Kibana Updates & Release Notes

Fixes

Alerting:

• Fixes empty rule type fields, such as kibana.alert.reason, on active alert documents when a delayed alert graduates to active during a flapping hold without an executor report. #266012

Dashboards and Visualizations:

• Fixes a critical validation failure that occurred when dashboard controls had null titles. Control titles are now converted to undefined during transforms, allowing validation to pass #268220.
• Fixes a regression where the dashboard remained locked in an open-flyout state after closing the ES|QL control edit flyout when editing an existing query-based control #267605.

Elastic Security solution:

For the Elastic Security 9.4.1 release information, refer to Elastic Security Solution Release Notes.

Original source

We now recommend that your Kibana instances have at least 2 GB of memory, especially when using Platinum or Enterprise Kibana features, and for production workloads.New Elastic Cloud Hosted deployments now default to 2 GB of RAM for each Kibana instance.

Features and enhancements

Alerting:

• Makes maximumCasesToOpen a runtime property #259255.
• Adds an auto-push case option to the case connector #249251.
• Exposes the maximumCasesToOpen parameter in the case action connection #247990.
• Adds additional workflow steps #256922.
• Alert deletion is now generally available #247465.

Elastic Agent Builder:

• Updates Test tool flyout to support datetime picker #249549.
• Simplifies the ES|QL test tool parameter types #249855.
• Exposes configuration_overrides in agent_builder/converse API #249256.
• Adds support for array parameter types in ES|QL tools #250386.
• Migrates the flyout to a sidebar #252918.
• Adds server-side support for user-created skills in Agent Builder #252493.
• Adds agent and tools RBAC sub features #254464.
• Agent Builder's default agent is no longer read-only and can now be customized per Kibana space #256333.
• Adds user-created skills to Agent Builder #252221.
• Allows Agent Builder to detect outdated attachments and lets users refresh them into the next message #257658.
• Allows ES|QL generation to search index patterns #253492.
• Allows agents to run one or more workflows before each execution, enabling prompt modifications or conditional abort #252452.
• Adds audit logging for agent and tool create, update, and delete actions #252143.

Connectivity:

• Adds support for the region parameter to the Bedrock Connector #252956.
• Adds a Jina Reader data source connector #247527.
• Adds a Jira Cloud data source connector #251345.
• Adds a SharePoint Online data source connector #251544.
• Adds a ServiceNow data source connector #252430.
• Adds a Microsoft Teams data source connector #252465.
• Adds a Tavily data source connector #252717.
• Adds a Google Calendar data source connector #252740.
• Adds a Slack data source connector #252972.
• Adds an Amazon S3 data source connector #253753.
• Adds a Salesforce data source connector #254303.
• Adds a Zendesk data source connector #254739.
• Adds a Firecrawl data source connector #255004.
• Adds a 1Password data source connector #255076.
• Adds a PagerDuty data source connector #255154.
• Adds a Zoom data source connector #255174.
• Adds a Figma data source connector #255322.
• Adds a Gmail data source connector #255565.
• Adds an AWS Lambda data source connector #256150.
• Adds a Confluence Cloud data source connector #256508.
• Adds a Google Cloud Storage data source connector #257374.
• Adds a SharePoint Server data source connector #258014.
• Adds a GitHub data source connector #258169.
• Adds an Azure Blob Storage data source connector #259439.
• Adds a GCP Cloud Functions data source connector #261277.
• Adds an AbuseIPDB data source connector #245421.
• Adds an AlienVault OTX data source connector #245421.
• Adds a GreyNoise data source connector #245421.
• Adds a Shodan data source connector #245421.
• Adds a URLVoid data source connector #245421.
• Adds a VirusTotal data source connector #245421.

Dashboards and Visualizations:

• A new Dashboard skill is now available in Agent Builder. This skill allows you to create and update dashboards through natural language chat, using the chat UI in Kibana, the Chat API, or the MCP server. Describe what you want to visualize and the agent builds a dashboard with ES|QL-powered visualizations. #261530.

• New API endpoints are now available in technical preview to manage your dashboards and visualization library. The Dashboards API gives you full read and write access to dashboards, including their panels, controls, sections, and display options. The Visualizations API lets you create and manage visualizations as standalone saved objects in the Kibana Visualizations library. #256302.

• Adds the ability to show and export Dashboard API JSON in a flyout #255382.

• Controls are now available as a panel type, allowing them to be freely placed anywhere in your dashboards #245588.

• Makes Contains the default search technique for options list controls #250992.

• Allows IP fields to be searched using CIDR notation in controls #250875.

• Extends the selectable area for dragging, collapsing and expanding sections to their entire header #258502.

• Allows dragging of opened collapsible sections #257191.

• Enforces panel limits on dashboards: up to 100 top-level items (panels, unpinned controls, and sections combined), up to 100 panels per section, and up to 100 pinned controls #256102.

• Makes the filter pills section collapsible #255887.

• Adds a grid size gauge while resizing panels #255363.

• Adds a borderless option to panel settings #255021.

• Adds library support for markdown panels #248779.

• Allows panels to be dragged while they're in focus for editing #251327.

• Redesigns the panel titles #251720.

• Refreshes the Dashboards app menu #246153.

• Adds a Discover session panel option to dashboards #256293.

• Editing an unlinked Discover session panel in a dashboard now saves changes back to that panel #250438.

• Filtering a field value in a Discover ES|QL session embedded in a dashboard now creates a DSL filter, consistent with how filtering works elsewhere #249357.

• Adds a tab selector to Discover session panels in Dashboards, with improved warning messages when a tab or data view can't be retrieved #252311.

• Adds ES|QL support to Vega visualizations #247186.

• Enables ES|QL multi-terms charts in Lens #244743.

• Allows filtering from legend actions when possible for ES|QL visualizations #248789.

• Suggests line charts for timeseries ES|QL queries (TS / PromQL) in Lens #252661.

• Retrieves variable types from the ES|QL query response #254436.

• Enables dashboard and URL drilldown for ES|QL charts #253223.

• Defaults the visualization type to line chart when the x-axis contains a timestamp, instead of a bar chart #253930.

• Adds a new optimized color palette for line charts #253437.

• Adds a Badge color option for table values in Lens, allowing cell values to be displayed as colored badges instead of text or background coloring #257408.

• Adds a new list legend layout for horizontal legends (top and bottom), offering a more space-efficient alternative to the grid layout. This is now the default for XY charts #257092.

• Adds sort order options for heatmap visualization axes #244696.

• Adds a middle position option for the primary metric styling settings of metric charts #260902.

• Improves tick labels for time-based X axes in ES|QL heatmap visualizations #259218.

• Improves datatable visualization performance for large datasets in Lens #256234.

• Enables fixed-width number formatting in Lens visualizations for cleaner alignment #251576.

• Introduces a Severity color palette in Lens color mapping #250198.

• Improves the badge colors for metric trend indicators in Lens #256255.

• Legend actions in Lens XY and Partition charts now only appear on hover #255616.

• Removes the font-weight configuration option from Lens Metric chart titles, defaulting to medium weight #254941.

• Updates axis title and label colors in Lens and dashboard charts to be less visually prominent #254587.

• Displays row numbers by default in Lens data tables #247834.

