lens chart with a by-reference annotation layer in Dashboards and visualizations ({kibana-pull}213090[#213090]). +* Improves instructions for the summarize function in Elastic Observability Serverless ({kibana-pull}212936[#212936]). +* Fixes a "Product Documentation function not available" error in Elastic Observability Serverless ({kibana-pull}212676[#212676]). +* Fixes conversation tests in Elastic Observability Serverless ({kibana-pull}213338[#213338]). +* Allowed wildcard filters in SLO queries in Elastic Observability Serverless ({kibana-pull}213119[#213119]). +* Fixes missing summary data in error samples in Elastic Observability Serverless ({kibana-pull}213430[#213430]). +* Fixes a failing test: Stateful Observability - Deployment-agnostic A… in Elastic Observability Serverless ({kibana-pull}213530[#213530]). +* Reduced the review rule upgrade endpoint response size in Elastic Security Serverless ({kibana-pull}211045[#211045]). +* Refactors conversation pagination in Elastic Security Serverless ({kibana-pull}211831[#211831]). +* Fixes alert insights color order in Elastic Security Serverless ({kibana-pull}212980[#212980]). +* Prevented empty conversation IDs in the chat/complete route in Elastic Security Serverless ({kibana-pull}213049[#213049]). +* Fixes issues with unstructured syslog flow in Elastic Security Serverless ({kibana-pull}213042[#213042]). +* Adds bulkGetUserProfiles privilege to Security Feature in Elastic Security Serverless ({kibana-pull}211824[#211824]). +* Fixes a Risk Score Insufficient Privileges warning due to missing cluster privileges in Elastic Security Serverless ({kibana-pull}212405[#212405]). +* Updates Bedrock prompts in Elastic Security Serverless ({kibana-pull}213160[#213160]). +* Adds organizationId and projectId OpenAI headers, along with support for arbitrary headers in Elastic Security Serverless ({kibana-pull}213117[#213117]). +* Ensures dataview selections persist reliably in timeline for Elastic Security Serverless ({kibana-pull}211343[#211343]). +* Fixes incorrect validation when a named parameter was used as a function in ES|QL ({kibana-pull}213355[#213355]). +* Fixes incorrect overall swim lane height in Machine Learning ({kibana-pull}213245[#213245]). +* Prevented a crash when applying a filter in the Machine Learning anomaly table ({kibana-pull}213075[#213075]). +* Fixes suppressed alerts alignment in the alert flyout in Elastic Security Serverless ({kibana-pull}213029[#213029]). +* Fixes an issue in solution project navigation where panels sometimes failed to toggle closed ({kibana-pull}211852[#211852]). +* Updates wording for options in the sortBy dropdown component ({kibana-pull}206464[#206464]). +* Allowed EU hooks hostname in the Torq connector for Elastic Security Serverless ({kibana-pull}212563[#212563]). + +[discrete] +[[serverless-changelog-03032025]] +=== March 3, 2025 + +[discrete] +[[features-enhancements-03032025]] +==== New features +* Introduces a background task that streamlines the upgrade process for agentless deployments in Elastic Security Serverless ({kibana-pull}207143[#207143]). +* Improves asset inventory onboarding with better context integration in Elastic Security Serverless ({kibana-pull}212315[#212315]). +* Adds syntax highlighting for working with ES|QL queries in Elastic Observability Serverless ({kibana-pull}212669[#212669]). +* Updates the delete confirmation modal in Elastic Observability Serverless ({kibana-pull}212695[#212695]). +* Removes the enablement check in `PUT /api/streams/{id}` for classic streams ({kibana-pull}212289[#212289]). + +[discrete] +[[fixes-03032025]] +==== Fixes +* Fixes issues affecting popularity scores in Discover ({kibana-pull}211201[#211201]). +* Corrects sorting behavior in the profiler storage explorer for Elastic Observability Serverless ({kibana-pull}212583[#212583]). +* Adds a loader to prevent flickering in the KB settings tab in Elastic Observability Serverless ({kibana-pull}212678[#212678]). +* Resolves incorrect enable button behavior in the Entity Store modal in Elastic Security Serverless ({kibana-pull}212078[#212078]). +* Converts the isolate host action into a standalone flyout in Elastic Security Serverless ({kibana-pull}211853[#211853]). +* Ensures model responses are correctly persisted to the chosen conversation ID in Elastic Security Serverless ({kibana-pull}212122[#212122]). +* Corrects image resizing issues for `xpack.security.loginAssistanceMessage` in Elastic Security Serverless ({kibana-pull}212035[#212035]). +* Fixes automatic import to correctly generate pipelines for parsing CSV files with special characters in Elastic Security Serverless column names ({kibana-pull}212513[#212513]). +* Fixes validation issues for empty EQL queries in Elastic Security Serverless ({kibana-pull}212117[#212117]). +* Resolves dual hover actions in the table tab in Elastic Security Serverless ({kibana-pull}212316[#212316]). +* Updates structured log processing to support multiple log types in Elastic Security Serverless ({kibana-pull}212611[#212611]). +* Ensures the delete model dialog prevents accidental multiple clicks in Machine Learning ({kibana-pull}211580[#211580]). + + +[discrete] +[[serverless-changelog-02242025]] +=== February 24, 2025 + +[discrete] +[[features-02242025]] +==== Features and enhancements +* Exposes SSL options for {es} and remote {es} outputs in the UI ({kibana-pull}208745[#208745]). +* Displays a warning and a tooltip for the `_score` column in the Discover grid ({kibana-pull}211013[#211013]). +* Allows command/ctrl click for the "New" action in the top navigation ({kibana-pull}210982[#210982]). +* Adds the ability for a user to create an API Key in synthetics settings that applies only to specified space(s) ({kibana-pull}211816[#211816]). +* Adds "unassigned" as an asset criticality level for `bulk_upload` ({kibana-pull}208884[#208884]). +* Sets the Enable visualizations in flyout advanced setting to "On" by default ({kibana-pull}211319[#211319]). +* Preserves user-made chart configurations when changing the query if the actions are compatible with the current chart, such as adding a "where" filter or switching compatible chart types. ({kibana-pull}210780[#210780]). +* Adds effects when clicking the favorite button in the list of dashboards and ES|QL queries, and adds favorite button to breadcrumb trails ({kibana-pull}201596[#201596]). +* Enable `/api/streams/{id}/_group` endpoints for GroupStreams ({kibana-pull}210114[#210114]). + +[discrete] +[[fixes-02242025]] +==== Fixes +* Fixes Discover session embeddable drilldown ({kibana-pull}211678[#211678]). +* Passes system message to inferenceCliente.chatComplete ({kibana-pull}211263[#211263]). +* Ensures system message is passed to the inference plugin ({kibana-pull}209773[#209773]). +* Adds automatic re-indexing when encountering `semantic_text` bug ({kibana-pull}210386[#210386]). +* Removes unnecessary breadcrumbs in profiling ({kibana-pull}211081[#211081]). +* Adds minHeight to profiler flamegraphs ({kibana-pull}210443[#210443]). +* Adds system message in copy conversation JSON payload ({kibana-pull}212009[#212009]). +* Changes the confirmation message after RiskScore Saved Object configuration is updated ({kibana-pull}211372[#211372]). +* Adds a no data message in the flyout when an analyzer is not enabled ({kibana-pull}211981[#211981]). +* Fixes the Fleet Save and continue button ({kibana-pull}211563[#211563]). +* Suggest triple quotes when the user selects the `KQL` / `QSTR` ({kibana-pull}211457[#211457]). +* Adds remote cluster instructions for syncing integrations ({kibana-pull}211997[#211997]). +* Allows deploying a model after a failed deployment in Machine Learning ({kibana-pull}211459[#211459]). +* Ensures the members array is unique for GroupStreamDefinitions ({kibana-pull}210089[#210089]). +* Improves function search for easier navigation and discovery ({kibana-pull}210437[#210437]). + +[discrete] +[[serverless-changelog-02172025]] +=== February 17, 2025 + +[discrete] +[[features-02172025]] +==== Features and enhancements +* Adds alert status management to the AI Assistant connector ({kibana-pull}203729[#203729]). +* Enables the new Borealis theme ({kibana-pull}210468[#210468]). +* Applies compact Display options Popover layout ({kibana-pull}210180[#210180]). +* Increases search timeout toast lifetime to 1 week ({kibana-pull}210576[#210576]). +* Improves performance in `dependencies` endpoints to prevent high CPU usage ({kibana-pull}209999[#209999]). +* Adds "Logs" tab to mobile services ({kibana-pull}209944[#209944]). +* Adds "All logs" data view to the Classic navigation ({kibana-pull}209042[#209042]). +* Changes default to "native" function calling if the connector configuration is not exposed ({kibana-pull}210455[#210455]). +* Updates entity insight badge to open entity flyouts ({kibana-pull}208287[#208287]). +* Standardizes actions in Alerts KPI visualizations ({kibana-pull}206340[#206340]). +* Allows the creation of dynamic aggregations controls for ES|QL charts ({kibana-pull}210170[#210170]). +* Fixes the values control FT ({kibana-pull}211159[#211159]). +* Trained models: Replaces the download button by extending the deploy action ({kibana-pull}205699[#205699]). +* Adds the `useCustomDragHandle` property ({kibana-pull}210463[#210463]). + +[discrete] +[[fixes-02172025]] +==== Fixes +* Fixes an issue where clicking on the name badge for a synthetics monitor on an SLO details page would lead to a page that failed to load monitor details ({kibana-pull}210695[#210695]). +* Fixes an issue where the popover in the rules page may get stuck when being clicked more than once ({kibana-pull}208996[#208996]). +* Fixes an error in the cases list when the case assignee is an empty string ({kibana-pull}209973[#209973]). +* Fixes an issue with assigning color mappings when multiple layers are defined ({kibana-pull}208571[#208571]). +* Fixes an issue where behind text colors were not correctly assigned, such as in `Pie`, `Treemap` and `Mosaic` charts. ({kibana-pull}209632[#209632]). +* Fixes an issue where dynamic coloring has been disabled from Last value aggregation types ({kibana-pull}209110[#209110]). +* Fixes panel styles ({kibana-pull}210113[#210113]). +* Fixes incorrectly serialized `searchSessionId` attribute ({kibana-pull}210765[#210765]). +* Fixes the "Save to library" action that could break the chart panel ({kibana-pull}210125[#210125]). +* Fixes link settings not persisting ({kibana-pull}211041[#211041]). +* Fixes "Untitled" export title when exporting CSV from a dashboard ({kibana-pull}210143[#210143]). +* Missing items in the trace waterfall shouldn't break it entirely ({kibana-pull}210210[#210210]). +* Removes unused `error.id` in `getErrorGroupMainStatistics` queries ({kibana-pull}210613[#210613]). +* Fixes connector test in MKI ({kibana-pull}211235[#211235]). +* Clicking a link in the host/user flyout does not refresh details panel ({kibana-pull}209863[#209863]). +* Makes 7.x signals/alerts compatible with 8.18 alerts UI ({kibana-pull}209936[#209936]). +* Handle empty categorization results from LLM ({kibana-pull}210420[#210420]). +* Remember page index in Rule Updates table ({kibana-pull}209537[#209537]). +* Adds concurrency limits and request throttling to prebuilt rule routes ({kibana-pull}209551[#209551]). +* Fixes package name validation on the Datastream page ({kibana-pull}210770[#210770]). +* Makes entity store description more generic ({kibana-pull}209130[#209130]). +* Deletes 'critical services' count from the Entity Analytics Dashboard header ({kibana-pull}210827[#210827]). +* Disables sorting IP ranges in value list modal ({kibana-pull}210922[#210922]). +* Updates entity