Skip to content

Latest commit

 

History

History
311 lines (207 loc) · 15.1 KB

CHANGELOG.next.asciidoc

File metadata and controls

311 lines (207 loc) · 15.1 KB
Raw

Beats version HEAD

Breaking changes

Affecting all Beats

Auditbeat

Filebeat

  • Fixed error spam from add_kubernetes_metadata processor when running on AKS. 33697

  • Metrics hosted by the HTTP monitoring endpoint for the aws-cloudwatch, aws-s3, cel, and lumberjack inputs are now available under /inputs/ instead of /dataset.

  • The close.on_state_change.inactive default value is now set to 5 minutes, matching the documentation.

Heartbeat

Metricbeat

Packetbeat

Winlogbeat

  • Corrects issue with security events with source IP of "LOCAL" or "Unknown" failing to ingest 19627 34295

  • Added processing for Windows Event ID’s 4797, 5379, 5380, 5381, and 5382 for the Security Ingest Pipeline 34293 34294

  • Added processing for Windows Event ID’s 5140 and 5145 for the Security Ingest Pipeline 34352

Functionbeat

Bugfixes

Affecting all Beats - Fix Windows service install/uninstall when Win32_Service returns error, add logic to wait until the Windows Service is stopped before proceeding. 33322 - Support for multiline zookeeper logs 2496 - Allow clock_nanosleep in the default seccomp profiles for amd64 and 386. Newer versions of glibc (e.g. 2.31) require it. 33792 - Disable lockfile when running under elastic-agent. 33988 - Fix lockfile logic, retry locking 34194 - Add checks to ensure reloading of units if the configuration actually changed. 34346 - Fix namespacing on self-monitoring 32336 - Fix race condition when stopping runners 32433 - Fix concurrent map writes when system/process code called from reporter code 32491 - Log errors from the Elastic Agent V2 client errors channel. Avoids blocking when error occurs communicating with the Elastic Agent. 34392 - Only log publish event messages in trace log level under elastic-agent. 34391 - Fix issue where updating a single Elastic Agent configuration unit results in other units being turned off. 34504 - Fix dropped events when monitor a beat under the agent and send its Host info log entry. 34599

  • Fix namespacing on self-monitoring 32336

  • Fix race condition when stopping runners 32433

  • Fix concurrent map writes when system/process code called from reporter code 32491

  • Fix panics when a processor is closed twice 34647

  • Update elastic-agent-system-metrics to v0.4.6 to allow builds on mips platforms. https://github.com/elastic/beats/pull/

Auditbeat

Filebeat - [Auditbeat System Package] Added support for Apple Silicon chips. 34433 - [Azure blob storage] Changed logger field name from container to container_name so that it does not clash with the ecs field name container. 34403 - [GCS] Added support for more mime types & introduced offset tracking via cursor state. Also added support for automatic splitting at root level, if root level element is an array. 34155 - [httpsjon] Improved error handling during pagination with chaining & split processor 34127 - [Azure blob storage] Added support for more mime types & introduced offset tracking via cursor state. 33981 - Fix EOF on single line not producing any event. 30436 33568 - Fix handling of error in states in direct aws-s3 listing input 33513 33722 - Fix httpjson input page number initialization and documentation. 33400 - Add handling of AAA operations for Cisco ASA module. 32257 32789 - Fix gc.log always shipped even if gc fileset is disabled 30995 - Fix handling of empty array in httpjson input. 32001 - Fix reporting of filebeat.events.active in log events such that the current value is always reported instead of the difference from the last value. 33597 - Fix splitting array of strings/arrays in httpjson input 30345 33609 - Fix Google workspace pagination and document ID generation. 33666 - Fix PANW handling of messages with event.original already set. 33829 33830 - Rename identity as identity_name when the value is a string in Azure Platform Logs. 33654 - Fix 'requires pointer' error while getting cursor metadata. 33956 - Fix input cancellation handling when HTTP client does not support contexts. 33962 33968 - Update mito CEL extension library to v0.0.0-20221207004749-2f0f2875e464 33974 - Fix CEL result deserialisation when evaluation fails. 33992 33996 - Fix handling of non-200/non-429 status codes. 33999 34002 - [azure-eventhub input] Switch the run EPH run mode to non-blocking 34075 - [google_workspace] Fix pagination and cursor value update. 34274 - Fix handling of quoted values in auditd module. 22587 34069 - Fixing system tests not returning expected content encoding for azure blob storage input. 34412 - [Azure Logs] Fix authentication_processing_details parsing in sign-in logs. 34330 34478 - Prevent Elasticsearch from spewing log warnings about redundant wildcard when setting up ingest pipelines. 34249 34550 - Gracefully handle Windows event channel not found errors in winlog input. 30201 34605 - Fix the issue of cometd input worker getting closed in case of a network connection issue and an EOF error. 34326 34327 - Fix errors and panics due to re-used processors 34761