Data ingestion and Fleet:

• Allows remote Elasticsearch outputs and service tokens in Serverless #262101.
• Renames Cloud Connector to Federated Identity in the UX #261353.
• Adds support for monitoring OpenTelemetry (OTel) collectors in Fleet in technical preview. You can now add OTel collector agents using the Add > Collector (OpAMP) button in the Fleet UI #260654.
• Introduces support for version-specific policies in Fleet when integrations specify agent version requirements, ensuring agents receive only configurations compatible with their version #258796.
• Shows UI warnings for integrations with upcoming deprecations #257937.
• Resolves and merges templates listed in template_paths #257730.
• Adds permission verifier background tasks #257516.
• Installs package dependencies automatically #256700.
• Requests user review when auto-upgrading packages with deprecations #255273.
• Adds an out-of-the-box alerting rule template to freshly installed integrations for monitoring idle data streams #254730.
• Displays warnings for deprecated integration features #253923.
• Shows warnings in the UI when an integration is deprecated #251860.
• Allows Fleet to install integration-managed SLO templates for creating new SLOs #250369.
• Migrates input configurations when the migrate_from field is specified in the package manifest #242934.
• Updates the maximum supported package specification version to 3.6 #261362.
• Adds a new Alerting tab to the integrations UI for viewing and managing alerting-related assets #253948.
• Allows integration rollback when only some integration policies are upgraded #253646.
• Ensures the time series index mode is not enabled for input packages with non-metrics data streams #251205.
• Adds authentication fields to Elastic Agent binary download sources managed by Fleet for connecting to self-hosted artifact registries #250557.
• Improves memory usage during Fleet setup by deferring package reinstalls to async tasks #248235.

Discover:

• Redesigns the ES|QL editor footer in Discover: removes the row limit and timestamp indicators, and adds query run statistics #244284.

• Adds a fields browser to the ES|QL editor in Discover #252749.

• Adds a layout toggle to show or hide the data table in Discover, with the state persisted in the URL #259083.

• Adds a grouped view in Discover for ES|QL queries that use STATS ... BY with a single grouping field. A new toolbar selector lets you pivot by that field or switch back to the standard table view. #220119.

• Converts DSL filters to ES|QL when possible when switching to ES|QL mode #259260.

• Persists the query mode (ES|QL or classic) to local storage so that the next sessions open with the last mode used #250388.

• Shows Streams field descriptions in the ES|QL editor and field sidebar #260582.

• Filters from the top-level ES|QL WHERE clause now propagate into per-metric charts in the Discover metrics grid #249103.

• Adds support for visualizing tdigest and exponential_histogram histogram metrics in the Discover metrics grid #249269.

• Hides the data table by default when the metrics-specific Discover experience is triggered #260607.

• Adds the ability to restore recently closed tab groups #253365.

• Hovering over an entry in the recently closed tabs menu now shows a preview of what the tab contained #246973.

• Moves the inspector menu item to the tab menu #258767.

• The chart interval is now saved with Discover sessions and restored when reopening them #246426.

• Adds notifications for background search completion #249857.

• Adds a Save Discover table to dashboard option #259626.

• Adds default table columns for indexes and views with a small number of fields #255292.

• The doc viewer flyout now stays open when switching between Discover tabs and remembers which tab (such as Table or JSON) was active in each #246612.

ES|QL editor:

• Adds PromQL support in Kibana through ES|QL #249854.

• Adds support for the USER_AGENT command #261314.

• Adds support for the MMR command #257208.

• Adds autocomplete and validation support for the approximate setting in the ES|QL editor #248946.

• Adds support for KQL syntax to the quick search option #247224.

• Adds autocomplete to the KQL function #249510.

• Adds support for unmapped fields #248606.

• Adds support for timezone handling #247917.

• Makes the FORK command generally available #261904.

• Makes the RERANK command generally available #252242.

• Redesigns the ES|QL editor interface #251223.

• Adds a data source browser to the ES|QL editor #251897.

• Adds support for ES|QL views to the editor #261907.

• Adds ES|QL query statistics to the editor #251029.

• Improves ES|QL editor autocomplete for full-text search functions: MATCH_PHRASE's second argument now only suggests literal values, and FTS functions are excluded from EVAL suggestions except inside SCORE() #247003.

• Improves line commenting in the ES|QL editor to match standard IDE conventions #254851.

• Improves query pretty printing #257440.

• Adds an ES|QL indentation shortcut to the editor #247234.

• Simplifies the Run and Cancel button states in the ES|QL editor #254121.

• Highlights multiple word occurrences in search results #258764.

Elastic Observability solution:
For the Elastic Observability 9.4.0 release information, refer to Elastic Observability Solution Release Notes.
Elastic Security solution:
For the Elastic Security 9.4.0 release information, refer to Elastic Security Solution Release Notes.
Kibana platform:

• In container deployments, automatically sets the Node.js heap size to 60% of available memory, up to a maximum of 4096 MB, when no heap size is explicitly configured #246073.
• Adds a feedback button to Kibana's header #225074.
• Remembers the pagination state when navigating back from an edit on the Users page, instead of always returning to page 1 and resetting the search #261152.
• Distinguishes between session idle timeouts and session lifespan timeouts #252779.
• Improves Index Management index list load performance on large clusters with many indices #246276.
• Adds a Query Activity page under Stack Management for viewing and canceling long-running queries #253216.

Machine Learning:

• Updates Security ML jobs to use entity analytics fields for host and user fields #255339.
• Adds a link to manage anomaly detection jobs in the Machine Learning left navigation #260605.
• Anomaly detection now automatically closes the job when stopping a datafeed #259603.
• Adds aria labels to anomaly detection job wizard combo boxes #258509.
• Updates the v3_rare_process_by_host_windows bucket span to two hours #255855.
• Changes the rare process by host Windows job bucket span from 15m to 4h #255385.
• Adds a new single APM Correlations endpoint for latency and failed transactions #254607.
• Adds Gemini 2.5 Flash Lite, Claude 4.5 Haiku, and Claude 4.6 Sonnet preconfigured connectors #253109.
• Adds a dynamic default connector in GenAI settings #252861.
• Adds a zoom in button to the date picker #252252.
• Adds Anthropic Claude Opus 4.6 preconfigured connector #252177.
• Uses the location field to correctly set provider config in AI/Inference Connector creation #250838.
• Adds the proxy URL setting for product documentation artifact #250771.
• Adds new preconfigured connectors #249379.
• Moves the results view buttons closer to the job selection controls in Anomaly Detection #249261.
• Adds missing ES|QL commands and functions documentation for inference tasks #249089.
• Enhances model memory estimation for supplied configurations in anomaly detection #248479.
• Adds the timeout parameter to InferenceChatModel #248326.
• Adds time window buttons to the date picker #248142.
• Adds a button to synchronize saved objects in trained models #247691.
• Refreshes the Overview page #247573.
• Marks 429 errors as user errors in Inference/AI Connector #246640.
• Opens matching pattern docs in a new Discover tab #245695.

Search:

• Adds warnings to the Feature Settings page for models that are invalid #262262.
• Deprecates search indices in favor of index management #260210.
• Adds a Models page for inference management #259374.
• Adds a Model Settings UI for inference endpoint assignments #258871.
• Sets Jina v5 as the default inference endpoint for semantic_text fields when it's available #257464.
• Adds an AI assistant-led onboarding option to the Elasticsearch getting started page #255192.
• Automatically creates AI connectors for Elastic Inference Service chat completion endpoints when they are added #254826.
• Adds sorting capabilities to the Inference Endpoints table, allowing users to sort by Endpoint, Service, Type, or Model using a dropdown or by clicking column headers #252189.
• Adds a summary stats bar to the Inference Endpoints page displaying counts for Services, Models, Types, and Endpoints #251558.
• Adds a copy-to-clipboard button for inference endpoint names in the Inference Endpoints management page #251494.
• Improves the External Inference page by hiding the Elasticsearch service provider from the Add Inference Endpoint flyout, since Elasticsearch endpoints are managed internally #261851.
• Adds a model detail flyout with endpoint management #260307.
• Reduces search latency by switching to long-polling when HTTP/2 multiplexing is available, eliminating unnecessary wait times #256564.
• Improves the Inference Endpoints management page by adding a view to group by service #254296.
• Improves the Inference Endpoints management page by adding a view to group by models, making this the default view #252984.
• Consolidates Type, Preconfigured, and Tech Preview badges under the endpoint name and removes the dedicated Type column in the inference endpoints table #252621.
• Improves AI connector setup by auto-populating the model field with recommended defaults #250506.
• Improves the inference endpoints page by adding a Model column and enabling search by model name #249779.
• Adds descriptions to the semantic_text field inference endpoint select #249265.
• Fixes layout instability in the inference endpoint selector when endpoint names are long #247417.
• Displays the API key tab if the user has permission, and hides it for users without API key management permissions #246979.
• Updates the Search homepage design #246777.