store copies ({kibana-pull}210991[#210991]). +* Fixes generated name for integration title ({kibana-pull}210916[#210916]). +* Fixes formatting and sorting for custom ES|QL vars ({kibana-pull}209360[#209360]). +* Fixes WHERE autocomplete with MATCH before LIMIT ({kibana-pull}210607[#210607]). +* Updates install snippets to include all platforms ({kibana-pull}210249[#210249]). +* Updates component templates with deprecated setting ({kibana-pull}210200[#210200]). +* Hides saved query controls in AIOps ({kibana-pull}210556[#210556]). +* Fixes unattended Transforms in integration packages not automatically restarting after reauthorizing ({kibana-pull}210217[#210217]). +* Reinstates switch to support generating public URLs for embed when supported ({kibana-pull}207383[#207383]). +* Provides a fallback view to recover from Stack Alerts page filters bar errors ({kibana-pull}209559[#209559]). + +[discrete] +[[serverless-changelog-02102025]] +=== February 10, 2025 + +[discrete] +[[enhancements-02102025]] +==== Features and enhancements +* Rule connector - handle multiple prompt ({kibana-pull}209221[#209221]). +* Added max_file_size_bytes advanced option to malware for all operating systems ({kibana-pull}209541[#209541]). +* Introduce GroupStreams ({kibana-pull}208126[#208126]). +* Service example added to entity store upload ({kibana-pull}209023[#209023]). +* Update the `bucket_span` for ML jobs in the security_host module ({kibana-pull}209663[#209663]). +* Improved handling for operator-defined role mappings ({kibana-pull}208710[#208710]). +* Added `object_src` directive to `Content-Security-Policy-Report-Only` header ({kibana-pull}209306[#209306]). + +[discrete] +[[fixes-02102025]] +==== Fixes +* Fixes highlight for HJSON ({kibana-pull}208858[#208858]). +* Disable pointer events on drag + resize ({kibana-pull}208647[#208647]). +* Restore show missing dataView error message in case of missing datasource ({kibana-pull}208363[#208363]). +* Fixes issue with `Amsterdam` theme where charts render with the incorrect background color ({kibana-pull}209595[#209595]). +* Fixes an issue in Lens Table where a split-by metric on a terms rendered incorrect colors in table cells ({kibana-pull}208623[#208623]). +* Force return 0 on empty buckets on count if null flag is disabled ({kibana-pull}207308[#207308]). +* Fixes all embeddables rebuilt on refresh ({kibana-pull}209677[#209677]). +* Fixes using data view runtime fields during rule execution for the custom threshold rule ({kibana-pull}209133[#209133]). +* Running processes missing from processes table ({kibana-pull}209076[#209076]). +* Fixes missing exception stack trace ({kibana-pull}208577[#208577]). +* Fixes the preview chart in the Custom Threshold rule creation form when the field name has slashes ({kibana-pull}209263[#209263]). +* Display No Data in Threshold breached component ({kibana-pull}209561[#209561]). +* Fixes an issue where APM charts were rendered without required transaction type or service name, causing excessive alerts to appear ({kibana-pull}209552[#209552]). +* Fixed bug that caused issues with loading SLOs by status, SLI type, or instance id ({kibana-pull}209910[#209910]). +* Update colors in the AI Assistant icon ({kibana-pull}210233[#210233]). +* Update the simulate function calling setting to support "auto" ({kibana-pull}209628[#209628]). +* Fixes structured log template to use single quotes ({kibana-pull}209736[#209736]). +* Fixes ES|QL alert on alert ({kibana-pull}208894[#208894]). +* Fixes issue with multiple ip addresses in strings ({kibana-pull}209475[#209475]). +* Keeps the histogram config on time change ({kibana-pull}208053[#208053]). +* WHERE replacement ranges correctly generated for every case ({kibana-pull}209684[#209684]). +* Updates removed params of the Fleet -> Logstash output configurations ({kibana-pull}210115[#210115]). +* Fixes log rate analysis, change point detection, and pattern analysis embeddables not respecting filters from Dashboard's controls ({kibana-pull}210039[#210039]). + +[discrete] +[[serverless-changelog-02032025]] +=== February 3, 2025 + +[discrete] +[[deprecations-02032025]] +==== Deprecation + +* Rename plugin to automatic import ({kibana-pull}207325[#207325]). + +[discrete] +[[features-02032025]] +==== Features and enhancements + +* Rework saved query privileges ({kibana-pull}202863[#202863]). +* In-table search ({kibana-pull}206454[#206454]). +* Refactor RowHeightSettings component to EUI layout ({kibana-pull}203606[#203606]). +* Chat history details in conversation list ({kibana-pull}207426[#207426]). +* Cases assignees sub feature ({kibana-pull}201654[#201654]). +* Adds preview logged requests for new terms, threshold, query, ML rule types ({kibana-pull}203320[#203320]). +* Adds in-text citations to security solution AI assistant responses ({kibana-pull}206683[#206683]). +* Remove Tech preview badge for GA ({kibana-pull}208523[#208523]). +* Adds new View job detail flyouts for Anomaly detection and Data Frame Analytics ({kibana-pull}207141[#207141]). +* Adds a default "All logs" temporary data view in the Observability Solution view ({kibana-pull}205991[#205991]). +* Adds Knowledge Base entries API ({kibana-pull}206407[#206407]). +* Adds Kibana Support for Security AI Prompts Integration ({kibana-pull}207138[#207138]). +* Changes to support event.ingested as a configurable timestamp field for init and enable endpoints ({kibana-pull}208201[#208201]). +* Adds Spaces column to Anomaly Detection, Data Frame Analytics and Trained Models management pages ({kibana-pull}206696[#206696]). +* Adds simple flyout based file upload to Search ({kibana-pull}206864[#206864]). +* Bump kube-stack Helm chart onboarding version ({kibana-pull}208217[#208217]). +* Log deprecated api usages ({kibana-pull}207904[#207904]). +* Added support for human readable name attribute for saved objects audit events ({kibana-pull}206644[#206644]). +* Enhanced Role management to manage larger number of roles by adding server side filtering, pagination and querying ({kibana-pull}194630[#194630]). +* Added Entity Store data view refresh task ({kibana-pull}208543[#208543]). +* Increase maximum Osquery timeout to 24 hours ({kibana-pull}207276[#207276]). + +[discrete] +[[fixes-02032025]] +==== Fixes + +* Remove use of `fr` unit ({kibana-pull}208437[#208437]). +* Fixes load more request size ({kibana-pull}207901[#207901]). +* Persist `runPastTimeout` setting ({kibana-pull}208611[#208611]). +* Allow panel to extend past viewport on resize ({kibana-pull}208828[#208828]). +* Knowledge base install updates ({kibana-pull}208250[#208250]). +* Fixes conversations test in MKI ({kibana-pull}208649[#208649]). +* Fixes ping heatmap regression when Inspect flag is turned off !! ({kibana-pull}208726[#208726]). +* Fixes monitor status rule for empty kql query results !! ({kibana-pull}208922[#208922]). +* Fixes multiple flyouts ({kibana-pull}209158[#209158]). +* Adds missing fields to input manifest templates ({kibana-pull}208768[#208768]). +* "Select a Connector" popup does not show up after the user selects any connector and then cancels it from Endpoint Insights ({kibana-pull}208969[#208969]). +* Logs shard failures for eql event queries on rule details page and in event log ({kibana-pull}207396[#207396]). +* Adds filter to entity definitions schema ({kibana-pull}208588[#208588]). +* Fixes missing ecs mappings ({kibana-pull}209057[#209057]). +* Apply the timerange to the fields fetch in the editor ({kibana-pull}208490[#208490]). +* Update java.ts - removing serverless link ({kibana-pull}204571[#204571]). + +[discrete] +[[serverless-changelog-01272025]] +=== January 27, 2025 + +[discrete] +[[deprecations-01272025]] +==== Deprecation +* Deprecates a subset of Elastic Security Serverless endpoint management APIs ({kibana-pull}206903[#206903]). + +[discrete] +[[features-enhancements-01272025]] +==== Features and enhancements +* Breaks out timeline and note privileges in Elastic Security Serverless ({kibana-pull}201780[#201780]). +* Adds service enrichment to the detection engine in Elastic Security Serverless ({kibana-pull}206582[#206582]). +* Updates the Entity Store Dashboard to prompt for the Service Entity Type in Elastic Security Serverless ({kibana-pull}207336[#207336]). +* Adds `enrichPolicyExecutionInterval` to entity enablement and initialization APIs in Elastic Security Serverless ({kibana-pull}207374[#207374]). +* Introduces a lookback period configuration for the Entity Store in Elastic Security Serverless ({kibana-pull}206421[#206421]). +* Allows pre-configured connectors to opt into exposing their configurations by setting `exposeConfig` in Alerting ({kibana-pull}207654[#207654]). +* Adds selector syntax support to log source profiles in Elastic Observability Serverless ({kibana-pull}206937[#206937]). +* Displays stack traces in the logs overview tab in Elastic Observability Serverless ({kibana-pull}204521[#204521]). +* Enables the use of the rule form to create rules in Elastic Observability Serverless ({kibana-pull}206774[#206774]). +* Checks only read privileges of existing indices during rule execution in Elastic Security Serverless ({kibana-pull}177658[#177658]). +* Updates KNN search and query template autocompletion in Elasticsearch Serverless ({kibana-pull}207187[#207187]). +* Updates JSON schemas for code editors in Machine Learning ({kibana-pull}207706[#207706]). +* Reindexes the `.kibana_security_session_1` index to the 8.x format in Security ({kibana-pull}204097[#204097]). + +[discrete] +[[fixes-01272025]] +==== Fixes +* Fixes editing alerts filters for multi-consumer rule types in Alerting ({kibana-pull}206848[#206848]). +* Resolves an issue where Chrome was no longer hidden for reports in Dashboards and Visualizations ({kibana-pull}206988[#206988]). +* Updates library transforms and duplicate functionality in Dashboards and Visualizations ({kibana-pull}206140[#206140]). +* Fixes an issue where drag previews are now absolutely positioned in Dashboards and Visualizations ({kibana-pull}208247[#208247]). +* Fixes an issue where an accessible label now appears on the range slider in Dashboards and Visualizations ({kibana-pull}205308[#205308]). +* Fixes a dropdown label sync issue when sorting by "Type" ({kibana-pull}206424[#206424]). +* Fixes an access bug related to user instructions in Elastic Observability Serverless ({kibana-pull}207069[#207069]). +* Fixes the Open Explore in Discover link to open in a new tab in Elastic Observability Serverless ({kibana-pull}207346[#207346]). +* Returns an empty object for tool arguments when none are provided in Elastic Observability Serverless ({kibana-pull}207943[#207943]). +* Ensures similar cases count is not fetched without the proper license in Elastic Security Serverless ({kibana-pull}207220[#207220]). +* Fixes table leading actions to use standardized colors in Elastic Security Serverless ({kibana-pull}207743[#207743]). +* Adds missing fields to the AWS S3 manifest in Elastic Security Serverless ({kibana-pull}208080[#208080]). +* Prevents redundant requests when loading Discover sessions and toggling chart visibility in ES|QL ({kibana-pull}206699[#206699]). +* Fixes a UI error when agents move to an orphaned state in Fleet ({kibana-pull}207746[#207746]). +* Restricts non-local Elasticsearch output types for agentless integrations and policies in Fleet ({kibana-pull}207296[#207296]). +* Fixes table responsiveness in the Notifications feature of Machine Learning ({kibana-pull}206956[#206956]). + +[discrete] +[[serverless-changelog-01132025]] +=== January 13, 2025 + +[discrete] +[[deprecations-01132025]] +==== Deprecations +* Remove all legacy risk engine code and features ({kibana-pull}201810[#201810]). + +[discrete] +[[features-enhancements-01132025]] +==== Features and enhancements +* Adds last alert status change to Elastic Security Serverless flyout ({kibana-pull}205224[#205224]). +* Case templates are now GA ({kibana-pull}205940[#205940]). +* Adds format to JSON messages in Elastic Observability Serverless Logs profile ({kibana-pull}205666[#205666]). +* Adds inference connector in Elastic Security Serverless AI features ({kibana-pull}204505[#204505]). +* Adds inference connector for Auto Import in Elastic Security Serverless ({kibana-pull}206111[#206111]). +* Adds Feature Flag Support for Cloud Security Posture Plugin in Elastic Security Serverless ({kibana-pull}205438[#205438]). +* Adds the ability to sync Machine Learning saved objects to all spaces ({kibana-pull}202175[#202175]). +* Improves messages for recovered alerts in Machine Learning Transforms ({kibana-pull}205721[#205721]). + +[discrete] +[[fixes-01132025]] +==== Fixes +* Fixes an issue where "KEEP" columns are not applied after an Elasticsearch error in Discover ({kibana-pull}205833[#205833]). +* Resolves padding issues in the document comparison table in Discover ({kibana-pull}205984[#205984]). +* Fixes a bug affecting bulk imports for the knowledge base in Elastic Observability Serverless ({kibana-pull}205075[#205075]). +* Enhances the Find API by adding cursor-based pagination (search_after) as an alternative to offset-based pagination ({kibana-pull}203712[#203712]). +* Updates Elastic Observability Serverless to use architecture-specific Elser models ({kibana-pull}205851[#205851]). +* Fixes dynamic batching in the timeline for Elastic Security Serverless ({kibana-pull}204034[#204034]). +* Resolves a race condition bug in Elastic Security Serverless related to OpenAI errors ({kibana-pull}205665[#205665]). +* Improves the integration display by ensuring all policies are listed in Elastic Security Serverless ({kibana-pull}205103[#205103]). +* Renames color variables in the user interface for better clarity and consistency ({kibana-pull}204908[#204908]). +* Allows editor suggestions to remain visible when the inline documentation flyout is open in ES|QL ({kibana-pull}206064[#206064]). +* Ensures the same time range is applied to documents and the histogram in ES|QL ({kibana-pull}204694[#204694]). +* Fixes validation for the "required" field in multi-text input fields in Fleet ({kibana-pull}205768[#205768]). +* Fixes timeout issues for bulk actions in Fleet ({kibana-pull}205735[#205735]). +* Handles invalid RRule parameters to prevent infinite loops in alerts ({kibana-pull}205650[#205650]). +* Fixes privileges display for features and sub-features requiring "All Spaces" permissions in Fleet ({kibana-pull}204402[#204402]). +* Prevents password managers from modifying disabled input fields ({kibana-pull}204269[#204269]). +* Updates the listing control in the user interface ({kibana-pull}205914[#205914]). +* Improves consistency in the help dropdown design ({kibana-pull}206280[#206280]). + +[discrete] +[[serverless-changelog-01062025]] +=== January 6, 2025 + +[discrete] +[[deprecations-01062025]] +==== Deprecations +* Disables Elastic Observability Serverless log stream and settings pages ({kibana-pull}203996[#203996]). +* Removes Logs Explorer in Elastic Observability Serverless ({kibana-pull}203685[#203685]). + +[discrete] +[[features-enhancements-01062025]] +==== Features and enhancements +* Introduces case observables in Elastic Security Serverless ({kibana-pull}190237[#190237]). +* Adds a JSON field called "additional fields" to ServiceNow cases when sent using connector, containing the internal names of the ServiceNow table columns ({kibana-pull}201948[#201948]). +* Adds the ability to configure the appearance color mode to sync dark mode with the system value ({kibana-pull}203406[#203406]). +* Makes the "Copy" action visible on cell hover in Discover ({kibana-pull}204744[#204744]). +* Updates the `EnablementModalCallout` name to `AdditionalChargesMessage` in Elastic Security Serverless ({kibana-pull}203061[#203061]). +* Adds more control over which Elastic Security Serverless alerts in Attack Discovery are included as context to the large language model ({kibana-pull}205070[#205070]). +* Adds a consistent layout and other UI enhancements for {ml} pages ({kibana-pull}203813[#203813]). + +[discrete] +[[fixes-01062025]] +==== Fixes +* Fixes an issue that caused dashboards to lag when dragging the time slider ({kibana-pull}201885[#201885]). +* Updates the CloudFormation template to the latest version and adjusts the documentation to reflect the use of a single Firehose stream created by the new template ({kibana-pull}204185[#204185]). +* Fixes Integration and Datastream name validation in Elastic Security Serverless ({kibana-pull}204943[#204943]). +* Fixes an issue in the Automatic Import process where there is now inclusion of the `@timestamp` field in ECS field mappings whenever possible ({kibana-pull}204931[#204931]). +* Allows Automatic Import to safely parse Painless field names that are not valid Painless identifiers in `if` contexts ({kibana-pull}205220[#205220]). +* Aligns the Box Native Connector configuration fields with the source of truth in the connectors codebase, correcting mismatches and removing unused configurations ({kibana-pull}203241[#203241]). +* Fixes the "Show all agent tags" option in Fleet when the agent list is filtered ({kibana-pull}205163[#205163]). +* Updates the Results Explorer flyout footer buttons alignment in Data Frame Analytics ({kibana-pull}204735[#204735]). +* Adds a missing space between lines in the Data Frame Analytics delete job modal ({kibana-pull}204732[#204732]). +* Fixes an issue where the Refresh button in the Anomaly Detection Datafeed counts table was unresponsive ({kibana-pull}204625[#204625]). +* Fixes the inference timeout check in File Upload ({kibana-pull}204722[#204722]). +* Fixes the side bar navigation for the Data Visualizer ({kibana-pull}205170[#205170]). + +[discrete] +[[serverless-changelog-12162024]] +=== December 16, 2024 + +[discrete] +[[deprecations-12162024]] +==== Deprecations +* Deprecates the `discover:searchFieldsFromSource` setting ({kibana-pull}202679[#202679]). +* Disables scripted field creation in the Data Views management page ({kibana-pull}202250[#202250]). +* Removes all logic based on the following settings: `xpack.reporting.roles.enabled`, +`xpack.reporting.roles.allow` ({kibana-pull}200834[#200834]). +* Removes the legacy table from Discover ({kibana-pull}201254[#201254]). +* Deprecates ephemeral tasks from action and alerting plugins ({kibana-pull}197421[#197421]). + +[discrete] +[[features-enhancements-12162024]] +==== Features and enhancements +* Optimizes the Kibana Trained Models API ({kibana-pull}200977[#200977]). +* Adds a *Create Case* action to the *Log rate analysis* page ({kibana-pull}201549[#201549]). +* Improves AI Assistant's response quality by giving it access to Elastic's product documentation ({kibana-pull}199694[#199694]). +* Adds support for suppressing EQL sequence alerts ({kibana-pull}189725[#189725]). +* Adds an *Advanced settings* section to the SLO form ({kibana-pull}200822[#200822]). +* Adds a new sub-feature privilege under **Synthetics and Uptime** `Can manage private locations` ({kibana-pull}201100[#201100]). + + +[discrete] +[[fixes-12162024]] +==== Fixes +* Fixes point visibility regression ({kibana-pull}202358[#202358]). +* Improves help text of creator and view count features on dashboard listing page ({kibana-pull}202488[#202488]). +* Highlights matching field values when performing a KQL search on a keyword field ({kibana-pull}201952[#201952]). +* Supports "Inspect" in saved search embeddables ({kibana-pull}202947[#202947]). +* Fixes your ability to clear the user-specific system prompt ({kibana-pull}202279[#202279]). +* Fixes error when opening rule flyout ({kibana-pull}202386[#202386]). +* Fixes to Ops Genie as a default connector ({kibana-pull}201923[#201923]). +* Fixes actions on charts ({kibana-pull}202443[#202443]). +* Adds flyout to table view in Infrastructure Inventory ({kibana-pull}202646[#202646]). +* Fixes service names with spaces not being URL encoded properly for `context.viewInAppUrl` ({kibana-pull}202890[#202890]). +* Allows access query logic to handle user ID and name conditions ({kibana-pull}202833[#202833]). +* Fixes APM rule error message for invalid KQL filter ({kibana-pull}203096[#203096]). +* Rejects CEF logs from Automatic Import and redirects you to the CEF integration instead ({kibana-pull}201792[#201792]). +* Updates the install rules title and message ({kibana-pull}202226[#202226]). +* Fixes error on second entity engine init API call ({kibana-pull}202903[#202903]). +* Restricts unsupported log formats ({kibana-pull}202994[#202994]). +* Removes errors related to Enterprise Search nodes ({kibana-pull}202437[#202437]). +* Improves web crawler name consistency ({kibana-pull}202738[#202738]). +* Fixes editor cursor jumpiness ({kibana-pull}202389[#202389]). +* Fixes rollover datastreams on subobjects mapper exception ({kibana-pull}202689[#202689]). +* Fixes spaces sync to retrieve 10,000 trained models ({kibana-pull}202712[#202712]). +* Fixes log rate analysis embeddable error on the Alerts page ({kibana-pull}203093[#203093]). +* Fixes Slack API connectors not displayed under Slack connector type when adding new connector to rule ({kibana-pull}202315[#202315]). + + +[discrete] +[[serverless-changelog-12092024]] +=== December 9, 2024 + +[discrete] +[[features-enhancements-12092024]] +==== Features and enhancements +* Elastic Observability Serverless adds a new sub-feature for managing private locations ({kibana-pull}201100[#201100]). +* Elastic Observability Serverless adds the ability to configure SLO advanced settings from the UI ({kibana-pull}200822[#200822]). +* Elastic Security Serverless adds support for suppressing EQL sequence alerts ({kibana-pull}189725[#189725]). +* Elastic Security Serverless adds a `/trained_models_list` endpoint to retrieve complete data for the Trained Model UI ({kibana-pull}200977[#200977]). +* Machine Learning adds an action to include log rate analysis in a case ({kibana-pull}199694[#199694]). +* Machine Learning enhances the Kibana API to optimize trained models ({kibana-pull}201549[#201549]). + +[discrete] +[[fixes-12092020]] +==== Fixes +* Fixes Slack API connectors not being displayed under the Slack connector type when adding a new connector to a rule in Alerting ({kibana-pull}202315[#202315]). +* Fixes point visibility regression in dashboard visualizations ({kibana-pull}202358[#202358]). +* Improves help text for creator and view count features on the Dashboard listing page ({kibana-pull}202488[#202488]). +* Highlights matching field values when performing a KQL search on a keyword field in Discover ({kibana-pull}201952[#201952]). +* Adds support for the *Inspect* option in saved search embeddables in Discover ({kibana-pull}202947[#202947]). +* Enables the ability to clear user-specific system prompts in Elastic Observability Serverless ({kibana-pull}202279[#202279]). +* Fixes an error when opening the rule flyout in Elastic Observability Serverless ({kibana-pull}202386[#202386]). +* Improves handling of Opsgenie as the default connector in Elastic Observability Serverless ({kibana-pull}201923[#201923]). +* Fixes issues with actions on charts in Elastic Observability Serverless ({kibana-pull}202443[#202443]). +* Adds a flyout to the table view in Infrastructure Inventory in Elastic Observability Serverless ({kibana-pull}202646[#202646]). +* Fixes service names with spaces not being URL-encoded properly for {{context.viewInAppUrl}} in