Affecting all Beats
Auditbeat
Filebeat
-
Fixed error spam from
add_kubernetes_metadata
processor when running on AKS. 33697
Heartbeat
Metricbeat
Packetbeat
Winlogbeat
Functionbeat
Affecting all Beats
-
Re-enable build optimizations to reduce binary size and improve performance. 33620
-
Fix namespacing for agent self-monitoring, CPU no longer reports as zero. 32336
-
Fix namespacing on self-monitoring 32336
-
Expand fields in
decode_json_fields
if target is set. 31712 32010 -
Fix race condition when stopping runners 32433
-
Fix concurrent map writes when system/process code called from reporter code 32491
-
Fix in AWS related services initialisation relying on custom endpoint resolver. 32888 32921
-
Keep
orchestrator.cluster.name
ifkubeconfig
is not returned in GKE metadata. 33418 -
Fix Windows service install/uninstall when Win32_Service returns error, add logic to wait until the Windows Service is stopped before proceeding. 33322
-
Support for multiline zookeeper logs 2496
Auditbeat
Filebeat
-
Fix
httpjson
input page number initialization and documentation. 33400 -
Add handling of AAA operations for Cisco ASA module. 32257 32789
-
Fix gc.log always shipped even if gc fileset is disabled 30995
-
Fix handling of empty array in httpjson input. 32001
-
Fix reporting of
filebeat.events.active
in log events such that the current value is always reported instead of the difference from the last value. 33597 -
Fix splitting array of strings/arrays in httpjson input 30345 33609
-
Fix Google workspace pagination and document ID generation. 33666
Heartbeat - Fix broken zip URL monitors. NOTE: Zip URL Monitors will be removed in version 8.7 and replaced with project monitors. 33723 - Fix bug affecting let’s encrypt and other users of cross-signed certs, where cert expiration was incorrectly calculated. 33215 - Fix broken disable feature for kibana configured monitors. 33293 - Fix states client support for output options. 33405 - Fix states client reloader under managed mode. 33405 - Fix bug where states.duration_ms was incorrect type. 33563
Auditbeat
Filebeat
Auditbeat
Filebeat
Heartbeat
Metricbeat
-
Fix GCP storage field naming 32806
-
in module/windows/perfmon, changed collection method of the second counter value required to create a displayable value 32305
-
Fix and improve AWS metric period calculation to avoid zero-length intervals 32724
-
Add missing cluster metadata to k8s module metricsets 32979 33032
-
Change max query size for GetMetricData API to 500 and add RecentlyActive for ListMetrics API call 33105
-
Add GCP CloudSQL region filter 32943
-
Fix logstash cgroup mappings 33131
-
Remove unused
elasticsearch.node_stats.indices.bulk.avg_time.bytes
mapping 33263 -
Add tags to events based on parsed identifier. 33472
-
Skip over unsupported filesystems in the system.filesystem metricset instead of failing immediately. Fix debug statement in system.fsstat metricset. 33646
-
Support Oracle-specific connection strings in SQL module 32089 32293
Packetbeat
Winlogbeat
Functionbeat
Elastic Logging Plugin
Affecting all Beats
Auditbeat
Filebeat
-
Add
text/csv
decoder tohttpjson
input 28564 -
Update
aws-s3
input to connect to non AWS S3 buckets 28222 28234 -
Add support for '/var/log/pods/' path for add_kubernetes_metadata processor with
resource_type: pod
. 28868 -
Add documentation for add_kubernetes_metadata processors
log_path
matcher. 28868 -
Add support for parsers on journald input 29070
-
Add support in httpjson input for oAuth2ProviderDefault of password grant_type. 29087
-
threatintel module: Add new Recorded Future integration. 30030
-
Support SASL/SCRAM authentication in the Kafka input. 31167
-
checkpoint module: Add
network.transport
derived from IANA number. 31076 -
Add URL Encode template function for httpjson input. 30962
-
Add
application/zip
decoder to thehttpsjon
input. 31282 31304 -
Default value of
filebeat.registry.flush
increased from 0s to 1s. CPU and disk I/O usage are reduced because the registry is not written to disk for each ingested log line. 30279 -
Cisco ASA/FTD: Add support for messages 434001 and 434003. 31533
-
Change threatintel module from beta to GA. 31693
-
Add template helper function for hashing strings. 31613 31630
-
Add extended okta.debug_context.debug_data handling. 31676
-
Add
auth.oauth2.google.jwt_json
option tohttpjson
input. 31750 -
Add authentication fields to RabbitMQ module documents. 31159 31680
-
Add template helper function for decoding hexadecimal strings. 31886
-
Add new
parser
calledinclude_message
to filter based on message contents. 31794 32094 -
Allow iptables module to parse ulogd v2 TOS field in logs. 32126
-
httpjson input: Add
toJSON
helper function to template context. 32472 -
Optimize grok patterns in system.auth module pipeline. 32360
-
Checkpoint module: add authentication operation outcome enrichment. 32230 32431
-
add documentation for decode_xml_wineventlog processor field mappings. 32456
-
Add cloudflare R2 to provider list in AWS S3 input. 32620
-
Add support for single string containing multiple relation-types in getRFC5988Link. 32811
-
Fix handling of invalid UserIP and LocalIP values. 32896
-
Improve httpjson documentation for split processor. 33473
-
Added separation of transform context object inside httpjson. Introduced new clause
.parent_last_response.*
33499 -
Cloud Foundry input uses server-side filtering when retrieving logs. 33456
-
Add
parse_aws_vpc_flow_log
processor. 33656 -
Update
aws.vpcflow
dataset in AWS module have a configurable logformat
and to produce ECS 8.x fields. 33699 -
Modified
aws-s3
input to reduce mutex contention when multiple SQS message are being processed concurrently. 33658 -
Disable "event normalization" processing for the aws-s3 input to reduce allocations. 33673
-
Add Common Expression Language input. 31233
-
Add support for http+unix and http+npipe schemes in httpjson input. 33571 33610
-
Add support for http+unix and http+npipe schemes in cel input. 33571 33712
Auditbeat
Filebeat
Heartbeat
-
Add new states field for internal use by new synthetics app. 30632
-
Upgrade node to 18.12.0
Metricbeat
Packetbeat
Functionbeat
Winlogbeat
Elastic Log Driver