Workflows:

• Adds import and export features for workflows #257976.
• Adds the workflows.executionFailed trigger so you can run workflows when another workflow fails. Use it to send notifications (for example, Slack), run cleanup, or trigger retries #257633.
• Adds a server-side workflow validation endpoint #254502.
• Makes the manual run API public #253010.
• Whitelists Streams APIs as Kibana workflow steps #252068.
• Adds the entries Liquid filter for iterating over object keys #259249.
• Adds cases workflow steps #253119,#256922.

Fixes

Alerting:

• Fixes an issue where Stack alerts sent recovery notifications but remained active in Kibana instead of transitioning to recovered #261012.
• Fixes stale uiamApiKey leaking through object spread in rule updates #263887.
• Fixes OpenAPI alerting rule params schemas missing accepted keys for burn-rate windows and Elasticsearch query sourceFields #263634.
• Fixes an index template update failing due to system-managed fields #262534.
• Adds the application/x-zip-compressed MIME type as an accepted value for cases file attachment #262414.
• Fixes alert recovery targeting the wrong document when multiple lifecycles exist for the same instance ID #261012.
• Fixes cloneRule leaking source rule API keys to cloned rules #260549.
• Fixes incremental_id drift issues #258789.
• Fixes Webhook Connector accessTokenUrl validation #258290.
• Fixes additional fields not being included #257625.
• Fixes a discrepancy between tracked alerts and alerts in task state #257235.
• Fixes a problem generating a report with multi-page Canvas workpads #255022.
• Fixes a blank page appearing at the end of PDF exports when using the Print format option with an even number of dashboard visualizations #254957.
• Fixes an error not being caught from scheduleUnusedUrlsCleanupTask() #254574.
• Fixes a bug with PagerDuty where setting the Custom details field causes rules to fail #253683.
• Improves error handling within the content stream code for multiple reporting attempts #252982.
• Fixes rule execution failing due to null execution UUIDs #252618.
• Improves handling of 204 responses #251090.
• Fixes timestamp override for ES|QL CSV scheduled reports with relative time ranges #248169.
• Fixes Failed to check if maintenance windows are active error #261048.
• Updates total_event in the Elasticsearch document when attaching an event #247996.
• Encodes the search term in the cases page #247992.
• Adds max character validation to the email connector params and config #246453.
• Fixes the wrong time zone being applied when a CSV report has a local date comparison #244405.

Connectivity:

• Fixes defaultModel not being injected for the Other OpenAI provider on run and test sub-actions #260747.
• Fixes MCP connectors ignoring the proxy and SSL configuration from the actions plugin #255813.
• Adds the datasource name to the namespace to allow creating multiple sources of the same type #249123.

Dashboards and Visualizations:

• Fixes an issue that could prevent a dashboard from showing its latest saved state #262695.
• Prevents a false positive warning about unsaved changes when sharing a dashboard while in View Mode #261051.
• Fixes regressions for space-relative links and same-window target #260782.
• Improves ES|QL suggestions logic in Lens #258475.
• Adjusts scroll behavior when dropping a panel to a new position #258445.
• Fixes screen reader announcements when entering full screen mode on a dashboard #258230.
• Fixes an issue with logic for detecting unsaved changes for dashboards in non-default spaces #257762.
• Fixes an issue where visualizations stayed focused after closing the variables editor flyout #257263.
• Fixes Add from library adding incorrect embeddable state #257261.
• Fixes dashboard panels getting stuck in infinite loading state after an error instead of showing error messages #257188.
• Fixes an issue where editing a library visualization would correctly save changes but visually show its previous saved state in dashboards referencing that visualization until the page was refreshed #256984.
• Stops adding a default title when creating ES|QL charts in Lens #256475.
• Fixes the pinned state for variable (ES|QL) and range slider controls #256035.
• Fixes timeFilter's quick mode in Maps stored state, that could prevent maps from loading #255178.
• Fixes an issue where saving a dashboard included access control features when a user profile, which is required for access control, was not available #255065.
• Fixes an issue occurring when saving a map containing filters #253537.
• Fixes configuration panel scrolling in the Lens editor when the content exceeds available height #253247.
• Changes dashboard background color to white #253068.
• Changes the default height of link panels to 2 rows #252707.
• Fixes the library annotation group not syncing across panels after an update in Lens #252640.
• Fixes KQL character escaping when a query is generated from the Top values column (breakdown) in Lens #250925.
• Fixes an issue where PDF/PNG reports are cut off at the end when a dashboard has a markdown panel #249644.
• Limits variable suggestions to variables within scope #248365.
• Re-fetches control options when the timerange changes #248068.
• Fixes link color contrast in Lens data tables #247721.
• Removes | LIMIT 10 from the ES|QL panel in dashboards when creating a visualization in Lens #247427.
• Fixes compound filters showing unsaved changes on dashboard load #247309.
• Increases default top values from 3 or 5 to 9 categories in Lens #247015.
• Fixes the handling of a quote as a dead key #246773.
• Fixes an issue where embeddables cannot load when no references are provided #257779.
• Fixes runtime_mappings being ignored or overridden in Vega visualization data requests #253560.
• Changes the Gauge chart default color palette to the status palette #246734.

Data ingestion and Fleet:

• Fixes package policy count filters: uses NOT latest_revision:false instead of latest_revision:true #263717.
• Disables the output selector for managed policies in the package policy edit form #263494.
• Fixes permissions for spanevents stored in logs data streams #263415.
• Handles compressed responses from Elasticsearch #262394.
• Fixes the table sorting announcement for accessibility #262226.
• Fixes the learn more focus for accessibility #261902.
• Fixes Define as JSON announcement for accessibility #261896.
• Fixes the pipelines table row index announcement for accessibility #261369.
• Includes input_output in inference
  processor #260517.
• Fixes the selected log level when there is a policy override #259425.
• Avoids icon announcement duplication for accessibility #259185.
• Fixes processors accessibility announcements #259096.
• Adds version-specific policies telemetry #259031.
• Fixes space-awareness for Fleet bulk agent actions (unenroll, upgrade, reassign to policy) #258582.
• Fixes an auto upgrade bug when upgrading agents in other policies interfered with the calculation #258387.
• Validates generated OpenAPI output #258267.
• Fixes package policy creation failing with a data_stream.type validation error for input-only integrations that use dynamic signal types, such as OpenTelemetry collector packages #258143.
• Improves error handling in debug API #258115.
• Fixes the unenroll task and adds an FTR test #255726.
• Fixes the incorrect installation of assets #254923.
• Filters out unenrolled agents in the cleanup policy revisions task #254899.
• Fixes an issue where an agent rolled back after an upgrade could not be upgraded again in the Fleet UI #253850.
• Fixes a TypeError when an integration has no SVG icons #251308.
• Adds back support for generating a CSV report of Fleet agent data in serverless environments #247185.