Heartbeat

  • Fix panics when parsing dereferencing invalid parsed url. 34702

  • Fix broken zip URL monitors. NOTE: Zip URL Monitors will be removed in version 8.7 and replaced with project monitors. 33723

  • Fix integration hashing to prevent reloading all when updated. 34697

  • Fix release of job limit semaphore when context is cancelled. 34697

  • Fix bug where states.duration_ms was incorrect type. 33563

  • Fix handling of long UDP messages in UDP input. 33836 33837

  • Fix browser monitor summary reporting as up when monitor is down. 33374 33819

  • Fix beat capabilities on Docker image. 33584

  • Fix serialization of state duration to avoid scientific notation. 34280

  • Enable nodejs engine strict validation when bundling synthetics. 34470 with the ecs field name container. 34403 automatic splitting at root level, if root level element is an array. 34155

Heartbeat

Heartbeat

Auditbeat

Filebeat

  • Allow the misp fileset in the Filebeat threatintel module to ignore CIDR ranges for an IP field. 29949 34195

  • Remove incorrect reference to CEL ext extensions package. 34610 34620

Auditbeat

Filebeat

Heartbeat

Metricbeat

  • in module/windows/perfmon, changed collection method of the second counter value required to create a displayable value 32305

  • Fix and improve AWS metric period calculation to avoid zero-length intervals 32724

  • Add missing cluster metadata to k8s module metricsets 32979 33032

  • Add GCP CloudSQL region filter 32943

  • Fix logstash cgroup mappings 33131

  • Remove unused elasticsearch.node_stats.indices.bulk.avg_time.bytes mapping 33263

  • Fix kafka dashboard field names 33555

  • Add tags to events based on parsed identifier. 33472

  • Support Oracle-specific connection strings in SQL module 32089 32293

  • Remove deprecated metrics from controller manager, scheduler and proxy 34161

  • Fix metrics split through different events and metadata not matching for aws cloudwatch. 34483

  • Fix metadata enricher with correct container ids for pods with multiple containers in container metricset. Align kubernetes.container.id and container.id fields for state_container metricset. 34516

  • Make generic SQL GA 34637

Osquerybeat

Packetbeat

Winlogbeat

  • Fix handling of event data with keys containing dots. 34345 34549

  • Gracefully handle channel not found errors. 30201 34605

  • Clarify query term limits warning and remove link to missing Microsoft doc page. 34715

Functionbeat

  • Fix Kinesis events timestamp to use timestamp of the event record instead of when the record was processed 33593

Elastic Logging Plugin

Added

Affecting all Beats

  • Added append Processor which will append concrete values or values from a field to target. 29934 33364

Auditbeat

Filebeat

  • add documentation for decode_xml_wineventlog processor field mappings. 32456

  • httpjson input: Add request tracing logger. 32402 32412

  • Add cloudflare R2 to provider list in AWS S3 input. 32620

  • Add support for single string containing multiple relation-types in getRFC5988Link. 32811

  • Fix handling of invalid UserIP and LocalIP values. 32896

  • Allow http_endpoint instances to share ports. 32578 33377

  • Improve httpjson documentation for split processor. 33473

  • Added separation of transform context object inside httpjson. Introduced new clause .parent_last_response.* 33499

  • Cloud Foundry input uses server-side filtering when retrieving logs. 33456

  • Add parse_aws_vpc_flow_log processor. 33656

  • Update aws.vpcflow dataset in AWS module have a configurable log format and to produce ECS 8.x fields. 33699

