Skip to content

Latest commit

 

History

History
227 lines (143 loc) · 9.38 KB

CHANGELOG.next.asciidoc

File metadata and controls

227 lines (143 loc) · 9.38 KB
Raw

Beats version HEAD

Breaking changes

Affecting all Beats

Auditbeat

Filebeat

  • Fixed error spam from add_kubernetes_metadata processor when running on AKS. 33697

Heartbeat

Metricbeat

Packetbeat

Winlogbeat

Functionbeat

Bugfixes

Affecting all Beats

  • Re-enable build optimizations to reduce binary size and improve performance. 33620

  • Fix namespacing for agent self-monitoring, CPU no longer reports as zero. 32336

  • Fix namespacing on self-monitoring 32336

  • Expand fields in decode_json_fields if target is set. 31712 32010

  • Fix race condition when stopping runners 32433

  • Fix concurrent map writes when system/process code called from reporter code 32491

  • Fix in AWS related services initialisation relying on custom endpoint resolver. 32888 32921

  • Keep orchestrator.cluster.name if kubeconfig is not returned in GKE metadata. 33418

  • Fix Windows service install/uninstall when Win32_Service returns error, add logic to wait until the Windows Service is stopped before proceeding. 33322

  • Support for multiline zookeeper logs 2496

Auditbeat

Filebeat

  • Fix httpjson input page number initialization and documentation. 33400

  • Add handling of AAA operations for Cisco ASA module. 32257 32789

  • Fix gc.log always shipped even if gc fileset is disabled 30995

  • Fix handling of empty array in httpjson input. 32001

  • Fix reporting of filebeat.events.active in log events such that the current value is always reported instead of the difference from the last value. 33597

  • Fix splitting array of strings/arrays in httpjson input 30345 33609

  • Fix Google workspace pagination and document ID generation. 33666

Heartbeat - Fix broken zip URL monitors. NOTE: Zip URL Monitors will be removed in version 8.7 and replaced with project monitors. 33723 - Fix bug affecting let’s encrypt and other users of cross-signed certs, where cert expiration was incorrectly calculated. 33215 - Fix broken disable feature for kibana configured monitors. 33293 - Fix states client support for output options. 33405 - Fix states client reloader under managed mode. 33405 - Fix bug where states.duration_ms was incorrect type. 33563

Auditbeat

Filebeat

Auditbeat

Filebeat

Heartbeat

Metricbeat

  • Fix GCP storage field naming 32806

  • in module/windows/perfmon, changed collection method of the second counter value required to create a displayable value 32305

  • Fix and improve AWS metric period calculation to avoid zero-length intervals 32724

  • Add missing cluster metadata to k8s module metricsets 32979 33032

  • Change max query size for GetMetricData API to 500 and add RecentlyActive for ListMetrics API call 33105

  • Add GCP CloudSQL region filter 32943

  • Fix logstash cgroup mappings 33131

  • Remove unused elasticsearch.node_stats.indices.bulk.avg_time.bytes mapping 33263

  • Add tags to events based on parsed identifier. 33472

  • Skip over unsupported filesystems in the system.filesystem metricset instead of failing immediately. Fix debug statement in system.fsstat metricset. 33646

  • Support Oracle-specific connection strings in SQL module 32089 32293

Packetbeat

Winlogbeat

Functionbeat

Elastic Logging Plugin

Added

Affecting all Beats

  • Beats will now attempt to recover if a lockfile has not been removed 33169

  • Add http.pprof config options for enabling block and mutex profiling. 33572 33576

  • Added append Processor which will append concrete values or values from a field to target. 29934 33364

Auditbeat

  • Add file parser processor to file_integrity module. 28802

  • Improve documentation for symlink handling behaviour in file integrity module. 33430

  • Ensure file integrity module watch paths are absolute. 33430

Filebeat

  • Add text/csv decoder to httpjson input 28564

  • Update aws-s3 input to connect to non AWS S3 buckets 28222 28234

  • Add support for '/var/log/pods/' path for add_kubernetes_metadata processor with resource_type: pod. 28868