Discover:

• Fixes the date picker showing empty when switching from KQL to ES|QL #261175.
• Fixes a tab URL state leak when leaving Discover #262929.
• Resets the time field when the updated index pattern does not have it #262001.
• Resets the default profile state when transitioning between tab modes #255226.
• Makes matches cells expandable for long field filter matches #255093.
• Fixes URL, Badge, Color, and other field formatters incorrectly rendering fields with missing or null values #251892.
• Fixes filtering out null values from the Discover histogram legend in ES|QL mode #249302.
• Fixes Search entire time range for date nanos #248495.
• Prevents doc viewer flyout tabs from unnecessarily re-mounting on query refresh #248203.
• Fixes dropdown menus staying open when switching tabs #247836.
• Makes static-lookup formatter work with aggregated boolean fields #249311.
• Adds a check to ensure ES|QL is valid before matching the Metrics profile #248917.
• Prevents losing draft queries when switching tabs #247968.
• Fixes an issue where quickly opened tabs could not complete loading #246941.
• Fixes the default app state handling when detecting unsaved changes #246664.

ES|QL editor:

• Fixes ES|QL multi-value filtering with STATS #260998.
• Fixes STATS generated columns with inline WHERE #260196.
• When no local indices are available, the ES|QL query suggestion now correctly considers remote indices #257340.
• Fixes ES|QL variable controls not displaying server-side errors in the editor #263020.
• Fixes autocomplete fetches piling up without cancellation when typing rapidly in the ES|QL editor #255664.
• Fixes incorrect validation of the TS (time series) command #253635.
• Fixes some GROK patterns not being recognized, which caused columns to appear as unknown #246871.
• Aborts in-flight long-running queries for ES|QL controls #254487.
• Fixes incorrect KQL bar results for some indices #254119.

Elastic Observability solution:
For the Elastic Observability 9.4.0 release information, refer to Elastic Observability Solution Release Notes.
Elastic Security solution:
For the Elastic Security 9.4.0 release information, refer to Elastic Security Solution Release Notes.
Kibana platform:

• Sets auto_expand_replicas to fix yellow health on single-node Elasticsearch clusters #263096.
• Allows space color to be cleared, falling back to default #261826.
• Fixes the data stream and indices duplication for accessibility #261786.
• Fixes an incorrect announcement for accessibility #261603.
• Announces policy button with distinguishable names for accessibility #261313.
• Prevents duplicate Leave without saving? modal on solution view cancel #260958.
• Fixes inactive component template row focus and badge accessibility labels #260719.
• Fetches the last available version #259798.
• Fixes the Stack Monitoring shard legend not showing node placement #257854.
• Fixes Stack Monitoring Elasticsearch nodes CPU usage sorting #257852.
• Fixes an issue where the Kibana JSON logger could print a JSON object with a large number of numbered keys #256233.
• Resolves an issue with the spaces list displaying No spaces match text on load #255654.
• Adds waitFor for the privilege button #255094.
• Fixes the embeddable console auto-closing on chrome/overlay clicks #253382.
• Fixes a problem loading the doc count in index management when viewing larger page sizes with long index names #252422.
• Fixes share feature rounding #251073.
• Handles paging through more than 10,000 API keys #250826.
• Fixes Stack Monitoring Recent Log Entries timestamps to respect Kibana's time zone setting (dateFormat:tz) #249016.
• Fixes an issue with share modal where all time ranges were being shared as absolute #248804.
• Fixes createAuditEvents always returning failure as outcome #247152.
• Fixes the monitoring breadcrumbs for the solution view #249751.

Machine Learning:

• Ensures the single metric chart shows anomaly actions correctly in Anomaly Explorer #263925.
• Formats time_of_day / time_of_week values in anomaly detection alerting rule notifications and results preview #261034.
• Fixes the anomaly swim lane embeddable refresh in Anomaly Detection #259962.
• Fixes a jobs list console error in Data frame analytics #258591.
• Disables start and update deployment actions for Rerank models in trained models #257400.
• Fixes the field statistics saved search not updating when the dashboard changes filter #257241.
• Fixes the update of the job rules flyout in Anomaly Detection Single Metric Viewer #257196.
• Fixes screen reader announcements for flyouts #256409.
• Improves Smart Grouping performance and re-enables it in Log rate analysis #253704.
• Fixes headings in Log rate and pattern analysis and Change point detection for accessibility #253266.
• Fixes the today and this week filters for Log Rate and Pattern Analysis embeddables #252925.
• Fixes the file size limit check in file upload #251515.
• Fixes occasional file preview corruption in file upload #250532.
• Fixes word break in Anomaly Detection page titles #250058.
• Passes abort signal to Elasticsearch in file upload #249623.
• Updates the Packetbeat DNS tunneling datafeed to include runtime mappings #249317.
• Fixes counter metric fields being missing in the Anomaly detection dropdown #248187.
• Fixes broken Data Visualizer and AIOps navigation breadcrumbs and sidebar in solutions #248167.
• Disables ES|QL field stats for TS command #247641.
• Fixes the display of the map view for small screen sizes in Data Visualizer #247615.
• Fixes an anomaly chart empty query bug #246841.
• Fixes deanonymization offset drift and adds regression coverage #256112.
• Improves anonymization error messages when the NER model is not available #247696.
• Adds a refusal field to assistant conversations #243423.

Management:

• Fixes the code box stale announcement for accessibility #261921.
• Announces data streams stats toggle change for accessibility [#261911](https://github.com/elastic/k

Original source

Features and enhancements

Elastic Observability solution:

For the Elastic Observability 9.3.4 release information, refer to Elastic Observability Release Notes.

Elastic Security solution:

For the Elastic Security 9.3.4 release information, refer to Elastic Security Release Notes.

Kibana platform:

• Remembers the pagination state when navigating back from an edit on the Users page, instead of always returning to page 1 and resetting the search #261152.

Fixes

Alerting:

• Adds the application/x-zip-compressed MIME type as an accepted value for case file attachments #262414.
• Fixes the "Failed to check if maintenance windows are active" error #261048.

Data ingestion and Fleet:

• Fixes YAML file downloads being truncated at the first # character by properly URL-encoding the content #264083.
• Fixes package policy count filters to correctly identify non-latest revisions #263717.
• Only auto-installs content packages that are newer than the installed version #262509.
• Fixes Fleet Server diagnostic bundles failing to download when elasticsearch.compression is enabled #262394.
• Fixes missing sort-state announcements for screen readers in the Ingest pipelines list #262226.
• Fixes focus management for the Learn more link #261902.
• Fixes screen reader announcements for the Define as JSON toggle #261896.
• Fixes screen readers announcing duplicate row indices in the Ingest pipelines list #261369.
• Fixes the inference processor form to accept the input_output configuration shape #260517.
• Fixes screen readers announcing icon labels twice in the Ingest pipelines list #259185.
• Fixes screen readers incorrectly combining button announcements on the Create Pipeline page #261603.

Data management:

• Fixes stale screen reader announcements in code boxes #261921.
• Fixes the transforms detail summary to show all source_index entries when source_index is an array #261875.
• Fixes screen readers announcing search template options twice #261585.
• Fixes screen readers announcing duplicate row indices on the data streams table #261366.
• Fixes screen readers announcing icon labels twice in the Edit policy flyout #261324.
• Fixes screen readers announcing policy actions tooltip text twice in the index lifecycle policies list #261322.
• Fixes screen readers announcing copy button labels twice #261311.
• Fixes screen readers announcing grey color badge text twice in the transforms list #261307.
• Fixes screen readers not announcing invalid field validation errors #260673.