Elastic Observability Serverless ({kibana-pull}202890[#202890]). +* Enhances access query logic to handle user ID and name conditions in Elastic Observability Serverless ({kibana-pull}202833[#202833]). +* Fixes an APM rule error message when a KQL filter is invalid in Elastic Observability Serverless ({kibana-pull}203096[#203096]). +* Restricts and rejects CEF logs in automatic import and redirects them to the CEF integration in Elastic Security Serverless ({kibana-pull}201792[#201792]). +* Updates the copy of the install rules title and message in Elastic Security Serverless ({kibana-pull}202226[#202226]). +* Clears errors on the second entity engine initialization API call in Elastic Security Serverless ({kibana-pull}202903[#202903]). +* Restricts unsupported log formats in Elastic Security Serverless ({kibana-pull}202994[#202994]). +* Removes errors related to Enterprise Search nodes in Elasticsearch Serverless ({kibana-pull}202437[#202437]). +* Ensures consistency in web crawler naming in Elasticsearch Serverless ({kibana-pull}202738[#202738]). +* Fixes editor cursor jumpiness in ES|QL ({kibana-pull}202389[#202389]). +* Implements rollover of data streams on subobject mapper exceptions in Fleet ({kibana-pull}202689[#202689]). +* Fixes trained models to retrieve up to 10,000 models when spaces are synced in Machine Learning ({kibana-pull}202712[#202712]). +* Fixes a Log Rate Analysis embeddable error on the Alerts page in AiOps ({kibana-pull}203093[#203093]). + +[discrete] +[[serverless-changelog-12032024]] +=== December 3, 2024 + +[discrete] +[[features-enhancements-12032024]] +==== Features and enhancements +* Adds tabs for Import Entities and Engine Status to the Entity Store ({kibana-pull}201235[#201235]). +* Adds status tracking for agentless integrations to {fleet} ({kibana-pull}199567[#199567]). +* Adds a new {ml} module that can detect anomalous activity in host-based logs ({kibana-pull}195582[#195582]). +* Allows custom Mapbox Vector Tile sources to style map layers and provide custom legends ({kibana-pull}200656[#200656]). +* Excludes stale SLOs from counts of healthy and violated SLOs ({kibana-pull}201027[#201027]). +* Adds a **Continue without adding integrations** button to the {elastic-sec} Dashboards page that takes you to the Entity Analytics dashboard ({kibana-pull}201363[#201363]). +* Displays visualization descriptions under their titles ({kibana-pull}198816[#198816]). + +[discrete] +[[fixes-12032024]] +==== Fixes +* Hides the *Clear* button when no filters are selected ({kibana-pull}200177[#200177]). +* Fixes a mismatch between how wildcards were handled in previews versus actual rule executions ({kibana-pull}201553[#201553]). +* Fixes incorrect Y-axis and hover values in the Service Inventory's Log rate chart ({kibana-pull}201361[#201361]). +* Disables the *Add note* button in the alert details flyout for users who lack privileges ({kibana-pull}201707[#201707]). +* Fixes the descriptions of threshold rules that use cardinality ({kibana-pull}201162[#201162]). +* Disables the *Install All* button on the **Add Elastic Rules** page when rules are installing ({kibana-pull}201731[#201731]). +* Reintroduces a data usage warning on the Entity Analytics Enablement modal ({kibana-pull}201920[#201920]). +* Improves accessibility for the **Create a connector** page ({kibana-pull}201590[#201590]). +* Fixes a bug that could cause {agents} to get stuck updating during scheduled upgrades ({kibana-pull}202126[#202126]). +* Fixes a bug related to starting {ml} deployments with autoscaling and no active nodes ({kibana-pull}201256[#201256]). +* Initializes saved objects when the **Trained Model** page loads ({kibana-pull}201426[#201426]). +* Fixes the display of deployment stats for unallocated deployments of {ml} models ({kibana-pull}202005[#202005]). +* Enables the solution type search for instant deployments ({kibana-pull}201688[#201688]). +* Improves the consistency of alert counts across different views ({kibana-pull}202188[#202188]). diff --git a/docs/en/install-upgrade/upgrade-deployment-cluster.asciidoc b/docs/en/install-upgrade/upgrade-deployment-cluster.asciidoc new file mode 100644 index 000000000..1298104b2 --- /dev/null +++ b/docs/en/install-upgrade/upgrade-deployment-cluster.asciidoc @@ -0,0 +1,23 @@ +[[upgrade-deployment-cluster]] +== Upgrade your deployment or cluster + +Before you upgrade your deployment or cluster to {version}, ensure you're <>. + +The procedures you follow to upgrade depend on whether you've installed Elastic components using Elastic-managed infrastructure or self-managed infrastructure. + +If you're running Elastic-managed infrastructure, your options are: + +* <> +* Upgrading on {serverless-full} (updates are automatic and require no user management) + +If you're running your own self-managed infrastructure—either on-prem or on public cloud—your options are: + +* <> (upgrade each component individually) +* <> (ECE) +* <> (ECK) + +NOTE: Before you begin upgrading on ECE or ECK, ensure your orchestrator is compatible with {version}. + + + + diff --git a/docs/en/install-upgrade/upgrade-ingest-components.asciidoc b/docs/en/install-upgrade/upgrade-ingest-components.asciidoc new file mode 100644 index 000000000..e69de29bb diff --git a/docs/en/install-upgrade/upgrade-on-ece.asciidoc b/docs/en/install-upgrade/upgrade-on-ece.asciidoc new file mode 100644 index 000000000..c6aaba002 --- /dev/null +++ b/docs/en/install-upgrade/upgrade-on-ece.asciidoc @@ -0,0 +1,47 @@ +[[upgrade-on-ece]] +=== Upgrade on {ece} (ECE) + +Similar to {ecloud} Hosted, a single click in the {ecloud} console can upgrade a deployment running on ECE to a newer version. During the upgrade process, {es}, {kib}, and all of your deployment components are upgraded simultaneously. + +Once you're <>, do the following: + +. Ensure your current ECE and Docker versions are https://www.elastic.co/support/matrix/#matrix_os[compatible] with {version} (the minimum required version for 9.x is ECE 3.0). If you don’t have a compatible version installed, <>. +. Download the most recent {ece-ref}/ece-manage-elastic-stack.html#ece_most_recent_elastic_stack_packs[stack pack] for the version you're upgrading to, then {ece-ref}/ece-manage-elastic-stack.html#ece-manage-elastic-stack-add[add the stack pack] to your installation via the Cloud UI. +. Back up your data to a snapshot. First, {ece-ref}/ece-manage-repositories.html[configure a snapshot repository] to enable snapshots. + +[discrete] +[[perform-upgrade-ece]] +==== Perform the upgrade + +. Log in to the {ece-ref}/ece-login.html[Cloud UI]. +. On the Deployments page, select your deployment. ++ +Narrow the list by name, ID, or choose from several other filters. To further define the list, use a combination of filters. + +To upgrade a deployment: + +. In the *Deployment version* section, click *Upgrade*. +. Select version {version}. +. Click *Upgrade*, then *Confirm upgrade*. The new configuration takes a few minutes to create. ++ +NOTE: If any incompatibilities are detected when you attempt to upgrade to {version}, the UI provides a link to the Upgrade Assistant, which checks for deprecated settings in your cluster and indices and helps you resolve them. After resolving the issues, return to the deployments page and restart the upgrade. + +Security realm settings:: +During the upgrade process, you are prompted to update the security realm settings if your user settings include a `xpack.security.authc.realms` value. ++ +If the security realms are configured in `user_settings`, you'll be prompted to modify the settings: ++ +.. On the *Update security realm settings* window, edit the settings. ++ +.. Click *Update settings*. ++ +If the security realm settings are located in `user_settings_override`, contact Support to help you upgrade. + +After you're done upgrading, upgrade your ingest components in the following order: + +. {ls}: {logstash-ref}/upgrading-logstash.html[upgrade instructions] +. {beats}: {beats-ref}/upgrading.html[upgrade instructions] +. {agent}: {fleet-guide}/upgrade-elastic-agent.html[upgrade instructions] +. {apm-agents-ref}/index.html[{apm-agent}s] +. Custom clients + diff --git a/docs/en/install-upgrade/upgrade-on-eck.asciidoc b/docs/en/install-upgrade/upgrade-on-eck.asciidoc new file mode 100644 index 000000000..69e1b240f --- /dev/null +++ b/docs/en/install-upgrade/upgrade-on-eck.asciidoc @@ -0,0 +1,144 @@ +[[upgrade-on-eck]] +=== Upgrade on {eck} (ECK) + +The ECK orchestrator can safely perform upgrades to newer versions of the various {stack} resources. + +To upgrade on ECK, first do the following: + +. Ensure you're <>. +. Ensure the ECK version is {eck-ref}/k8s-supported.html[compatible] with the {stack} version you’re targeting. If necessary, <>. + +[discrete] +[[perform-upgrade-eck]] +==== Perform the upgrade + +When you are ready, modify the `version` field in the resource spec to the desired stack version and the orchestrator will start the upgrade process automatically. Do this for each resource, including {es} and {kib}. In the following example, we’re modifying the version to `9.0.0`. + +[source,yaml,subs="attributes,+macros"] +---- +apiVersion: elasticsearch.k8s.elastic.co/v1 +kind: Elasticsearch +metadata: + name: elasticsearch-sample + namespace: production +spec: + version: 9.0.0 + monitoring: + metrics: + elasticsearchRefs: + - name: monitoring-cluster + namespace: observability + logs: + elasticsearchRefs: + - name: monitoring-cluster + namespace: observability + http: + service: + spec: + type: LoadBalancer + nodeSets: + - name: master + count: 3 + config: + node.roles: ["master"] + xpack.ml.enabled: true + node.store.allow_mmap: false + volumeClaimTemplates: + - metadata: + name: elasticsearch-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + storageClassName: standard + podTemplate: + metadata: + labels: + key: sample + spec: + initContainers: + - name: sysctl + securityContext: + privileged: true + command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144'] + containers: + - name: elasticsearch + resources: + requests: + memory: 2Gi + cpu: 0.5 + limits: + memory: 2Gi + cpu: 1 + - name: data + count: 3 + config: + node.roles: ["data", "ingest", "ml", "transform"] + node.store.allow_mmap: false + volumeClaimTemplates: + - metadata: + name: elasticsearch-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + storageClassName: standard + podTemplate: + metadata: + labels: + key: sample + spec: + initContainers: + - name: sysctl + securityContext: + privileged: true + command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144'] + containers: + - name: elasticsearch + resources: + requests: + memory: 2Gi + cpu: 0.5 + limits: + memory: 2Gi + cpu: 1 +--- +apiVersion: kibana.k8s.elastic.co/v1 +kind: Kibana +metadata: + name: kibana-sample + namespace: production +spec: + version: 9.0.0 + monitoring: + metrics: + elasticsearchRefs: + - name: monitoring-cluster + namespace: observability + logs: + elasticsearchRefs: + - name: monitoring-cluster + namespace: observability + http: + service: + spec: + type: LoadBalancer + count: 1 + elasticsearchRef: + name: elasticsearch-sample + +---- + +ECK will ensure that {stack} resources are upgraded in the correct order. For more information on how the orchestrator performs upgrades and how to tune its behavior, check out {eck-ref}/k8s-orchestration.html[Nodes orchestration]. + +Next, upgrade your ingest components in the following order: + +. {ls}: {logstash-ref}/upgrading-logstash.html[upgrade instructions] +. {beats}: {beats-ref}/upgrading.html[upgrade instructions] +. {agent}: {fleet-guide}/upgrade-elastic-agent.html[upgrade instructions] +. {apm-agents-ref}/index.html[{apm-agent}s] +. Custom