Kibana highlights

This list summarizes the most important enhancements in Kibana 8.1.

Find fields to visualize and learn more about the shape of your data with Field statistics. This view is similar to the Index Data Visualizer in Machine Learning. For details, check Explore the fields in your data.

Creating runtime fields is now easier and more reliable. Kibana has a shortcut for the field method when a script context supports the scripting fields API. This shortcut replaces field('fieldname').get(defaultValue) with $('fieldname', defaultValue). For more information, check Explore your data with runtime fields.

Before

if (!doc.containsKey('myfield') || doc['myfield'].empty) { return "unavailable" } else { return doc['myfield'].value }

After

$('myfield', 'unavailable')

Try the new Document Explorer, which helps you quickly sort, select, and compare data, resize columns, and view documents in fullscreen. The Document Explorer is in beta in 8.1.

Machine Learning visualizations now synchronize your cursor position with the visualization panels you create with Lens, TSVB, Timelion, and Aggregation-based editors. Highlight an anomaly in time and see a visual indication of this time on other panels. The reverse is also true—hovering in another editor highlights the same point-in-time in Machine Learning panels.

Create heatmaps in workpads using Canvas-only functionality to fetch data, such as Elasticsearch SQL. Configure your heatmap with flexible legend, axis, and visual controls.

Use the new Filter panel on any object to see which objects are filtering it. This helps you author your workpad with the right behavior.

Combine multiple fields with drag and drop to view the top combinations in Lens. You’ll find the combinations that contribute most to your metrics' performance.

Take advantage of the Elasticsearch rare terms aggregations in Lens and view the top values by rarity. You’ll find answers to "What’s not normal here?"

Use the gauge visualization to add extra context to your metrics. Show minimum and maximum values dynamically by using a quick function or custom formula, or set a static value for known metric ranges. Include a goal value to see if a metric is above or below the goal. Set color bands to show ranges visually—similar to reference lines in bar, line, and area visualizations. The gauge visualization is in technical preview in 8.1.

Add a mosaic visualization, also known as marimekko or mekko, for side-by-side comparison of two dimensions against a single metric. Treemaps and two-layered pies do this as well, but the mosaic can be more effective for visual comparisons by aligning the colors for the terms side-by-side. For the best mosaic visualizations, create with low cardinality dimensions. The mosaic visualization is in technical preview in 8.1.

Create proportional waffle visualizations, which make more efficient use of space than pie charts. Waffles are designed for square spaces, which aligns well with how most dashboards are created. Because waffles display the data in 1% blocks, they are best for low cardinality breakdowns, and are not recommended for small partitions. You might be surprised how small you can make a waffle visualization and maintain readability. The waffle visualization is in technical preview in 8.1.

Apply color to the text and background of metric visualizations based on the value of the metric. Set up color stops for multiple colors, similar to what you can do in Lens tables, heatmaps, and gauge.

Enable users with view-only dashboard privileges to sort data tables on the fly, similar to the existing visualization editor behavior.

Filter each part of your formula with KQL without copying or pasting to all the aggregations in the formula.

Configure the inner area size (or donut hole) in the donut visualization. The inner area is a smaller size by default to allow maximize space for labels. You can change this option in Lens.

Get back some vertical space in Lens and save on the query cost of suggestions by collapsing the Suggestions panel. Kibana remembers when you collapse your suggestions the next time you use the editor with the same browser.

The revised color stop editing experience offers a more streamlined way to specify what happens outside of the defined ranges (above and below the minimum and maximum). These revised controls also add the ability to evenly distribute color stops in one click. Look for the new functionality in Lens tables, heatmaps, metrics, and gauges.

Load shapefiles into Elastic with this simple but powerful uploader built right into the Maps application. Easily load local open data and boundaries for analysis and comparison.

All new polygon layers now enable Use vector tiles by default. Vector tiles offer the best performance and smooth zooming over the alternative methods. You can change the scaling options in layer settings if you prefer the previous approach.

8.1 contains a couple of enhancements on the machine learning UI. One of the enhancements helps the user interpret the results of their anomaly detection jobs and explore what else is happening around the time of an anomaly. In the anomalies table a drilldown link to Discover is automatically available to investigate the anomaly in the context of the source data. For the charts in the Anomaly Explorer, synchronized crosshair lines are provided on hover so that you can see what other anomalous behavior is occurring at a point in time.

The top navigation bar is now replaced with side navigation. The side navigation is collapsible, so views such as the Anomaly Explorer and Single Metric Viewer can benefit from being viewed at full width if desired.

You can now reset and re-run your transform from the beginning. Transform counters will be reset to zero and if the destination index was created by the transform it will also be deleted.

Other features previously only available to API users are also added to the UI for 8.1: the ability to configure an ingest pipeline to enrich the data persisted to the destination index, and the terms aggregation is available in the list of options when building the aggregations in the pivot transform wizard.

Maps introduces a new vector layer–you can add layers to your maps that display points or lines for the anomalies in your geographic data.

The new section at the top of the Cases view displays summary statistics for the case, such as total numer of alerts, and counts of associated users and hosts. The summarized information in the stats bar help the analyst to determine the priority of a case and indicate effectiveness.