Release Notes


Breaking Changes

Elasticsearch compatibility

Compatibility with versions of Elasticsearch 7.6.2 and earlier is removed. Before you upgrade Siren Investigate, upgrade Elasticsearch to version 7.10.2 or later and upgrade Siren Federate to a compatible release.

This version of Siren Investigate introduces support for Elasticsearch 8.x releases with Elastic Stack Security for which a compatible version of Siren Federate exists.

In Elasticsearch 8, documents returned from search requests do not contain the _type field anymore. References to _type cause the field to be undefined. Remove _type references in the following:

  • Investigate scripts

  • Angular templates

  • Web service plugins

  • Custom plugins

  • Graph Browser lens scripts

Graph Browser lenses

In custom lens scripts:

  • The helper function executeEsSearch ignores the type argument.

  • If you use the helper function executeEsMget, remove _type references in the request payload.

Since Investigate still provides support for Elasticsearch 7.x , it considers a source field named _type in an Elasticsearch 8 document as a meta field.

Security fixes

  • The TLSv1 and TLSv1.1 protocols are no longer supported by Investigate.


  • Upgraded Node.js to version 16.18.1 to address CVE-2022-43548. For the full list of fixes, see the 16.18.1 changelog.

New features

  • Added the ability to manually create and configure aggregated relations in the Graph Browser instead of automatically finding all possible combinations.

  • Replaced the Graph Browser Sidebar selection table with a react EUI table.

  • Added a context menu to columns in the Graph Browser selection table.


  • Cloning a dashboard that uses a sub-search no longer causes some of the filters of the sub-search to appear.

  • Fixed a bug where the button to switch filter modes was not changing to the UI view if the query was complex. Added a modal with an explanation for the user.

  • Fixed a bug that caused the range slider position to not update after a new upper or lower bound was entered in the text box.

  • The year selector in the datepicker is now scrollable.

  • Fixed a visual bug that caused a line in the line chart to appear very thick.

  • The Advanced Settings input fields now accept 0 as a valid value.

  • Fixed a bug that caused multiple confirm messages when the user logs out.

  • Fixed a bug that caused the success message to be shown when the user cancelled a save operation.

  • Fixed a bug where some graph browser nodes that could not expand caused a failed request to Elasticsearch.

  • Fixed a bug where scroll search was called without index parameter, which in certain situations could cause migrations to fail.