clients \ No newline at end of file diff --git a/docs/en/install-upgrade/upgrade-orchestrator.asciidoc b/docs/en/install-upgrade/upgrade-orchestrator.asciidoc new file mode 100644 index 000000000..1685ae995 --- /dev/null +++ b/docs/en/install-upgrade/upgrade-orchestrator.asciidoc @@ -0,0 +1,20 @@ +[[upgrade-orchestrator]] +== Upgrade your orchestrator + +NOTE: This topic applies only to customers running the {stack} on {ece} (ECE) or {eck} (ECK). + +Elastic provides customers with two major self-managed orchestrators to manage the {stack}. Before you can upgrade the products in the stack, you need to ensure your orchestrator is running a compatible version. If it's incompatible, you'll need to upgrade the orchestrator first before you can upgrade the stack. + +[discrete] +=== Upgrade ECE + +{ece} (ECE) provides an easy way to provision, manage, and scale a fleet of {es} deployments from a central place. It can be installed on a public cloud platform, such as AWS, GCP or Microsoft Azure, on your own private cloud, or on bare metal. + +If you’re planning to upgrade to {version}, the minimum required version is ECE 3.0.0. If you're running an earlier version, refer to {ece-ref}/ece-upgrade.html[Upgrade your installation] for instructions on how to upgrade. + +[discrete] +=== Upgrade ECK + +{eck} (ECK) is built on the Kubernetes operator pattern and extends the basic Kubernetes orchestration capabilities to support the setup and management of Elastic products and solutions on Kubernetes. + +If you're planning to upgrade to {version}, refer to the list of {eck-ref}/k8s-supported.html[supported versions] to ensure your current ECK version is compatible. If it isn't, refer to {eck-ref}/k8s-upgrading-eck.html[Upgrade ECK] for instructions on how to upgrade. diff --git a/docs/en/install-upgrade/upgrading-elasticsearch.asciidoc b/docs/en/install-upgrade/upgrading-elasticsearch.asciidoc index 4fa2b7e24..f6bd73740 100644 --- a/docs/en/install-upgrade/upgrading-elasticsearch.asciidoc +++ b/docs/en/install-upgrade/upgrading-elasticsearch.asciidoc @@ -1,5 +1,5 @@ [[upgrading-elasticsearch]] -== Upgrade {es} +=== Upgrade {es} An {es} cluster can be upgraded one node at a time so upgrading does not interrupt service. Running multiple versions of @@ -332,7 +332,7 @@ upgraded master. [discrete] [[archived-settings]] -=== Archived settings +==== Archived settings If you upgrade an {es} cluster that uses deprecated cluster or index settings that are not used in the target version, they are archived. We diff --git a/docs/en/install-upgrade/upgrading-kibana.asciidoc b/docs/en/install-upgrade/upgrading-kibana.asciidoc index c8e9c36fb..a0b012408 100644 --- a/docs/en/install-upgrade/upgrading-kibana.asciidoc +++ b/docs/en/install-upgrade/upgrading-kibana.asciidoc @@ -1,5 +1,5 @@ [[upgrading-kibana]] -== Upgrade {kib} +=== Upgrade {kib} [WARNING] ==== diff --git a/docs/en/install-upgrade/upgrading-stack-cloud.asciidoc b/docs/en/install-upgrade/upgrading-stack-cloud.asciidoc index de0785de9..a1f31ccf5 100644 --- a/docs/en/install-upgrade/upgrading-stack-cloud.asciidoc +++ b/docs/en/install-upgrade/upgrading-stack-cloud.asciidoc @@ -1,22 +1,19 @@ [[upgrade-elastic-stack-for-elastic-cloud]] -=== Upgrade on Elastic Cloud +=== Upgrade on {ecloud} Hosted -Once you are <>, -a single click in the Elastic Cloud console can upgrade a deployment to a newer -version, add more processing capacity, change plugins, and enable or disable -high availability, all at the same time. During the upgrade process, -{es}, {kib}, and all of your deployment components are upgraded simultaneously. +Once you are <>, +a single click in the {ecloud} console can upgrade a deployment to a newer version, add more processing capacity, change plugins, and enable or disable high availability, all at the same time. During the upgrade process, {es}, {kib}, and all of your deployment components are upgraded simultaneously. -Minor version upgrades, upgrades from {prev-major-last} to {version}, +Minor version upgrades, upgrades from 8.18 to {version}, and cluster configuration changes can be performed with no downtime. -Elastic Cloud only supports upgrades to released versions. +{ecloud} only supports upgrades to released versions. Preview releases and master snapshots are not supported. -{ess} and {ece} do not support the ability to upgrade to or from release candidate builds, such as 8.0.0-rc1. +{ecloud} Hosted and {ece} do not support the ability to upgrade to or from release candidate builds, such as 9.0.0-rc1. -If you use a separate {cloud}/ec-enable-logging-and-monitoring.html[monitoring deployment], you should upgrade the monitoring deployment before the production deployment. In general, the monitoring deployment and the deployments being monitored should be running the same version of the Elastic Stack. A monitoring deployment cannot monitor production deployments running newer versions of the stack. If necessary, the monitoring deployment can monitor production deployments running the latest release of the previous major version. +If you use a separate {cloud}/ec-enable-logging-and-monitoring.html[monitoring deployment], you should upgrade the monitoring deployment before the production deployment. In general, the monitoring deployment and the deployments being monitored should be running the same version of the {stack}. A monitoring deployment cannot monitor production deployments running newer versions of the stack. If necessary, the monitoring deployment can monitor production deployments running the latest release of the previous major version. -IMPORTANT: Although it's simple to upgrade an Elastic Cloud deployment, +IMPORTANT: Although it's simple to upgrade an {ecloud} deployment, the new version might include breaking changes that affect your application. Make sure you review the deprecation logs, make any necessary changes, and test against the new version before upgrading your production deployment. @@ -24,7 +21,7 @@ and test against the new version before upgrading your production deployment. //To learn more about the upgrade process on Elastic Cloud, see {cloud}/ec-upgrade-deployment.html[Upgrade versions]. Upgrade Assistant:: -Prior to upgrading, Elastic Cloud checks the deprecation API to retrieve information about the cluster, node, and index-level settings that need to be removed or changed. If there are any issues that would prevent a successful upgrade, the upgrade is blocked. Use the {kibana-ref-all}/{prev-major-last}/upgrade-assistant.html[Upgrade Assistant] in {prev-major-last} to identify and resolve issues and reindex any indices created before 7.0. +Prior to upgrading, {ecloud} checks the deprecation API to retrieve information about the cluster, node, and index-level settings that need to be removed or changed. If there are any issues that would prevent a successful upgrade, the upgrade is blocked. Use the {kibana-ref}/upgrade-assistant.html[Upgrade Assistant] in 8.18 to identify and resolve issues and reindex any indices created before 8.0. Snapshots:: To keep your data safe during the upgrade process, a snapshot is taken automatically @@ -56,45 +53,37 @@ If the security realms are configured in `user_settings`, you'll be prompted to . On the *Update security realm settings* window, edit the settings. + . Click *Update settings*. -If the security realm settings are located in `user_settings_override`, contact support to help you upgrade. +If the security realm settings are located in `user_settings_override`, contact Support to help you upgrade. [discrete] [[perform-cloud-upgrade]] -=== Perform the upgrade +==== Perform the upgrade -Log in to your Elastic Cloud environment: +Log in to your {ecloud} environment: + +. Log in to the {ecloud} Hosted https://cloud.elastic.co/login[console]. +. Select your deployment on the home page in the {ecloud} Hosted card or go to the Deployments page. ++ +Narrow your deployments by name, ID, or choose from several other filters. To customize your view, use a combination of filters, or change the format from a grid to a list. //include::tab-widgets/code.asciidoc[] //include::tab-widgets/cloud-login-widget.asciidoc[] -include::{docs-root}/shared/cloud/tab-widgets/code.asciidoc[] -include::{docs-root}/shared/cloud/tab-widgets/cloud-login-widget.asciidoc[] +//include::{docs-root}/shared/cloud/tab-widgets/code.asciidoc[] +//include::{docs-root}/shared/cloud/tab-widgets/cloud-login-widget.asciidoc[] To upgrade a deployment: . In the *Deployment version* section, click *Upgrade*. . Select version {version}. -. Click *Upgrade* and then *Confirm upgrade*. The new configuration takes a few minutes to create. +. Click *Upgrade*, then *Confirm upgrade*. The new configuration takes a few minutes to create. + NOTE: If any incompatibilities are detected when you attempt to upgrade to {version}, the UI provides a link to the Upgrade Assistant, which checks for deprecated settings in your cluster and indices and helps you resolve them. After resolving the issues, return to the deployments page and restart the upgrade. -[discrete] -[[upgrading-clients-ingest]] -=== Upgrading {es} clients and ingest components - -Once you have upgraded from {prev-major-last}, you need to update your {es} clients and ingest components -in the following order: - -. Java API Client: {java-api-client}/installation.html#maven[dependency configuration] -. Logstash: {logstash-ref}/upgrading-logstash.html[upgrade instructions] -. Beats: {beats-ref}/upgrading.html[upgrade instructions] -. {agent}: {fleet-guide}/upgrade-elastic-agent.html[upgrade instructions] - [discrete] [[upgrading-reindex]] -=== Reindex to upgrade +==== Reindex to upgrade -If you are running a pre-{prev-major-version} version, you might need to perform multiple upgrades -or a full-cluster restart to get to {prev-major-last} to prepare to upgrade to {version}. +If you are running a pre-{prev-major-version} version, you might need to perform multiple upgrades or a full-cluster restart to get to 8.18 to then prepare to upgrade to {version}. Alternatively, you can create a new {version} deployment and reindex from remote: @@ -107,6 +96,20 @@ and temporarily send new index requests to both clusters. permanently swap in the new cluster. . Delete the old deployment. -On Elastic Cloud, you are billed only for the time that the new deployment +On {ecloud}, you are billed only for the time that the new deployment runs in parallel with your old deployment. Usage is billed on an hourly basis. + + +[discrete] +[[upgrading-clients-ingest]] +==== Upgrading {es} clients and ingest components + +Once you have upgraded from 8.18, you need to update your ingest components in the following order: + +//. Java API Client: {java-api-client}/installation.html#maven[dependency configuration] +. {ls}: {logstash-ref}/upgrading-logstash.html[upgrade instructions] +. {beats}: {beats-ref}/upgrading.html[upgrade instructions] +. {agent}: {fleet-guide}/upgrade-elastic-agent.html[upgrade instructions] +. {apm-agents-ref}/index.html[{apm-agent}s] +. Custom clients \ No newline at end of file diff --git a/docs/en/install-upgrade/upgrading-stack-on-prem.asciidoc b/docs/en/install-upgrade/upgrading-stack-on-prem.asciidoc index 158952e4b..a5f6d4598 100644 --- a/docs/en/install-upgrade/upgrading-stack-on-prem.asciidoc +++ b/docs/en/install-upgrade/upgrading-stack-on-prem.asciidoc @@ -1,19 +1,24 @@ [[upgrading-elastic-stack-on-prem]] -=== Upgrade Elastic on-prem +== Upgrade Elastic on self-managed infrastructure -Once you are <>, +Once you're <>, you will need to upgrade each of your Elastic components individually. -. Consider closing {ml} jobs before you start the upgrade process. While {ml} -jobs can continue to run during a rolling upgrade, it increases the overhead -on the cluster during the upgrade process. +Upgrade the components of your {stack} in this order: -. Upgrade the components of your Elastic Stack in the following order: +//.. {es} Hadoop: {hadoop-ref}/install.html[install instructions] +. {es}: <> +. {kib}: <> +//.. Java API Client: {java-api-client}/installation.html#maven[dependency configuration] +. {ls}: {logstash-ref}/upgrading-logstash.html[upgrade instructions] (See note below) +. {beats}: {beats-ref}/upgrading.html[upgrade instructions] +. {agent}: {fleet-guide}/upgrade-elastic-agent.html[upgrade instructions] +. {apm-agents-ref}/index.html[{apm-agent}s] +. Custom clients -.. {es} Hadoop: {hadoop-ref}/install.html[install instructions] -.. {es}: <> -.. Kibana: <> -.. Java API Client: {java-api-client}/installation.html#maven[dependency configuration] -.. Logstash: {logstash-ref}/upgrading-logstash.html[upgrade instructions] -.. Beats: {beats-ref}/upgrading.html[upgrade instructions] -.. {agent}: {fleet-guide}/upgrade-elastic-agent.html[upgrade instructions] \ No newline at end of file +[NOTE] +-- +If you are using {ls} and the {logstash-ref}/plugins-filters-elastic_integration.html[`logstash-filter-elastic_integration`] plugin to extend Elastic integrations, upgrade {ls} (or the `logstash-filter-elastic_integration` plugin specifically) _before_ you upgrade {kib}. + +The {es} -> {ls} -> {kib} installation order for this specific plugin ensures the best experience with {agent}-managed pipelines, and embeds functionality from a version of {es} Ingest Node that is compatible with the plugin version (`major`.