Discover:

• Resets the time field when the updated index pattern does not include it #262001.
• Fixes ES|QL multi-value filtering with STATS #260998.

Kibana platform:

• Adjusts the API Key flyout width #263858.
• Allows space colors to be cleared, falling back to the default #261826.
• Fixes screen readers announcing data stream and index options twice in the Create policy and Restore snapshot selectable lists #261786.
• Fixes policy buttons to have distinguishable names for screen readers #261313.

Machine Learning:

• Fixes the single metric chart in Anomaly Explorer not showing anomaly actions correctly #263925.
• Updates the hono and @hono/node-server dependencies #263794.
• Fixes execution tree clipping when foreach has many iterations #253576.

Original source

Fixes

Alerting

• Fixes Webhook Connector accessTokenUrl validation #258290.

Dashboards and Visualizations

• Adjusts scrolling when you drag and drop a dashboard panel to avoid jumping #258445.
• Fixes Canvas library embeddables failing to load when savedObjectId is present without saved object references #257779.
• Fixes a race condition in the dashboard backup service and removes unnecessary error toasts #257762.
• Fixes Add from library in Canvas creating incorrect embeddable state #257261.
• Fixes Lens panels appearing to revert after inline edits until you refresh the page, even though changes are saved #256984.

Data ingestion and Fleet

• Improves screen reader announcements and focus when moving processors in the ingest pipeline editor #259096.
• Fixes Fleet bulk agent actions (unenroll, upgrade, reassign to policy) not respecting the current space when selection uses a kuery filter #258582.
• Fixes automatic agent upgrades stopping early with “target percentage already reached” because agents upgrading in other policies are also counted #258387.

Data management

• Restores keyboard focus to the Create a transform button on the Transforms page #258095.
• Enhances screen reader notifications for bulk actions in Index Management tables, providing live announcements when the bulk actions menu becomes visible or hidden #257089.

Elastic Observability solution

For the Elastic Observability 9.3.3 release information, refer to Elastic Observability Solution Release Notes.

Elastic Security solution

For the Elastic Security 9.3.3 release information, refer to Elastic Security Solution Release Notes.

Elasticsearch solution

• Fixes the query rules UI rejecting case variants as duplicate values #259506.
• Fixes only passing filtered rules to the API and deleting rules not matching the filter in the Query Rule Set editor #259503.
• Prevents creating incompatible inference endpoints when adding a semantic_text field in the Index Management mappings editor #256586.

Machine Learning

• Fixes the anomaly swim lane dashboard panel not refreshing #259962.
• Fixes a console error when opening the data frame analytics jobs list #258591.
• Adds aria labels to job wizard combo boxes #258509.

Original source

The 9.3.2 release contains fixes for potential security vulnerabilities. Check our security advisory for more details.

Features and enhancements

Elastic Security solution:
For the Elastic Security 9.3.2 release information, refer to Elastic Security Solution Release Notes.

Connectivity:

• Adds Gemini 2.5 Flash Lite, Claude 4.5 Haiku, and Claude 4.6 Sonnet models to preconfigured connectors #253109.

Fixes

Elastic Agent Builder:

• Fixes a bug in the platform.core.search tool and index_search tool type where nested fields were ignored when searching for matching documents #255914.
• Fixes MCP connectors ignoring the proxy and SSL configuration from the actions plugin (xpack.actions configuration property) #255813.

Alerting:

• Fixes a problem generating a report with multi-page Canvas workpads #255022.
• Fixes a blank page appearing at the end of PDF exports when using the Print format option with an even number of dashboard visualizations #254957.
• Improves handling of 204 responses #251090.

Dashboards and Visualizations:

• Fixes an issue where embedded panels in Canvas workpads could lose their saved object references, causing panels to fail to load #252191.
• Fixes the Add from library action adding incorrect embeddable state #257261.
• Fixes Lens transforms #257224.
• Fixes an issue where dashboard panels could get stuck in an infinite loading state after an error instead of showing error messages #257188.
• Fixes Maps failing to load when the stored time filter contained a quick mode value #255178.

Data ingestion and Fleet:

• Fixes the unenroll task and adds an FTR test #255726.
• Fixes incorrect installation of assets #254923.

Discover:

• Fixes glitchy rendering in the Attributes tab #255173.

Elastic Observability solution:
For the Elastic Observability 9.3.2 release information, refer to Elastic Observability Solution Release Notes.

Elastic Security solution:
For the Elastic Security 9.3.2 release information, refer to Elastic Security Solution Release Notes.

Kibana platform:

• Fixes the spaces list displaying No spaces match text on load #255654.
• Fixes the embeddable console auto-closing on chrome or overlay clicks #253382.
• Fixes an issue where the Kibana JSON logger could produce JSON objects with a large number of numbered keys #256233.

Kibana security:

• Adds waitFor for the privilege button #255094.
• Fixes an issue where saving a dashboard included access control features when a user profile was not available #255065.

Machine Learning:

• Fixes screen reader announcements for flyouts #256409.

Management:

• Improves name announcement in the index mode modal #256392.
• Fixes an issue in Dev Tools Console where syntax highlighting broke when queries contained accented or non-ASCII characters #255649.
• Fixes an issue in Dev Tools Console where closing nested braces broke syntax highlighting for subsequent elements #255426.

Search:

• Changes the Run in Console button type #256455.
• Fixes Search Playground routes to limit the maximum size of arrays #255881.
• Fixes focus behavior when there are errors in the connector flyout form #255770.
• Adds server-side API key generation #256083.

Original source

The 9.3.1 release contains fixes for potential security vulnerabilities. Check our security advisory for more details.

Features and enhancements

Data ingestion and Fleet

• Allows integration rollback even if all package policies are not on an upgraded version #253646.

Elastic Security solution

For the Elastic Security 9.3.1 release information, refer to Elastic Security Solution Release Notes.

Machine Learning

• Adds a dynamic default connector to GenAI settings #252861.
• Adds missing ES|QL commands and functions documentation for inference tasks #249089.

Fixes

Alerting and cases

• Fixes a bug with PagerDuty where setting the Custom details field causes rules to fail #253683.
• Adds external reference IDs to the attached documents check when a case is selected #253107.
• Fixes rule execution failing due to null execution UUIDs #252618.
• Improves handling of 204 responses #251090.

Connectivity

• Fixes AI Connector form fields incorrectly resetting to default values when cleared with backspace #251095.
• Updates connector description terminology to reference "pre-configured AI connectors" #250649.

Dashboards and Visualizations

• Fixes layer editor scrolling in the full Lens editor #253247.
• Fixes runtime_mappings being ignored or overridden in Vega specs when defined in data[].url.body #253560.

Data ingestion and Fleet

• Fixes an issue where an agent rolled back after an upgrade could not be upgraded again in Fleet UI #253850.

Discover

• Fixes handling of missing values #251892.

Elastic Observability solution

For the Elastic Observability 9.3.1 release information, refer to Elastic Observability Solution Release Notes.

Elastic Security solution

For the Elastic Security 9.3.1 release information, refer to Elastic Security Solution Release Notes.

Kibana platform

• Strips system-managed date fields from ingest pipelines before PUT requests #252579.
• Fixes Stack Monitoring breadcrumb when in solution view #249751.

Machine Learning

• Fixes "today" and "this week" filters for Log Rate and Pattern Analysis embeddables #252925.
• Fixes word break in Anomaly Detection page titles #250058.

