IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Beats version 6.7.0
editBeats version 6.7.0
editBreaking changes
editAffecting all Beats
- Port settings have been deprecated in redis/logstash output and will be removed in 7.0. 9915
- Update the code of Central Management to align with the new returned format. 10019
- Allow Central Management to send events back to kibana. 9382
-
Fix panic if fields settting is used to configure
hosts.x
fields. 10824 10935 - Introduce query.default_field as part of the template. 11205
- Beats Xpack now checks for Basic license on connect. 11296
Filebeat
- Filesets with multiple ingest pipelines added in 8914 only work with Elasticsearch >= 6.5.0 10001
- Add grok pattern to support redis 5.0.3 log timestamp. 9819 10033
- Ingesting Elasticsearch audit logs is only supported with Elasticsearch 6.5.0 and above 8852
-
Remove
ecs
option from user_agent processors when loading pipelines with Filebeat 6.7.x into Elasticsearch < 6.7.0. 10655 11362
Heartbeat
- Remove monitor generator script that was rarely used. 9648
Bugfixes
editAffecting all Beats
- Fix TLS certificate DoS vulnerability. 10303
- Fix panic and file unlock in spool on atomic operation (arm, x86-32). File lock was not released when panic occurs, leading to the beat deadlocking on startup. 10289
- Adding logging traces at debug level when the pipeline client receives the following events: onFilteredOut, onDroppedOnPublish. 9016
- Do not panic when no tokenizer string is configured for a dissect processor. 8895
- Fix a issue when remote and local configuration didn’t match when fetching configuration from Central Management. 10587
- Add ECS-like selectors and dedotting to docker autodiscover. 10757 10862
- Fix encoding of timestamps when using disk spool. 10099
- Include ip and boolean type when generating index pattern. 10995
- Using an environment variable for the password when enrolling a beat will now raise an error if the variable doesn’t exist. 10936
- Cancelling enrollment of a beat will not enroll the beat. 10150
- Remove IP fields from default_field in Elasticsearch template. 11399
Auditbeat
Filebeat
- Support IPv6 addresses with zone id in IIS ingest pipeline. 9836 error log: 9869 access log: 10029
-
Fix bad bytes count in
docker
input when filtering by stream. 10211 -
Fixed data types for roles and indices fields in
elasticsearch/audit
fileset 10307 - Cover empty request data, url and version in Apache2 modulehttps://github.com/elastic/beats/pull/10846[10846]
- Fix a bug with the convert_timezone option using the incorrect timezone field. 11055 11164
- Change URLPATH grok pattern to support brackets. 11135 11252
- Add support for iis log with different address format. 11255 11256
- Add fix to parse syslog message with priority value 0. 11010
Heartbeat
Journalbeat
- Do not stop collecting events when journal entries change. 9994
Metricbeat
-
Fix MongoDB dashboard that had some incorrect field names from
status
Metricset 9795 9715 - Fix issue that would prevent collection of processes without command line on Windows. 10196
-
Fixed data type for tags field in
docker/container
metricset 10307 -
Fixed data type for tags field in
docker/image
metricset 10307 -
Fixed data type for isr field in
kafka/partition
metricset 10307 -
Fixed data types for various hosts fields in
mongodb/replstatus
metricset 10307 - Added function to close sql database connection. 10355
- Fix parsing error using GET in Jolokia module. 11075 11071
Winlogbeat
Functionbeat
Added
editAffecting all Beats
Auditbeat
Filebeat
- Add field log.source.address and log.file.path to replace source. 9435
- Support mysql 5.7.22 slowlog starting with time information. 7892 9647
- Add support for ssl_request_log in apache2 module. 8088 9833
- Add support for iis 7.5 log format. 9753 9967
-
Add support for MariaDB in the
slowlog
fileset ofmysql
module. 9731 - Add convert_timezone to nginx module. 9839 10148
-
Add support for Percona in the
slowlog
fileset ofmysql
module. 6665 10227 - Added support for ingesting structured Elasticsearch audit logs 8852
- New iptables module that receives iptables/ip6tables logs over syslog or file. Supports Ubiquiti Firewall extensions. 8781 10176
- Populate more ECS fields in the Suricata module. 10006
Heartbeat
Metricbeat
-
Add field
event.dataset
which is{module}.{metricset}
. -
Add more TCP statuses to
socket_summary
metricset. 9430 - Remove experimental tag from ceph metricsets. 9708
-
Add
key
metricset to the Redis module. 9582 9657 - Add DeDot for kubernetes labels and annotations. 9860 9939
-
Add docker
event
metricset. 9856 - Release Ceph module as GA. 10202
- Release windows Metricbeat module as GA. 10163
- Release traefik Metricbeat module as GA. 10166
- List filesystems on Windows that have an access path but not an assigned letter 8916 10196
- Release uswgi Metricbeat module GA. 10164
- Release php_fpm module as GA. 10198
- Release Memcached module as GA. 10199
- Release etcd module as GA. 10200
- Release kubernetes apiserver and event metricsets as GA 10212
- Release Couchbase module as GA. 10201
- Release aerospike module as GA. 10203
- Release envoyproxy module GA. 10223
- Release mongodb.metrics and mongodb.replstatus as GA. 10242
- Release mysql.galera_status as Beta. 10242
- Release postgresql.statement as GA. 10242
- Release RabbitMQ Metricbeat module GA. 10165
- Release Dropwizard module as GA. 10240
- Release Graphite module as GA. 10240
- Release http.server metricset as GA. 10240
- Add support for MySQL 8.0 and tests also for Percona and MariaDB. 10261
- Release use of xpack.enabled: true flag in Elasticsearch and Kibana modules as GA. 10222
- Release Elastic stack modules (Elasticsearch, Logstash, and Kibana) as GA. 10094
- Add remaining memory metrics of pods in Kubernetes metricbeat module 10157
- Added server Metricset to Zookeeper Metricbeat module 8938 10341
- Add overview dashboard to Zookeeper Metricbeat module 10379
Functionbeat
Deprecated
editFilebeat
- Deprecate field source. Will be replaced by log.source.address and log.file.path in 7.0. 9435
Metricbeat
-
Deprecate field
metricset.rtt
. Replaced byevent.duration
which is in nano instead of micro seconds.
Packetbeat
- Support new TLS version negotiation introduced in TLS 1.3. 8647.
Known Issue
editJournalbeat
- Journalbeat requires at least systemd v233 in order to follow entries after journal changes (rotation, vacuum).