`minor`). +-- diff --git a/docs/en/install-upgrade/upgrading-stack.asciidoc b/docs/en/install-upgrade/upgrading-stack.asciidoc index 4219c92ac..07237c2b7 100644 --- a/docs/en/install-upgrade/upgrading-stack.asciidoc +++ b/docs/en/install-upgrade/upgrading-stack.asciidoc @@ -1,6 +1,419 @@ [[upgrading-elastic-stack]] -== Upgrade to Elastic {version} += Upgrade to Elastic {version} +Upgrading to the latest version provides you access to Elastic latest features, enhancements, performance improvements, and bug fixes, many of which enable you to save your organization money, respond faster to potential threats, and improve the tools you use to investigate and analyze your data. As new versions are released, older versions reach their end of life at a regular cadence, so it’s important to ensure that your deployment is fully maintained and supported. For more information, refer to Elastic’s https://www.elastic.co/support/eol[Product End of Life Dates]. + +[discrete] +[[plan-upgrade]] +== Plan your upgrade + +Before you upgrade, there are a number of things that you need to plan for before performing the actual upgrade, so create a test plan. Consider the following recommendations: + +* Plan for an appropriate amount of time to complete the upgrade. Depending on your configuration and the size of your cluster, the process can take up a few weeks or or more to complete. + +* Consider opening a https://support.elastic.co/case[support case] with Elastic to alert our Elastic Support team of your system change. If you need additional assistance, https://www.elastic.co/consulting[Elastic Consulting Services] provides the technical expertise and step-by-step approach for upgrading your Elastic deployment. + +* Schedule a system maintenance window within your organization. + +**Check system requirements** + +Ensure the version you’re upgrading to for Elasticsearch, Kibana, and any ingest components supports your current operating system. Refer to the Product and Operating System https://www.elastic.co/support/matrix#matrix_os[support matrix]. + +**JVM and FIPS compliance** + +By default, {es} includes a bundled Java Virtual Machine (JVM) supported by Elastic. While we strongly recommend using the bundled JVM in all installations of Elasticsearch, if you choose to use your own JVM, ensure it’s compatible by reviewing the Product and JVM https://www.elastic.co/support/matrix#matrix_jvm[support matrix]. {es} 9.0+ requires Java 21 or later. + +If you’re running {es} in FIPS 140-2 mode, {es} 9.0+ has been tested with https://www.bouncycastle.org/java.html[Bouncy Castle]'s FIPS implementation and is the recommended Java security provider when running Elasticsearch. + +*Conduct a component inventory* + +It is very important to map all the components that are being used on the {stack}. When you upgrade your deployment, you may also need to upgrade all the other components. You should record if each component is used, and if it is, you should record its current version. While this is not a comprehensive list, here are some components you should check: + +* {es} +* {es} Hadoop +* {es} Plugins +* {es} clients +* {kib} +* {ls} +* {ls} plugins +* {beats} +* {beats} modules +* {apm-agent}s +* APM server +* {agent} +* {fleet} +* Enterprise Search server +* Security +* Browsers +* External services (Kafka, etc.) + +TIP: When you do your inventory, you can {ref}/enable-audit-logging.html[enable audit logging] to evaluate resources that are accessing your deployment. + +[discrete] +[[choose-upgrade-path]] +== Choose your upgrade path + +The procedures you follow to upgrade depend on your infrastructure and deployment method. You’ve installed Elastic components using either Elastic-managed infrastructure or self-managed infrastructure. + +Elastic-managed infrastructure includes {ecloud} – the umbrella term for {ecloud} Hosted (ECH) and {serverless-full}. {serverless-full} (“Serverless”) is the fully managed cloud offering and has three products: {es-serverless}, {obs-serverless}, and {sec-serverless}. All serverless products are built on top of the Search AI Lake. Customers receive the latest features automatically when updates are published. + +{ecloud} Hosted is Elastic’s cloud offering for managing {stack} deployments, built on top of {es}. A single click in the {ecloud} console can upgrade a deployment to a newer version. + +Self-managed infrastructure — either on-prem or on public cloud, includes: + +* {stack} +* {ece} (ECE) +* {eck} (ECK) + +For ECE and ECK, you need to ensure the orchestrator is running a compatible version with the {stack} version you’re upgrading to. If not, you need to <> your orchestrator before you can upgrade your cluster. + +If you’re running the {stack} on your own self-managed infrastructure, you’ll need to upgrade each component individually. + + +[discrete] +[[prepare-upgrade-9.0]] +== Prepare to upgrade + +Before you upgrade to {version}, it's important to take some preparation steps. Unless noted, these following recommendations are best practices regardless of deployment method. + +IMPORTANT: Upgrading from a release candidate build, such as 9.0.0-rc1, is not supported. Pre-releases should only be used for testing in a temporary environment. + +To upgrade to {version} from 8.17 or earlier, **you must first upgrade to the latest patch version of 8.18**. This enables you to use the **Upgrade Assistant** to identify and resolve issues, +reindex indices created before 8.0 or mark them as read-only, and perform a rolling upgrade. + +*Upgrading to 8.18 before upgrading to {version} is required +even if you opt to do a full-cluster restart of your {es} cluster.* + +Alternatively, you can create a new {version} deployment and reindex from remote. +For more information, refer to <>. + +{beats} and {ls} 8.18 are compatible with {es} {version} +to give you flexibility in scheduling the upgrade. + +.Remote cluster compatibility +[NOTE] +==== +If you use {ccs}, note that {version} can only search remote clusters running the previous minor version or later. +For more information, see {ref}/modules-cross-cluster-search.html[Searching across clusters]. + +If you use {ccr}, a cluster that contains follower indices must run the same or newer version as the remote cluster. +For more information, see {ref}/xpack-ccr.html[Cross cluster replication] for version compatibility matrix. + +You can view your remote clusters from **Stack Management > Remote Clusters**. +==== + +. Once you've upgraded to 8.18, use the {kibana-ref}/upgrade-assistant.html[*Upgrade Assistant*] to prepare for your upgrade from 8.18 to {version}. The Upgrade Assistant identifies deprecated settings and guides you through resolving issues and reindexing indices created before 8.0. {es} fully supports indices created in the current or previous major version. Older indices are partly supported as read-only archives with limited capabilities. +//For example, {es} {version} fully supports indices, data streams, and searchable snapshots created in {es}8.x, but those created in {es} 7.x would be read-only and indices Elasticsearch 6.x or older would not be compatible with Elasticsearch 9.x.// + +. Ensure you have a current {ref}/snapshots-take-snapshot.html[snapshot] before making configuration changes or reindexing. +*You must resolve all critical issues before proceeding with the upgrade.* If you make any additional changes, take a new snapshot to back up your data. ++ +NOTE: If you’re upgrading on {ecloud} Hosted, to keep your data safe during the upgrade process, a snapshot is taken automatically before any changes are made to your cluster. If you’re upgrading on {ece}, you need to {ece-ref}/ece-manage-repositories.html[configure a snapshot repository] to enable snapshots. + +. Ensure you carefully review the deprecation logs from the Upgrade Assistant to determine if your applications are using features that are not supported or behave differently in {version}. + +. Major version upgrades can include breaking changes that require you to take additional steps to ensure that your applications behave as expected after the upgrade. Review all {version} <> for each product you use to view more information about changes that could affect your application. Ensure you test against the new version before upgrading existing deployments. ++ +IMPORTANT: Ensure you check the breaking changes for each minor 8.x release up to {version}. +. Make the recommended changes to ensure that your clients continue to operate as expected after the upgrade. ++ +NOTE: As a temporary solution, you can submit requests to {major-version} +using the {prev-major-version} syntax with the REST API compatibility mode. +While this enables you to submit requests that use the old syntax, +it does not guarantee the same behavior. +REST API compatibility should be a bridge to smooth out the upgrade process, +not a long term strategy. +For more information, see {ref}/rest-api-compatibility.html[REST API compatibility]. +. If you use any {es} plugins, ensure there is a version of each plugin that is compatible with {version}. +. We recommend creating a 9.0 test deployment and testing the upgrade in an isolated environment before upgrading your production deployment. Ensure that both your test and production environments have the same settings. ++ +IMPORTANT: You cannot downgrade {es} nodes after upgrading. If you cannot complete the upgrade process, you will need to {ref}/snapshots-restore-snapshot.html[restore from the snapshot]. ++ +. If you use a separate {ref}/monitoring-production.html[monitoring cluster], you should upgrade the monitoring cluster before the production cluster. In general, the monitoring cluster and the clusters being monitored should be running the same version of the stack. A monitoring cluster cannot monitor production clusters running newer versions of the stack. If necessary, the monitoring cluster can monitor production clusters running the latest release of the previous major version. +. To reduce overhead on