Skip to content

Latest commit

 

History

History
322 lines (176 loc) · 12.4 KB

CHANGELOG.next.asciidoc

File metadata and controls

322 lines (176 loc) · 12.4 KB

Beats version HEAD

Breaking changes

Affecting all Beats

Auditbeat

Filebeat

  • Convert netflow input to API v2 and disable event normalisation 37901

  • Introduce input/netmetrics and refactor netflow input metrics 38055

Heartbeat

Metricbeat

Osquerybeat

Packetbeat

Winlogbeat

  • Add "event.category" and "event.type" to Sysmon module for EventIDs 8, 9, 19, 20, 27, 28, 255 35193

Functionbeat

Elastic Logging Plugin

Bugfixes

Affecting all Beats - Support for multiline zookeeper logs 2496 - Add checks to ensure reloading of units if the configuration actually changed. 34346 - Fix namespacing on self-monitoring 32336 - Fix namespacing on self-monitoring 32336 - Fix Beats started by agent do not respect the allow_older_versions: true configuration flag 34227 34964 - Fix performance issues when we have a lot of inputs starting and stopping by allowing to disable global processors under fleet. 35000 35031 - 'add_cloud_metadata' processor - add cloud.region field for GCE cloud provider - 'add_cloud_metadata' processor - update azure metadata api version to get missing cloud.account.id field - Upgraded apache arrow library used in x-pack/libbeat/reader/parquet from v11 to v12.0.1 in order to fix cross-compilation issues 35640 - Fix panic when MaxRetryInterval is specified, but RetryInterval is not 35820 - Support build of projects outside of beats directory 36126 - Support Elastic Agent control protocol chunking support 37343 - Upgrade elastic-agent-libs to v0.7.5. Removes obsolete "Treating the CommonName field on X.509 certificates as a host name…​" deprecation warning for 8.0. 37755 - aws: Add credential caching for AssumeRole session tokens. 37787 - Lower logging level to debug when attempting to configure beats with unknown fields from autodiscovered events/environments 37816[37816] - Set timeout of 1 minute for FQDN requests 37756 - Fix the paths in the .cmd script added to the path by the Windows MSI to point to the new C:\Program Files installation location. elastic/elastic-stack-installers#238

Auditbeat

Filebeat

  • [Gcs Input] - Added missing locks for safe concurrency 34914

  • Fix the ignore_inactive option being ignored in Filebeat’s filestream input 34770

  • Fix TestMultiEventForEOFRetryHandlerInput unit test of CometD input 34903

  • Add input instance id to request trace filename for httpjson and cel inputs 35024

  • Fixes "Can only start an input when all related states are finished" error when running under Elastic-Agent 35250 33653

  • [system] sync system/auth dataset with system integration 1.29.0. 35581

  • [GCS Input] - Fixed an issue where bucket_timeout was being applied to the entire bucket poll interval and not individual bucket object read operations. Fixed a map write concurrency issue arising from data races when using a high number of workers. Fixed the flaky tests that were present in the GCS test suit. 35605

  • Fixed concurrency and flakey tests issue in azure blob storage input. 35983 36124

  • Fix panic when sqs input metrics getter is invoked 36101 36077

  • Fix handling of Juniper SRX structured data when there is no leading junos element. 36270 36308

  • Fix Filebeat Cisco module with missing escape character 36325 36326

  • Added a fix for Crowdstrike pipeline handling process arrays 36496

  • Fix m365_defender cursor value and query building. 37116

  • Fix TCP/UDP metric queue length parsing base. 37714

  • Update github.com/lestrrat-go/jwx dependency. 37799

  • [threatintel] MISP pagination fixes 37898

  • Fix file handle leak when handling errors in filestream 37973

  • Fix a race condition that could crash Filebeat with a "negative WaitGroup counter" error 38094

  • Prevent HTTPJSON holding response bodies between executions. 35219 38116

  • Fix "failed processing S3 event for object key" error on aws-s3 input when key contains the "+" character 38012 38125

  • Fix duplicated addition of regexp extension in CEL input. 38181

  • Fix the incorrect values generated by the uri_parts processor. 38216

  • Fix HTTPJSON handling of empty object bodies in POST requests. 33961 38290

  • Fix PEM key validation for CEL and HTTPJSON inputs. 38405

  • Fix filebeat gcs input panic 38407

  • Rename activity_guid to activity_id in ETW input events to suit other Windows inputs. 38530

  • Add missing provider registration and fix published entity for Active Directory entityanalytics provider. 38645

Heartbeat

  • Fix panics when parsing dereferencing invalid parsed url. 34702

  • Fix setuid root when running under cgroups v2. 37794

  • Adjust State loader to only retry when response code status is 5xx 37981

  • Reset prctl dumpable flag after cap drop. 38269

Heartbeat

  • Fix reference yaml format. 38584

Metricbeat

  • Fix Azure Monitor 429 error by causing metricbeat to retry the request again. 38294

  • Fix fields not being parsed correctly in postgresql/database 25301 37720

  • rabbitmq/queue - Change the mapping type of rabbitmq.queue.consumers.utilisation.pct to scaled_float from long because the values fall within the range of [0.0, 1.0]. Previously, conversion to integer resulted in reporting either 0 or 1.