  • Modified aws-s3 input to reduce mutex contention when multiple SQS message are being processed concurrently. 33658

  • Disable "event normalization" processing for the aws-s3 input to reduce allocations. 33673

  • Add Common Expression Language input. 31233

  • Add support for http+unix and http+npipe schemes in httpjson input. 33571 33610

  • Add support for http+unix and http+npipe schemes in cel input. 33571 33712

  • Add decode_duration, move_fields processors. 31301

  • Add backup to bucket and delete functionality for the aws-s3 input. 30696 33559

  • Add metrics for UDP packet processing. 33870

  • Convert UDP input to v2 input. 33930

  • Improve collection of risk information from Okta debug data. 33677 34030

  • Adding filename details from zip to response for httpjson 33952 34044

  • Allow user configuration of keep-alive behaviour for HTTPJSON and CEL inputs. 33951 34014

  • Add support for polling system UDP stats for UDP input metrics. 34070

  • Add support for recognizing the log level in Elasticsearch JVM logs 34159

  • Add new Entity Analytics input with Azure Active Directory support. 34305

  • Added metric sqs_lag_time for aws-s3 input. 34306

  • Add metrics for TCP packet processing. 34333

  • Add metrics for unix socket packet processing. 34335

  • Add beta take over mode for filestream for simple migration from log inputs 34292

  • Add pagination support for Salesforce module. 34057 34065

  • Allow users to redact sensitive data from CEL input debug logs. 34302

  • Added support for HTTP destination override to Google Cloud Storage input. 34413

  • Added metric sqs_messages_waiting_gauge for aws-s3 input. 34488

  • Add support for new Rabbitmq timestamp format for logs 34211

  • Allow user configuration of timezone offset in Cisco ASA and FTD modules. 34436

  • Allow user configuration of timezone offset in Checkpoint module. 34472

  • Add support for Okta debug attributes, risk_reasons, risk_behaviors and factor. 33677 34508

  • Fill okta.request.ip_chain.* as a flattened object in Okta module. 34621

  • Fixed GCS log format issues. 34659

  • Add nginx.ingress_controller.upstream.ip to related.ip 34645 34672

  • Include NAT and firewall IPs in related.ip in Fortinet Firewall module. 34640 34673

Auditbeat

Filebeat

Heartbeat - Users can now configure max scheduler job limits per monitor type via env var. 34307 - Added status to monitor run log report.

  • Remove host and port matching restrictions on hint-generated monitors. 34376

Metricbeat

  • Add Data Granularity option to AWS module to allow for for fewer API calls of longer periods and keep small intervals. 33133 33166

  • Update README file on how to run Metricbeat on Kubernetes. 33308

  • Add per-thread metrics to system_summary 33614

  • Add GCP CloudSQL metadata 33066

  • Remove GCP Compute metadata cache 33655

  • Add support for multiple regions in GCP 32964

  • Add GCP Redis regions support 33728

  • Add namespace metadata to all namespaced kubernetes resources. 33763

  • Changed cloudwatch module to call ListMetrics API only once per region, instead of per AWS namespace 34055

  • Add beta ingest_pipeline metricset to Elasticsearch module for ingest pipeline monitoring 34012

  • Handle duplicated TYPE line for prometheus metrics 18813 33865

Packetbeat

  • Add option to allow sniffer to change device when default route changes. 31905 32681

  • Add option to allow sniffing multiple interface devices. 31905 32933

  • Bump Windows Npcap version to v1.71. 33164 33172

  • Add fragmented IPv4 packet reassembly. 33012 33296

  • Reduce logging level for ENOENT to WARN when mapping sockets to processes. 33793 33854

  • Add metrics for TCP and UDP packet processing. 33833 34353

  • Allow user to prevent Npcap library installation on Windows. 34420 34428

Packetbeat

Functionbeat

Winlogbeat

  • Add metrics for log event processing. 33922

Elastic Log Driver

Deprecated

Affecting all Beats

Filebeat

Heartbeat

Metricbeat

Packetbeat

Winlogbeat

Functionbeat

Known Issue