the cluster during the upgrade, close {ml} jobs. Although {ml} jobs can run during a rolling upgrade, doing so increases the cluster workload. +. If you have `.ml-anomalies-*` anomaly detection result indices created in Elasticsearch 7.x, reindex, mark as read-only, or delete them before you upgrade to {version}. For more information, refer to <>. +. If you have transform destination indices created in Elasticsearch 7.x, reset, reindex, or delete them before you upgrade to {version}. For more information, refer to <>. + +[discrete] +[[anomaly-detection-results-migration]] +=== Migrate anomaly detection results + +The {anomaly-detect} result indices `.ml-anomalies-*` created in {es} 7.x must be either reindexed, marked read-only, or deleted before upgrading to 9.x. + +**Reindexing**: While {anomaly-detect} results are being reindexed, jobs continue to run and process new data. However, you cannot completely delete an {anomaly-job} that stores results in this index until the reindexing is complete. + +**Marking indices as read-only**: This is useful for large indexes that contain the results of only one or a few {anomaly-jobs}. You need to update or delete all obsolete model snapshots before using this option. If you delete these jobs later, you will not be able to create a new job with the same name. + +**Deleting**: Delete jobs that are no longer needed in the {ml-app} app in {kib}. The result index is deleted when all jobs that store results in it have been deleted. + +.Which indices require attention? +[%collapsible] +==== +To identify indices that require action, use the https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-migration-deprecations-1[Deprecation info API]: + +[source,console] +---- +GET /.ml-anomalies-*/_migration/deprecations +---- + +The response contains the list of critical deprecation warnings in the `index_settings` section: + +[source,console] +---- + "index_settings": { + ".ml-anomalies-shared": [ + { + "level": "critical", + "message": "Index created before 8.0", + "url": "https://ela.st/es-deprecation-8-reindex", + "details": "This index was created with version 7.8.23 and is not compatible with 9.0. Reindex or remove the index before upgrading.", + "resolve_during_rolling_upgrade": false + } + ] + } +---- +==== + +.Reindexing anomaly result indices +[%collapsible] +==== +For an index with less than 10GB that contains results from multiple jobs that are still required, we recommend reindexing into a new format using UI. You can use the https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cat-indices-1[Get index information API] to obtain the size of an index: + +[source,console] +---- +GET _cat/indices/.ml-anomalies-custom-example?v&h=index,store.size +---- + +The reindexing can be initiated in the {kib} Upgrade Assistant. + +If an index size is greater than 10 GB, it is recommended to use the Reindex API. Reindexing consists of the following steps: + +. Set the original index to read-only. ++ +[source,console] +---- +PUT .ml-anomalies-custom-example/_block/read_only +---- + +. Create a new index from the legacy index. ++ +[source,console] +---- +POST _create_from/.ml-anomalies-custom-example/.reindexed-v9-ml-anomalies-custom-example +---- + +. Reindex documents. To accelerate the reindexing process, it is recommended that the number of replicas be set to `0` before the reindexing and then set back to the original number once it is completed. + +.. Get the number of replicas. ++ +[source,console] +---- +GET /.reindexed-v9-ml-anomalies-custom-example/_settings +---- ++ +Note the number of replicas in the response. For example: ++ +[source,console] +---- +{ + ".reindexed-v9-ml-anomalies-custom-example": { + "settings": { + "index": { + "number_of_replicas": "1", + "number_of_shards": "1" + } + } + } +} +---- + +.. Set the number of replicas to `0`. You must also set the `auto_expand_replicas` parameter to `false` to change the number of replicas: ++ +[source,console] +---- +PUT /.reindexed-v9-ml-anomalies-custom-example/_settings +{ + "index": { + "auto_expand_replicas": false, + "number_of_replicas": 0 + } +} +---- + +.. Start the reindexing process in asynchronous mode. ++ +[source,console] +---- +POST _reindex?wait_for_completion=false +{ + "source": { + "index": ".ml-anomalies-custom-example" + }, + "dest": { + "index": ".reindexed-v9-ml-anomalies-custom-example" + } +} +---- ++ +The response will contain a `task_id`. You can check when the task is completed using the following command: ++ +[source,console] +---- +GET _tasks/ +---- + +.. Set the number of replicas to the original number when the reindexing is finished. Optionally, you can set the `auto_expand_replicas` parameter back to its default value (`0-1`) to allow the number of replicas to be automatically adjusted based on the number of data nodes in the cluster. ++ +[source,console] +---- +PUT /.reindexed-v9-ml-anomalies-custom-example/_settings +{ + "index": { + "number_of_replicas": "", + "auto_expand_replicas": "0-1" + } +} +---- + +. Get the aliases the original index is pointing to. ++ +[source,console] +---- +GET .ml-anomalies-custom-example/_alias +---- ++ +The response may contain multiple aliases if the results of multiple jobs are stored in the same index. ++ +[source,console] +---- +{ + ".ml-anomalies-custom-example": { + "aliases": { + ".ml-anomalies-example1": { + "filter": { + "term": { + "job_id": { + "value": "example1" + } + } + }, + "is_hidden": true + }, + ".ml-anomalies-example2": { + "filter": { + "term": { + "job_id": { + "value": "example2" + } + } + }, + "is_hidden": true + } + } + } +} +---- + +. Now you can reassign the aliases to the new index and delete the original index in one step. Note that when adding the new index to the aliases, you must use the same `filter` and `is_hidden` parameters as for the original index. ++ +[source,console] +---- +POST _aliases +{ + "actions": [ + { + "add": { + "index": ".reindexed-v9-ml-anomalies-custom-example", + "alias": ".ml-anomalies-example1", + "filter": { + "term": { + "job_id": { + "value": "example1" + } + } + }, + "is_hidden": true + } + }, + { + "add": { + "index": ".reindexed-v9-ml-anomalies-custom-example", + "alias": ".ml-anomalies-example2", + "filter": { + "term": { + "job_id": { + "value": "example2" + } + } + }, + "is_hidden": true + } + }, + { + "remove": { + "index": ".ml-anomalies-custom-example", + "aliases": ".ml-anomalies-*" + } + }, + { + "remove_index": { + "index": ".ml-anomalies-custom-example" + } + }, + { + "add": { + "index": ".reindexed-v9-ml-anomalies-custom-example", + "alias": ".ml-anomalies-custom-example", + "is_hidden": true + } + } + ] +} +---- +==== + +.Marking anomaly result indices as read-only +[%collapsible] +==== +Legacy indices created in {es} 7.x can be made read-only and supported in {es} 9.x. Making an index with a large amount of historical results read-only allows for a quick migration to the next major release, since you don't have to wait for the data to be reindexed into the new format. However, it has the limitation that even after deleting an {anomaly-job}, the historical results associated with this job are not completely deleted. Therefore, the system will prevent you from creating a new job with the same name. + +Be sure to resolve any obsolete model snapshot warnings before marking the index read-only. + +To set the index as read-only, add the write block to the index: + +[source,console] +---- +PUT .ml-anomalies-custom-example/_block/write +---- + +Indices created in {es} 7.x that have a write block will not raise a critical deprecation warning. +==== + +.Deleting anomaly result indices +[%collapsible] +==== +If an index contains results of the jobs that are no longer required. To list all jobs that stored results in an index, use the terms aggregation: + +[source,console] +---- +GET .ml-anomalies-custom-example/_search +{ + "size": 0, + "aggs": { + "job_ids": { + "terms": { + "field": "job_id", + "size": 100 + } + } + } +} +---- + +The jobs can be deleted in the UI. After the last job is deleted, the index will be deleted as well. +==== + +//// Before you upgrade to {version}, it's important to take some preparation steps. ifeval::["{version}"!="8.0.0"] These steps vary based on your current version: @@ -33,78 +446,428 @@ endif::[] //// // List of upgrade steps used in both 8.x and 7.x // tag::generic-upgrade-steps[] -. If you use any {es} plugins, make sure there is a version of each plugin that is -compatible with {es} version {version}. +//. If you use any {es} plugins, make sure there is a version of each plugin that is compatible with {es} version {version}. -. Test the upgrade in an isolated environment before upgrading your production -cluster. +//. Test the upgrade in an isolated environment before upgrading your production cluster. -. Make sure you have a current snapshot before you start the upgrade. -+ -IMPORTANT: You cannot downgrade {es} nodes after upgrading. -If you cannot complete the upgrade process, -you will need to restore from the snapshot. +//. Make sure you have a current snapshot before you start the upgrade. +//+ +//IMPORTANT: You cannot downgrade {es} nodes after upgrading. +//If you cannot complete the upgrade process, you will need to restore from the snapshot. -. If you use a separate {ref}/monitoring-production.html[monitoring cluster], you should upgrade the monitoring cluster before the production cluster. In general, the monitoring cluster and the clusters being monitored should be running the same version of the stack. A monitoring cluster cannot monitor production clusters running newer versions of the stack. If necessary, the monitoring cluster can monitor production clusters running the latest release of the previous major version. +//. If you use a separate {ref}/monitoring-production.html[monitoring cluster], you should upgrade the monitoring cluster before the production cluster. In general, the monitoring cluster and the clusters being monitored should be running the same version of the stack. A monitoring cluster cannot monitor production clusters running newer versions of the stack. If necessary, the monitoring cluster can monitor production clusters running the latest release of the previous major version. +// // end::generic-upgrade-steps[] -//// - [discrete] -[[prepare-to-upgrade]] -=== Prepare to upgrade from 7.x +[[breaking_90_transform_destination_index]] +=== {transform-cap} destination indices migration -To upgrade to {version} from 7.16 or earlier, **you must first upgrade to {prev-major-last}**. -This enables you to use the **Upgrade Assistant** to identify and resolve issues, -reindex indices created before 7.0, and then perform a rolling upgrade. +The {transform} destination indices created in {es} 7.x must be either reset, reindexed, or deleted before upgrading to 9.x. -**Upgrading to {prev-major-last} before upgrading to {version} is required -even if you opt to do a full-cluster restart of your {es} cluster.