Management

• Fixes autocomplete not working in embedded console #253306.
• Fixes an issue loading the doc count in index management when viewing larger page sizes with long index names #252422.
• Fixes a validation error for AI pipeline suggestions with empty grok patterns #251113.

Search

• Fixes homepage throwing errors when license level is below Enterprise #251484.
• Reduces background polling on the Index Details page to avoid unnecessary API requests #251446.
• Fixes links being visible on Search homepage when the user doesn't have access #251437.

Workflows

• Adds datemath support to the KQL evaluator #252840.

Original source

Features and enhancements

Elastic Agent Builder

• Elastic Agent Builder is now generally available. It is enabled by default in Elasticsearch solution environments, and you can opt in to Agent Builder and its AI Agent chat experience in Observability and Security solution environments. Learn how to get started.

Alerting

• Supports searching for report schedules by title and creator #243841.
• Provides fields for specifying cc and bcc recipients, the subject line, and the message for scheduled report email notifications #242922.
• Enables incremental human-readable case IDs #238555.
• Adds option to delete report schedules #238197.
• Alert cleanup is now generally available #247465.
• Adds search to the new Attachments tab in cases #246265.
• Adds support for searching rules by their actions' params using the API #246123.
• Scheduled reports are now generally available #245882.
• The Slack connector can now be configured to send messages to any channel using channel names #245423.
• Improves search on the case management page #245321.
• Adds option to enable disabled report schedules #244202.
• Disable flapping per rule - schema only changes #243855.
• Centralizes tabs for different attachement types under the new Attachments tab in cases #243708.
• Adds a date time picker to the cases management page to help you find cases that were created during a specific time range #243409.
• Adds option to edit report schedules #241928.
• Improves UI for specifying additional fields for IBM Resilient action #238869.
• Makes Agent ID the default observables type #238533.
• Adds kibana.alert.index_pattern to all Stack alerts. This change doesn't affect detection alerts #239450.

Connectivity

• Elastic will regularly be adding new AI models from 9.3 onwards which will appear as pre-configured AI connectors in Kibana. Refer to the Elastic Inference Service page for more details.
• Adds Groq to the list of available providers for the Inference/AI Connector and for Inference endpoint creation #244962.
• Introduces a Brave Search connector #245329.
• The webhook connector now supports the following HTTP request methods: POST(default), PUT, PATCH, GET, and DELETE #238072.
• Adds new preconfigured connectors and updates existing ones #242791.
• Adds a new temperature parameter to AI Connector and to OpenAI, Bedrock, and Gemini connectors #239806.
• Adds support for headers in the OpenAI integration #238710.

Dashboards and Visualizations

• Dashboards now support ownership and "write_restricted" mode. You can now keep dashboards publicly editable or in a write-restricted state until they are ready to be published, giving you more control over who can edit your dashboards, regardless of broader space permissions #224552.
• Adds support for chaining variable controls. You can now set up variable controls to depend on the values selected for another variable control #242909.
• Adds basic filtering support for interactions with ES|QL charts #243439.
• Removes the Supporting visualization section heading from the Primary Metric editor. All configuration options remain fully accessible in the same location under Appearance #245979.
• Reorganizes and renames color settings in the Primary Metric dimension editor. For numeric metrics, the "Color by value" and "Color mapping"/"Color" settings are now located under the "Background chart" field. The settings have been renamed as follows: "Color by value" is now "Color mode", and "Color mapping" is now "Dynamic color mapping" #243608.
• In dashboard visualization in-line editing and Lens workspace, the 'Appearance', 'Titles and text', 'Axis', and 'Legend' settings have been moved from a popover into a dedicated flyout panel #240804.
• Moves the Lens visualization toolbar from the workspace section to the configuration panel #239879
• Moves the Save as and Reset options under the top nav Save button when the dashboard is in edit mode #237211.
• The Lens configuration panel has been redesigned to display layers as tabs instead of vertically stacked panels. Layer actions (clone, remove, save) are now accessible through a menu in each tab, improving the editing experience when working with multiple data layers, annotations, and reference lines #235372.

Data ingestion and Fleet

• Enables integration knowledge generation by default and adds a UI setting that allows you to opt out of the integration knowledge indexing #245080.
• Enables rolling back integrations to the previously installed version #240761.
• Adds capability for rolling back a recent upgrade of a Fleet-managed Elastic Agent using Fleet UI or API #247398, #249416.
• Adds functionality for removing root privilege from Fleet-managed agents if applicable #237790.
• Adds Advanced Internal YAML Settings field to the agent policy settings UI #245819.
• Redesigns the Actions menu in Fleet, placing commonly used actions at the top level and organizing other actions into nested menus by use case #245174.
• Auto-migrates component templates to use type@lifecycle ILM policies during Fleet setup #243333.
• Adds a cleanup task that removes excess policy revisions from the .fleet-policies index #242612.
• Uses type@lifecycle ILM policies for new package installations #241992.
• Adds the xpack.fleet.experimentalFeatures config setting #238840.
• Adds a Show agentless resources toggle on the Fleet > Settings page for debugging and diagnostics #237528.
• Adds Fleet Server host authentication settings for Elastic Agent > Fleet Server SSL support #236959.
• Persists the state of filters in the agent list table while navigating within a session #228875.

Discover

• Discover now shows partial results after a search gets canceled #242346.
• Background search is now enabled by default in all environments #242105.
• Adds a “Copy as Markdown” option for selected results #245545.
• Optimizes performance by avoiding redundant requests when breakdown or chart interval changes #245523.
• Shows multi-fields in the document viewer by default in ES|QL mode #245890.
• Adds support for filtering multivalue fields by interacting with the results table in ES|QL mode #245554.
• Improves the lookup index editor interface available in ES|QL mode #244480.
• Improves the file upload section of the lookup index editor interface #244550.
• Saving an ES|QL query's visualization to a dashboard now brings any related controls along with it #237070.
• Updates the icon in the document viewer to add or remove a field in the main documents table #246024.

ES|QL editor

• Adds a Quick search functionality that helps you turn free-text inputs into ES|QL WHERE clauses #242123.
• Adds support for multi-value variables using MV_CONTAINS functions #239266.
• Adds inline suggestions to ES|QL queries #235162.
• Allows selecting field data type in the lookup index editor interface of the ES|QL editor #241637.
• Adds support for expressions in functions #236343.
• Improves computed suggestions for expressions #246421.
• Renders string-only suggestions for Like and RLike operators #244903.
• Improves validation and autocomplete suggestions for the CASE function #244280.
• Adds context-aware suggestion ordering with categorization #243312.
• Suggests adding curly braces after the WITH keyword for RERANK and COMPLETION commands #243047.
• Adds support for new exponential_histogram Elasticsearch field type #242748.
• Wraps the fork subcommands inside aparens node #242369.
• Improves the quality of context-based suggestions #241081.
• Adds autocomplete suggestions for expressions in LOOKUP JOIN commands #240735.
• Applies the breakdown field before applying time bucketing in STATS BY commands to preserve consistent sorting across buckets in ES|QL queries #239685.

Elastic Observability solution

For the Elastic Observability 9.3.0 release information, refer to Elastic Observability Solution Release Notes.

Elastic Security solution

For the Elastic Security 9.3.0 release information, refer to Elastic Security Solution Release Notes.

