IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.

« Beats version 5.0.0-alpha2 Beats version 1.3.1 »

› ›

Beats version 5.0.0-alpha1

edit

Beats version 5.0.0-alpha1

edit

View commits

Breaking changes

edit

libbeat

Run function to start a Beat now returns an error instead of directly exiting. 771
The method signature of HandleFlags() was changed to allow returning an error 1249
Require braces for environment variable expansion in config files 1304

Packetbeat

Rename output fields in the dns package. Former flag recursion_allowed becomes recursion_available. 803 Former SOA field ttl becomes minimum. 803
The fully qualified domain names which are part of output fields values of the dns package now terminate with a dot. 803
Remove the count field from the exported event 1210

Topbeat

Rename proc.cpu.user_p with proc.cpu.total_p as it includes CPU time spent in kernel space 631
Remove count field from the exported fields 1207
Rename input top level config option to topbeat

Filebeat

Scalar values in used in the fields configuration setting are no longer automatically converted to strings. 1092
Count field was removed from event as not used in filebeat 778

Winlogbeat

The message_inserts field was replaced with the event_data field 1053
The category field was renamed to task to better align with the Windows Event Log API naming 1053
Remove the count field from the exported event 1218

Bugfixes

edit

Affecting all Beats

Logstash output will not retry events that are not JSON-encodable 927

Packetbeat

Create a proper BPF filter when ICMP is the only enabled protocol 757
Check column length in pgsql parser. 565
Harden pgsql parser. 565

Topbeat

Fix issue with cpu.system_p being greater than 1 on Windows 1128

Filebeat

Stop filebeat if started without any prospectors defined or empty prospectors 644 647
Improve shutdown of crawler and prospector to wait for clean completion 720
Omit fields from Filebeat events when null 899

Winlogbeat

Added

edit

Affecting all Beats

Update builds to Golang version 1.6
Add option to Elasticsearch output to pass http parameters in index operations 805
Improve Logstash and Elasticsearch backoff behavior. 927
Add experimental Kafka output. 942
Add config file option to configure GOMAXPROCS. 969
Improve shutdown handling in libbeat. 1075
Add fields and fields_under_root options under the shipper configuration 1092
Add the ability to use a SOCKS5 proxy with the Logstash output 823
The -configtest flag will now print "Config OK" to stdout on success 1249

Packetbeat

Change the DNS library used throughout the dns package to github.com/miekg/dns. 803
Add support for NFS v3 and v4. 1231
Add support for EDNS and DNSSEC. 1292

Topbeat

Add username to processes 845

Filebeat

Add the ability to set a list of tags for each prospector 1092
Add JSON decoding support 1143

Winlogbeat

Add caching of event metadata handles and the system render context for the wineventlog API 888
Improve config validation by checking for unknown top-level YAML keys. 1100
Add the ability to set tags, fields, and fields_under_root as options for each event log 1092
Add additional data to the events published by Winlogbeat. The new fields are activity_id, event_data, keywords, opcode, process_id, provider_guid, related_activity_id, task, thread_id, user_data, and version. 1053
Add event_id, level, and provider configuration options for filtering events 1218
Add include_xml configuration option for including the raw XML with the event 1218

Known issues

edit

All Beats can hang or panic on shutdown if the next server in the pipeline (e.g. Elasticsearch or Logstash) is not reachable. 1319
When running the Beats as a service on Windows, you need to manually load the Elasticsearch mapping template. 1315
The ES template automatic load doesn’t work if Elasticsearch is not available when the Beat is starting. 1321

« Beats version 5.0.0-alpha2 Beats version 1.3.1 »