Release Notes

You must upgrade to version 13.1 or later by April 30, 2023. After this date, earlier versions will completely lose graph functionality.


Bug fixes

  • Fixed a regression that caused long numbers to not render properly even when the support for long numbers is enabled in Advanced Settings through the siren:support-large-numbers property.

  • Fixed an issue that prevented users from adding child searches to Dashboard 360 graph builder.

  • Fixed a bug in sirenapi where a chart’s click handler would set the incorrect value to indicate which part of the chart was clicked.

  • Fixed a bug in sentinl that caused the to and from fields for email actions to not save correctly.

  • Fixed a bug that caused duplicate network requests to be sent when navigating to dashboards.

  • Fixed a bug that prevented the nested search selector panel being resized and repositioned by dragging.

  • Fixed an issue that prevented the global search panel reopening after dragging and dropping a record on a dashboard.

  • Fixed an issue on 360 dashboards that caused filters to be excluded from count queries in certain scenarios and the incorrect count to show.

  • Fixed an issue that caused the input control visualization to exclude the Include hours/minutes option in created filter labels.

  • Fixed a bug that did not save the dashboard selection when the graph browser configuration is edited.

  • Fixed an issue that made the death screen appear when opening graph browser with the expansion tab active.

  • Fixed a bug where nodes created by the node-to-edge lens were not being removed when disabling the lens.

  • Fixed an issue where a positive filter was being created when selecting the 'missing' bucket in the Tag Cloud visualization.

  • Fixed an issue with CSV exports that caused fields with a comma to export as two fields.

  • Fixed a bug that showed an empty table in the selection table when no fields are selected in the data model.


  • Improved an error message when the max number of buckets limit gets hit by possibly misconfigured aggregation.

  • Added the capability to add a custom name for the aggregation layer in Enhanced coordinate map visualization.

  • Moved dataspace ACL permission settings to a dedicated section.

  • Updated jquery package dependency from v3.6.0 to v3.6.3


Breaking Changes

Elasticsearch compatibility

Compatibility with versions of Elasticsearch 7.6.2 and earlier is removed. Before you upgrade Siren Investigate, upgrade Elasticsearch to version 7.10.2 or later and upgrade Siren Federate to a compatible release.

This version of Siren Investigate introduces support for Elasticsearch 8.x releases with Elastic Stack Security for which a compatible version of Siren Federate exists.

In Elasticsearch 8, documents returned from search requests do not contain the _type field anymore. References to _type cause the field to be undefined. Remove _type references in the following:

  • Investigate scripts

  • Angular templates

  • Web service plugins

  • Custom plugins

  • Graph Browser lens scripts

Graph Browser lenses

In custom lens scripts:

  • The helper function executeEsSearch ignores the type argument.

  • If you use the helper function executeEsMget, remove _type references in the request payload.

Since Investigate still provides support for Elasticsearch 7.x , it considers a source field named _type in an Elasticsearch 8 document as a meta field.

Security fixes

  • The TLSv1 and TLSv1.1 protocols are no longer supported by Investigate.


  • Upgraded Node.js to version 16.18.1 to address CVE-2022-43548. For the full list of fixes, see the 16.18.1 changelog.

  • Fixed CVE-2022-47543. Modification of non-dataspaced objects is now restricted to admins only.

  • Fixed CVE-2022-47544. Script editing is now restricted to admins only.

New features

  • Added the ability to manually create and configure aggregated relations in the Graph Browser instead of automatically finding all possible combinations.

  • Replaced the Graph Browser Sidebar selection table with a react EUI table.

  • Added a context menu to columns in the Graph Browser selection table.

Bug fixes

  • Cloning a dashboard that uses a sub-search no longer causes some of the filters of the sub-search to appear.

  • Fixed a bug where the button to switch filter modes was not changing to the UI view if the query was complex. Added a modal with an explanation for the user.

  • Fixed a bug that caused the range slider position to not update after a new upper or lower bound was entered in the text box.

  • The year selector in the datepicker is now scrollable.

  • Fixed a visual bug that caused a line in the line chart to appear very thick.

  • The Advanced Settings input fields now accept 0 as a valid value.

  • Fixed a bug that caused multiple confirm messages when the user logs out.

  • Fixed a bug that caused the success message to be shown when the user cancelled a save operation.

  • Fixed a bug where some graph browser nodes that could not expand caused a failed request to Elasticsearch.

  • Fixed a bug where scroll search was called without index parameter, which in certain situations could cause migrations to fail.

  • Fixed an issue about missing dependency that didn’t allow the i18n extract scripts to run successfully.