Kibana platform

• Adds buttons to the time picker component to quickly shift the selected time range backward and forward, and adds timezone information to the time picker popover #243020.
• Adds cross-tab syncing for recently used time ranges #242467.
• The defaultRoute advanced setting now controls the target of the Elastic logo link for spaces using a solution view #241571.
• The name of the deployment now appears in the navigation breadcrumb on Elastic Cloud Hosted #238078.
• Enforces the object_src 'none' directive in Kibana's Content Security Policy and introduces a new csp.object_src configuration option to control its behavior
• Containers now set the default Node.js heap to 75% of available memory up to a maximum of 4096 Mb. Previously, this was set to 50% #246073.
• Linux now supports the populate_file_data advanced option which enables entropy and header_bytes fields in file events #246197.
• Adds the ability to cancel file uploads #241297.

Kibana security

• The API keys management page now defaults to showing personal API keys only #245261.
• Adds a warning when deleting API keys currently used by alerting rules #243353.
• Adds the ability to specify the origin(s) of authentication providers that appear to users logging in to Kibana #239993.
• Enhances the error message to include detailed information about why a role is considered as malformed #239098.
• Removes the AI Assistants Settings privilege #239144.

Machine Learning

• Adds an optional timeout parameter to the Inference chat model #248326.
• Adds Security machine learning modules for GCP Audit and Azure Activity Logs #236849.
• Removes median line length anomaly detection categorization check #243827.
• Adds custom header support to inference endpoints creation UI #242187.
• Improves the layout for custom inference endpoint UI #241779.
• Adds an action to create an anomaly detection alerting rule #241274.
• Makes the machine learning update space APIs public #241109.
• Improves display of long fields values in top values list #241006.
• Adds the ability to narrow down the list of anomalies that the Anomaly detection rule looks for #240100.
• Adds feedback button to the Anomaly Explorer and Single Metric Viewer #239883.

Search

• When creating a new Elasticsearch solution project, you will now land on the Elasticsearch home page by default instead of the Create index page to get immediate access to relevant tutorials and educational content #237612.
• Adds a new getting started page within the Elasticsearch solution which offers hands-on feature tutorials. This page defaults as the initial destination for users creating a new Elasticsearch solution project #245311.
• Adds a clear confirmation when an element has been successfully copied using one of the available Copy buttons on the Elasticsearch solution home page #246090.
• Adds callouts and guided tours to Kibana's Elasticsearch solution UI on Elastic Cloud Hosted and Serverless to provide better introductions to Elastic Inference Service endpoints. You can dismiss callouts and tours, which will not reappear after dismissal #244626.
• Improves the Console UI to make key actions more intuitive. The Play button is now more prominent, a new Copy to language button provides quick access to export the selected command in your preferred coding language, and the context menu has been updated to allow you to set a default language preference #242487.

Workflows

• Elastic Workflows is now available in technical preview. Build YAML-based workflows to automate actions across Elasticsearch,Kibana, external systems, and AI. Workflows support manual, scheduled, and alert-based triggers, conditional logic, and integrations with existing connectors and Agent Builder. You must turn on the feature to get started. Refer to Set up workflows for more details.

Fixes

Alerting

• Fixes cases.total_event not showing the number of events attached to a case #247996.
• Encodes terms searched on cases management page #247992.
• Adds max character validation to the email connector params and config #246453.
• Fixes an issue that caused the Security alerts table to not update columns correctly when switching view mode #245253.
• Adds alert.consecutiveMatches to action context #244997.
• Fixes case submissions becoming stale #244543.
• Allows spaces in file paths for case observables #244350.
• Catches connector errors without interrupting the case creation flow #244188.
• Improves error messages for IBM connector #244012.
• Verifies the alert exists before muting #242847.
• Fixes auto-extraction in event bulk actions #242325.
• Fixes Alerts table pagination being stuck on rule details page #242275.
• Use real dimensions when taking a screenshot of {kib} layout #242127.
• Only takes tag changes into account when connector supports them #241944.
• Improves cases management table loading to prevent flashing #240155.
• Fixes missing announcements in case forms to improve accessiblity #240132.
• Adds manual focus to buttons for case actions to improve accessiblity #239504.
• Removes autoFocus to preserve proper focus when modal closed #239366.
• Fixes observables not being added to cases when auto-extract is turned on #239000.
• Updates nodemailer to to 7.0.9 #238816.
• Adds Jira's otherFields JSON editor to case creation flow #238435.
• Isolates the configuration parameters for the Tines connector to the server side #236863.
• Enables auto-extraction by default and adds user actions for case observable actions #236524.
• Separates sync alert and auto-extract updates in case activity #236519.
• Fixes the alert history chart background color in dark mode #246017.
• Fixes infinite loop issue in investigation guide editor #240472.
• Fixes missing fields when using combined filters with the ignoreFilterIfFieldNotInIndex advanced setting enabled #238945.

Connectivity

• Ensures that the "maximum tokens" parameter is passed as expected by the service for the Anthropic connector #241188.
• Removes the default fallback region for the Bedrock connector #241157.
• Ensures all authentication fields show up correctly for the AI Connector #240913.

Dashboards and Visualizations

• Cleans filters as they’re updated from Unified Search, adds extra cleanup for compound filters by removing undefined properties, and fixes unsaved badges appearing when dashboards with compound filters are loaded #247309.
• Uses Number.MAX_VALUE instead of Infinity for the default maximum height of a panel #243572.
• Fixes an issue where saving a dashboard after switching a Dashboard Link to an External Link caused the save function to throw an error #243134.
• Fixes the silence warnings by silencing error notifications in Discover and Dashboards and changing the built-in URL restore error to a console.warn #242788.
• Fixes a regression with print mode in Dashboard #242780.
• Fixes an issue with sync colors and sync tooltips being turned on by default for new dashboards. Now, those options are turned off by default for new dashboards #242442.
• Fixes an error with deselecting a "(blank)" option from an options list #242036.
• Fixes layout issues for Markdown embeddables in small dashboard panels using CSS container queries. When a markdown panel is shorter than 120px, the UI now adapts to a compact layout that maximizes usable space #240806.
• Labels in the Create index flow now render with the default Use vector tiles scaling as soon as label styling is applied (or after save), without requiring a scaling toggle #240728.
• Fixes an issue where users could not reset unsaved changes after enabling time restore and changing dashboard time range #239992.
• Fixes search session restoration issue #239822.
• Fixes an error in the Options list control when selecting a "(blank)" value #239791.
• Fixes an issue in the LensConfigBuilder that treated all dataview references the same, causing the UI to throw an error attempting to find an ad-hoc dataview that does not exist as a SavedObject #239431.
• Fixes an issue in the Lens Table that broke click to filter on table rows when any column is used as a formula #239222.
• Fixes metric color assignment when the breakdown and maximum options are defined in Lens #238901.
• Fixes an issue where ad-hoc data views were not providing suggestions in the global search bar #238731.
• Fixes an error in the Visualize Listing page in which an error in the visualization could cause the entire page to error. This improves the error handling to make it easier to identify which visualization is causing the problem in order to address it #238355.
• Fixes an issue where dashboards cannot be saved when a filter pill has a combined filter using OR or AND operations #237477.
• Fixes an issue where panels in sections are not displayed when opening the dashboard from a shared link #237382.
• Prevents a double fetch when panels would fetch data while controls were building filters and then fetch data again once controls filters are available #237169.
• Fixes color contrast for links in Lens #247721.