  • Add documentation for add_kubernetes_metadata processors log_path matcher. 28868

  • Add support for parsers on journald input 29070

  • Add support in httpjson input for oAuth2ProviderDefault of password grant_type. 29087

  • threatintel module: Add new Recorded Future integration. 30030

  • Support SASL/SCRAM authentication in the Kafka input. 31167

  • checkpoint module: Add network.transport derived from IANA number. 31076

  • Add URL Encode template function for httpjson input. 30962

  • Add application/zip decoder to the httpsjon input. 31282 31304

  • Default value of filebeat.registry.flush increased from 0s to 1s. CPU and disk I/O usage are reduced because the registry is not written to disk for each ingested log line. 30279

  • Cisco ASA/FTD: Add support for messages 434001 and 434003. 31533

  • Change threatintel module from beta to GA. 31693

  • Add template helper function for hashing strings. 31613 31630

  • Add extended okta.debug_context.debug_data handling. 31676

  • Add auth.oauth2.google.jwt_json option to httpjson input. 31750

  • Add authentication fields to RabbitMQ module documents. 31159 31680

  • Add template helper function for decoding hexadecimal strings. 31886

  • Add new parser called include_message to filter based on message contents. 31794 32094

  • Allow iptables module to parse ulogd v2 TOS field in logs. 32126

  • httpjson input: Add toJSON helper function to template context. 32472

  • Optimize grok patterns in system.auth module pipeline. 32360

  • Checkpoint module: add authentication operation outcome enrichment. 32230 32431

  • add documentation for decode_xml_wineventlog processor field mappings. 32456

  • httpjson input: Add request tracing logger. 32402 32412

  • Add cloudflare R2 to provider list in AWS S3 input. 32620

  • Add support for single string containing multiple relation-types in getRFC5988Link. 32811

  • Fix handling of invalid UserIP and LocalIP values. 32896

  • Allow http_endpoint instances to share ports. 32578 33377

  • Improve httpjson documentation for split processor. 33473

  • Added separation of transform context object inside httpjson. Introduced new clause .parent_last_response.* 33499

  • Cloud Foundry input uses server-side filtering when retrieving logs. 33456

  • Add parse_aws_vpc_flow_log processor. 33656

  • Update aws.vpcflow dataset in AWS module have a configurable log format and to produce ECS 8.x fields. 33699

  • Modified aws-s3 input to reduce mutex contention when multiple SQS message are being processed concurrently. 33658

  • Disable "event normalization" processing for the aws-s3 input to reduce allocations. 33673

  • Add Common Expression Language input. 31233

  • Add support for http+unix and http+npipe schemes in httpjson input. 33571 33610

  • Add support for http+unix and http+npipe schemes in cel input. 33571 33712

  • Add decode_duration, move_fields processors. 31301

Auditbeat

Filebeat

Heartbeat

  • Add new states field for internal use by new synthetics app. 30632

  • Upgrade node to 18.12.0

Metricbeat

  • Add Data Granularity option to AWS module to allow for for fewer API calls of longer periods and keep small intervals. 33133 33166

  • Update README file on how to run Metricbeat on Kubernetes. 33308

  • Add per-thread metrics to system_summary 33614

  • Add GCP CloudSQL metadata 33066

Packetbeat

  • Add option to allow sniffer to change device when default route changes. 31905 32681

  • Add option to allow sniffing multiple interface devices. 31905 32933

  • Bump Windows Npcap version to v1.71. 33164 33172

  • Add fragmented IPv4 packet reassembly. 33012 33296

Functionbeat

Winlogbeat

Elastic Log Driver

Deprecated

Affecting all Beats

Filebeat

Heartbeat

Metricbeat

Packetbeat

Winlogbeat

Functionbeat

Known Issue