** -Alternatively, you can create a new {version} deployment and reindex from remote. -For more information, see <>. +**Resetting**: You can reset the {transform} to delete all state, checkpoints, and the destination index (if it was created by the {transform}). The next time you start the {transform}, it will reprocess all data from the source index, creating a new destination index in {es} 8.x compatible with 9.x. However, if data had been deleted from the source index, you will lose all previously computed results that had been stored in the destination index. -{beats} and {ls} {prev-major-last} are compatible with {es} {version} -to give you flexibility in scheduling the upgrade. +**Reindexing**: You can reindex the destination index and then update the {transform} to write to the new destination index. This is useful if there are results that you want to retain that may not exist in the source index. To prevent the {transform} and reindex tasks from conflicting with one another, you can either pause the {transform} while the reindex runs, or you can write to the new destination index while the reindex backfills old results. -.Remote cluster compatibility -[NOTE] +**Deleting**: You can delete any {transforms} that are no longer being used. Once the {transform} is deleted, you can either delete the destination index or make it read-only. + +.Which indices require attention? +[%collapsible] ==== -If you use {ccs}, note that {version} can only search remote clusters running the previous minor version or later. -For more information, see {ref}/modules-cross-cluster-search.html[Searching across clusters]. +To identify indices that require action, use the https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-migration-deprecations-1[Deprecation info API]: -If you use {ccr}, a cluster that contains follower indices must run the same or newer version as the remote cluster. -For more information, see {ref}/xpack-ccr.html[Cross cluster replication] for version compatibility matrix. +[source,console] +---- +GET /_migration/deprecations +---- -You can view your remote clusters from **Stack Management > Remote Clusters**. +The response contains the list of critical deprecation warnings in the `index_settings` section: + +[source,console] +---- +"index_settings": { + "my-destination-index": [ + { + "level": "critical", + "message": "One or more Transforms write to this index with a compatibility version < 9.0", + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/master/migrating-9.0.html#breaking_90_transform_destination_index", + "details": "Transforms [my-transform] write to this index with version [7.8.23].", + "resolve_during_rolling_upgrade": false + } + ] + } +---- +==== + +.Resetting the transform +[%collapsible] +==== +If the index was created by the {transform}, you can use the https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-transform-reset-transform[Transform Reset API] to delete the destination index and recreate it the next time the {transform} runs. + +If the index was not created by the {transform}, and you still want to reset it, you can manually delete and recreate the index, then call the Reset API. + +[source,console] +---- +POST _transform/my-transform/_reset +---- +==== + +.Reindexing the {transform}'s destination index while the {transform} is paused +[%collapsible] ==== +When {kib} Upgrade Assistant reindexes the documents, {kib} will put a write block on the old destination index, copy the results to a new index, delete the old index, and create an alias to the new index. During this time, the {transform} will pause and wait for the destination to become writable again. If you do not want the {transform} to pause, continue to <>. -. Use the {kibana-ref-all}/{prev-major-last}/upgrade-assistant.html[Upgrade Assistant] -to prepare for your upgrade from {prev-major-last} to {version}. -The **Upgrade Assistant** identifies deprecated settings and guides -you through resolving issues and reindexing indices created before 7.0. -Make sure you have a current snapshot before making configuration changes -or reindexing. +If an index size is less than 10 GB, we recommend using {kib}'s Upgrade Assistant to automatically migrate the index. + +You can use the https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cat-indices-1[Get index information API] to obtain the size of an index: + +[source,console] +---- +GET _cat/indices/.transform-destination-example?v&h=index,store.size +---- + +If an index size is greater than 10 GB, we recommend using the Reindex API. Reindexing consists of the following steps: + +. Set the original index to read-only. + -**You must resolve all critical issues before proceeding with the upgrade.** +[source,console] +---- +PUT .transform-destination-example/_block/read_only +---- -. Review the deprecation logs from the **Upgrade Assistant** to -determine if your applications are using features that are not supported -or behave differently in 8.x. -See the <> for more information -about changes in {version} that could affect your application. +. Create a new index from the legacy index. + -IMPORTANT: Make sure you check the breaking changes for each minor 8.x release -up to {version}. +[source,console] +---- +POST _create_from/.transform-destination-example/.reindexed-v9-transform-destination-example +---- + +. Reindex documents. To accelerate the reindexing process, it is recommended that the number of replicas be set to `0` before the reindexing and then set back to the original number once it is completed. -. Make the recommended changes to ensure that your applications -continue to operate as expected after the upgrade. +.. Get the number of replicas. + -NOTE: As a temporary solution, you can submit requests to {major-version} -using the {prev-major-version} syntax with the REST API compatibility mode. -While this enables you to submit requests that use the old syntax, -it does not guarantee the same behavior. -REST API compatibility should be a bridge to smooth out the upgrade process, -not a long term strategy. -For more information, see {ref}/rest-api-compatibility.html[REST API compatibility]. +[source,console] +---- +GET /.reindexed-v9-transform-destination-example/_settings +---- ++ +Note the number of replicas in the response. For example: ++ +[source,console] +---- +{ + ".reindexed-v9-transform-destination-example": { + "settings": { + "index": { + "number_of_replicas": "1", + "number_of_shards": "1" + } + } + } +} +---- -include::upgrading-stack.asciidoc[tag=generic-upgrade-steps] +.. Set the number of replicas to `0.` ++ +[source,console] +---- +PUT /.reindexed-v9-transform-destination-example/_settings +{ + "index": { + "number_of_replicas": 0 + } +} +---- + +.. Start the reindexing process in asynchronous mode. ++ +[source,console] +---- +POST _reindex?wait_for_completion=false +{ + "source": { + "index": ".transform-destination-example" + }, + "dest": { + "index": ".reindexed-v9-transform-destination-example" + } +} +---- ++ +The response will contain a `task_id`. You can check when the task is completed using the following command: ++ +[source,console] +---- +GET _tasks/ +---- + +.. Set the number of replicas to the original number when the reindexing is finished. ++ +[source,console] +---- +PUT /.reindexed-v9-transform-destination-example/_settings +{ + "index": { + "number_of_replicas": "" + } +} +---- + +. Get the aliases the original index is pointing to. ++ +[source,console] +---- +GET .transform-destination-example/_alias +---- ++ +The response may contain multiple aliases if the results of multiple jobs are stored in the same index. ++ +[source,console] +---- +{ + ".transform-destination-example": { + "aliases": { + ".transform-destination-example1": { + "filter": { + "term": { + "job_id": { + "value": "example1" + } + } + }, + "is_hidden": true + }, + ".transform-destination-example2": { + "filter": { + "term": { + "job_id": { + "value": "example2" + } + } + }, + "is_hidden": true + } + } + } +} +---- + +. Now you can reassign the aliases to the new index and delete the original index in one step. Note that when adding the new index to the aliases, you must use the same `filter` and `is_hidden` parameters as for the original index. ++ +[source,console] +---- +POST _aliases +{ + "actions": [ + { + "add": { + "index": ".reindexed-v9-transform-destination-example", + "alias": ".transform-destination-example1", + "filter": { + "term": { + "job_id": { + "value": "example1" + } + } + }, + "is_hidden": true + } + }, + { + "add": { + "index": ".reindexed-v9-transform-destination-example", + "alias": ".transform-destination-example2", + "filter": { + "term": { + "job_id": { + "value": "example2" + } + } + }, + "is_hidden": true + } + }, + { + "remove": { + "index": ".transform-destination-example", + "aliases": ".transform-destination-*" + } + }, + { + "remove_index": { + "index": ".transform-destination-example" + } + }, + { + "add": { + "index": ".reindexed-v9-transform-destination-example", + "alias": ".transform-destination-example", + "is_hidden": true + } + } + ] +} +---- +==== + +[[reindexing-transform-running]] +.Reindexing the {transform}'s destination index while the {transform} is running +[%collapsible] +==== +If you want the {transform} and the reindex task to write documents to the new destination index at the same time: + +. Set the original index to read-only. ++ +[source,console] +---- +POST _create_from/my-destination-index/my-new-destination-index +---- + +. Update the {transform} to write to the new destination index: ++ +[source,console] +---- +POST _transform/my-transform/_update +{ + "dest": { + "index": "my-new-destination-index" + } +} +---- + +. Reindex documents. To accelerate the reindexing process, it is recommended that the number of replicas be set to 0 before the reindexing and then set back to the original number once it is completed. + +.. Get the number of replicas. ++ +[source,console] +---- +GET /my-destination-index/_settings +---- ++ +.. Note the number of replicas in the response. For example: ++ +[source,console] +---- +{ + "my-destination-index": { + "settings": { + "index": { + "number_of_replicas": "1", + "number_of_shards": "1" + } + } + } +} +---- + +.. Set the number of replicas to `0.` ++ +[source,console] +---- +PUT /my-destination-index/_settings +{ + "index": { + "number_of_replicas": 0 + } +} +---- + +.. Start the reindexing process in asynchronous mode. Set the `op_type` to `create` so the reindex does not overwrite work that the {transform} is doing. + ++ +[source,console] +---- +POST _reindex +{ + "conflicts": "proceed", + "source": { + "index": "my-destination-index" + }, + "dest": { + "index": "my-new-destination-index", + "op_type": "create" + } +} +---- ++ +The response will contain a `task_id`. You can check when the task is completed using the following command: ++ +[source,console] +---- +GET _tasks/ +---- + +.. Set the number of replicas to the original number when the reindexing is finished. ++ +[source,console] +---- +PUT /my-new-destination-index/_settings +{ + "index": { + "number_of_replicas": "" + } +} +---- + +.. Get the aliases the original index is pointing to. ++ +[source,console] +---- +GET my-destination-index/_alias + +{ + "my-destination-index": { + "aliases": { + "my-destination-alias": {}, + } + } +} +---- + +.. Now you can reassign the aliases to the new index and delete the original index in one step. Note that when adding the new index to the aliases, you must use the same `filter` and `is_hidden` parameters as for the original index. ++ +[source,console] +---- +POST _aliases +{ + "actions": [ + { + "add": { + "index": "my-new-destination-index", + "alias": "my-destination-alias" + } + }, + { + "remove": { + "index": "my-destination-index", + "aliases": "my-destination-alias" + } + }, + { + "remove_index": { + "index": "my-destination-index" + } + } + ] +} +---- +==== + +.Deleting the {transform} +[%collapsible] +==== +You can use the https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-transform-delete-transform[Transform Delete API] to delete the {transform} and stop it from writing to the destination index. + +[source,console] +---- +DELETE _transform/my-transform +---- + +If the destination index is no longer needed, it can be deleted alongside the {transform}. + +[source,console] +---- +DELETE _transform/my-transform?delete_dest_index +---- + +====