Data ingestion and Fleet

• Uses long expiration for agent auto-upgrade actions and scheduled upgrades #243443.
• Fixes auto-upgrade logic to retry upgrade action if agents are stuck in Updating state #243326.
• Adds retry behavior for /api/fleet/agents when transient issues with Elasticsearch are encountered #243105.
• Fixes Docker image in the Kubernetes manifest in the Add agent instructions #242691.
• Fixes an issue where some package icons were not loaded correctly #242406.
• Shows warnings on sync integrations UI when referencing other entities #241623.
• Adds the proxy SSL options to download sources if a proxy is selected #241115.
• Omits system properties when synchronizing ingest pipelines #241096.
• Fixes template_path asset selection for some integration packages #240750.
• Allows Fleet setup retries on start in all environments #240342.
• Fixes an issue where the uniqueness of agent policy names was not consistently enforced across spaces when name or space changes occurred #239631.
• Fixes ignore_above mapping for flattened fields #238890.
• Fixes a "package not found" error when skipping cloud onboarding for a prerelease package #238629.
• Fixes an issue where new package global variables were not included and stale variable references were not removed on integration policy upgrade #238542.
• Fixes an error that occurred when deleting orphaned integration policies #237875.
• Enables storing secrets in Fleet Server host config if Fleet Server is running at a minimum supported version #237464.
• Fixes MSI commands for installing Elastic Agent and Fleet Server #236994.

Discover

• Fixes an issue with the "Search entire time range" option that could exclude some results if the time field was set to date nanos #248495.
• Fixes an issue where document viewer tabs were unnecessarily re-mounting on every refresh, leading to degraded performance #248203.
• Fixes an issue causing query drafts to be lost when switching between tabs without running the query first in ES|QL mode #247968.
• Fixes an issue with ES|QL tabs not loading properly #246941.
• Fixes an issue in Discover where default app state could trigger unsaved changes in saved Discover sessions, such as default columns applied through the defaultColumns advanced setting #246664.
• Fixes an issue with Discover tabs that occurs when navigating to a different tab while the previous tab is still initializing #245752.
• Fixes truncation for longer text in the Discover table #241440.

ES|QL editor

• Displays the available options when editing an existing variable control #239315.
• Fixes unrecognized GROK patterns #246871.
• Fixes KEEP behavior in ES|QL when a query initially returns no results #239063.
• Adds FORK with KEEP/STATS in the transformational commands #240011.
• Fixes the autocomplete of timeseries sources after a comma #241402.

Elastic Observability solution

For the Elastic Observability 9.3.0 release information, refer to Elastic Observability Solution Release Notes.

Elastic Security solution

For the Elastic Security 9.3.0 release information, refer to Elastic Security Solution Release Notes.

Kibana platform

• Fixes the serialization of meta.error in JSON layouts. If it is an Error instance, only message, name, and stack are included. Other fields are no longer returned in the logs #244364.
• Fixes an issue in the component template creation flow where a new component template with @custom suffix in its name would lead to updating mappings of all unrelated data streams and cause a popup to appear asking to roll over conflicting ones #237952.
• Fixes privilege requirements when reindexing indices through the upgrade assistant. Previously, the "superuser" role was required. Now, "cluster: manage" and "all" privileges for the relevant indices are sufficient #237055.
• Fixes a case where the upgrade assistant would incorrectly warn about a node breaching the low watermark despite the max headroom setting #243906.
• Fixes createAuditEvents always returning failure as outcome #247152.
• Fixes "now" and mixed format date handling in the Share menu #245539.
• Fixes favicon CSS specifity #243351.
• Reduces re-renders on resize and items changes #239888.
• Fixes an issue with the files management flyout crashing #237588.
• Fixes infinite loading of roles on the Edit space page #242954.
• Reflects the value selected for the AI Assistants Visibility GenAI setting when opening AI Assistant from the header #239555.
• Fixes ECS-incompatible logs values #245706.
• Fixes an issue where clients authorized to a partial list of saved object types would circumvent the Saved Objects Repository's allowed types and could list hidden saved object types #244967.

Kibana security

• Fixes an issue where fields were not case-sensitive in Kibana's user interface for creating and updating roles, though fields are case-sensitive in Elasticsearch #246069.
• Fixes an issue preventing IDP-initiated login with multiple OIDC providers #243869.
• Introduces a separate error for empty login attempts with SAML and OIDC providers #237611.

Machine Learning

• Disables field statistics when using the ES|QL TS command in Data Visualizer #247641.
• Fixes display of Data Visualizer's map view for small screen sizes #247615.
• Fixes anomaly chart empty query issue #246841.
• Fixes creating new anomaly detection jobs from Discover sessions with no data view #246410.
• Ensures Anomaly detection result chart tooltips are always shown correctly #246077.
• Prevents clearing cell selections after hiding the alert's table popover in Anomaly explorer #244183.
• Optimizes and enables text field analysis in contextual insights for log rate analysis #244109.
• Ensures deleted text in the inference connector, AI connector, and inference endpoint creation forms is not sent as an empty string #244059.
• Fixes wizard for data view with runtime fields for data frame analytics #242557.
• Fixes import and improves validation for Anomaly detection and Data frame analytics jobs #242263.
• Ensures max tokens parameter is passed as expected during Anthropic endpoint creation #241212.
• Fixes index names causing incompatible cluster errors when product docs are installed for multiple inference IDs #240506.
• Ensures inference endpoints UI list loads when provider is custom #240189.
• Fixes layout of fields in machine learning overview and notifications pages #239113.
• Adds unique accessible labels for Show top field values buttons #237972.
• Fixes tool calling unavailable tools #237174.
• Improves trained models list performance #237072.
• Fixes partition field settings errors in the single metric viewer dashboard panel #237046.
• Prevents URL-like strings from being displayed as links in alerts #226849.
• Improves anonymization error messages when NER model is unavailable #247696.
• Adds table caption for empty top categories in logs category table #246041.
• Fixes broken Data Visualizer and AI Operations navigation breadcrumbs and sidebar in solutions #248167.
• Fixes counter metric fields missing in anomaly detection dropdown #153021.

Search

• Fixes an issue when running Elasticsearch with a Basic license, where you could encounter errors when updating index mappings, even when adding non-ML field types. Mapping updates now work as expected, while advanced semantic text features continue to require the appropriate license #248462.
• Disables 'API keys' button on the Elasticsearch home page when logged in with insufficient permissions #248072.
• Fixes the token count display showing "NaN" in Search Playground by preserving message annotations across the AI SDK v5 stream #246589.
• Fixes an issue with the API creation flyout size #244072.
• Fixes a case of keyboard focus getting trapped in pages using document preview #243791.
• Makes elser-2-elastic (ELSER in EIS) the default inference endpoint for adding semantic text fields. Refactors the SelectInferenceId component for clarity and stability, resolving a console warning and improving popover and flyout state handling #242436.
• Fixes Agents & Playground icons in the solution side navigation to render correctly when using dark mode #240475.
• Fixes visual issues in the data preview metadata popup when ID is too long. Adds a tooltip and copy button to improve user experience #239768.
• Fixes an issue in RAG Playground where invalid fields displayed red styling but no error messages. Error text now appears to help you identify and correct form issues #238284.
• Fixes an accessibility issue where resetting changes or removing all terms in the Synonyms panel was not announced by screen readers. VoiceOver users on Safari will now hear updates when terms are reset #237877.
• The Index management mappings editor now syncs model deployment status correctly. This fixes a case where users couldn't save semantic_text fields during deployment without forcing #237812.
• Fixes an issue where the retriever query copied from the "Search your data" JavaScript tutorial fails with a parsing_exception when passed through the query parameter in the Node.js Elasticsearch client. Retriever queries must be passed through the body parameter to ensure they are serialized correctly #237654.
• Adds refusal field to AI Assistant conversations #243423.
• Turns off custom suggestions on the embedded console #241516.
• Fixes an issue where form fields were resetting automatically when editing ingest pipeline settings #237509.

Original source