Osquerybeat

Packetbeat

Winlogbeat

Elastic Logging Plugin

Added

Affecting all Beats

  • Added append Processor which will append concrete values or values from a field to target. 29934 33364

  • dns processor: Add support for forward lookups (A, AAAA, and TXT). 11416 36394

  • [Enhanncement for host.ip and host.mac] Disabling netinfo.enabled option of add-host-metadata processor 36506

  • allow queue configuration settings to be set under the output. 35615 36788

  • Beats will now connect to older Elasticsearch instances by default 36884

  • Raise up logging level to warning when attempting to configure beats with unknown fields from autodiscovered events/environments

  • elasticsearch output now supports idle_connection_timeout. 35615 36843

Auditbeat

Filebeat

  • Adding Saved Object name field to Kibana audit logs 38307

  • Update SQL input documentation regarding Oracle DSNs 37590

  • add documentation for decode_xml_wineventlog processor field mappings. 32456

  • httpjson input: Add request tracing logger. 32402 32412

  • Add cloudflare R2 to provider list in AWS S3 input. 32620

  • Add support for single string containing multiple relation-types in getRFC5988Link. 32811

  • Added separation of transform context object inside httpjson. Introduced new clause .parent_last_response.* 33499

  • Added metric sqs_messages_waiting_gauge for aws-s3 input. 34488

  • Add nginx.ingress_controller.upstream.ip to related.ip 34645 34672

  • Add unix socket log parsing for nginx ingress_controller 34732

  • Added metric sqs_worker_utilization for aws-s3 input. 34793

  • Add MySQL authentication message parsing and related.ip and related.user fields 34810

  • Add nginx ingress_controller parsing if one of upstreams fails to return response 34787

  • Add oracle authentication messages parsing 35127

  • Add clean_session configuration setting for MQTT input. 16204

  • Add support for a simplified input configuraton when running under Elastic-Agent 36390

  • Added support for Okta OAuth2 provider in the CEL input. 36336 36521

  • Added support for new features & removed partial save mechanism in the Azure Blob Storage input. 35126 36690

  • Added support for new features and removed partial save mechanism in the GCS input. 35847 36713

  • Use filestream input with file_identity.fingerprint as default for hints autodiscover. 35984 36950

  • Add setup option --force-enable-module-filesets, that will act as if all filesets have been enabled in a module during setup. 30915 99999

  • Made Azure Blob Storage input GA and updated docs accordingly. 37128

  • Made GCS input GA and updated docs accordingly. 37127

  • Suppress and log max HTTP request retry errors in CEL input. 37160

  • Prevent CEL input from re-entering the eval loop when an evaluation failed. 37161

  • Update CEL extensions library to v1.7.0. 37172

  • Add support for complete URL replacement in HTTPJSON chain steps. 37486

  • Add support for user-defined query selection in EntraID entity analytics provider. 37653

  • Update CEL extensions library to v1.8.0 to provide runtime error location reporting. 37304 37718

  • Add request trace logging for chained API requests. 36551 37682

  • Relax TCP/UDP metric polling expectations to improve metric collection. 37714

  • Add support for PEM-based Okta auth in HTTPJSON. 37772

  • Prevent complete loss of long request trace data. 37826 37836

  • Added experimental version of the Websocket Input. 37774

  • Add support for PEM-based Okta auth in CEL. 37813

  • Add ETW input. 36915

  • Update CEL mito extensions to v1.9.0 to add keys/values helper. 37971

  • Add logging for cache processor file reads and writes. 38052

  • Add parseDateInTZ value template for the HTTPJSON input 37738

  • Support VPC endpoint for aws-s3 input SQS queue url. 38189

  • Improve rate limit handling by HTTPJSON 36207 38161 38237

  • Add parseDateInTZ value template for the HTTPJSON input. 37738

  • Add support for complex event objects in the HTTP Endpoint input. 37910 38193

  • Parse more fields from Elasticsearch slowlogs 38295

  • Update CEL mito extensions to v1.10.0 to add keys/values helper. 38504

  • Add support for Active Directory an entity analytics provider. 37919

  • Add debugging breadcrumb to logs when writing request trace log. 38636

Auditbeat

Libbeat

Heartbeat - Added status to monitor run log report.

Metricbeat

  • Add per-thread metrics to system_summary 33614

  • Add GCP CloudSQL metadata 33066

  • Add GCP Carbon Footprint metricbeat data 34820

  • Add event loop utilization metric to Kibana module 35020

  • Add metrics grouping by dimensions and time to Azure app insights 36634

  • Align on the algorithm used to transform Prometheus histograms into Elasticsearch histograms 36647

  • Add linux IO metrics to system/process 37213

  • Add new memory/cgroup metrics to Kibana module 37232

  • Add SSL support to mysql module 37997

Metricbeat

Osquerybeat

Packetbeat

Packetbeat

Winlogbeat

Functionbeat

Winlogbeat

Elastic Log Driver Elastic Logging Plugin

Deprecated

Auditbeat

Filebeat

  • Deprecate syslog input in favor of syslog processor. 37555 38277

Heartbeat

Metricbeat

Osquerybeat

Packetbeat

Winlogbeat

Functionbeat

Elastic Logging Plugin

Known Issues