Beats version 7.13.0
editBeats version 7.13.0
editBugfixes
editAffecting all Beats
- Fix events being dropped if they contain a floating point value of NaN or Inf. 25051
- Fix templates being overwritten if there was an error when check for the template existance. 24332
-
Add
expand_keys
to the list of permitted config fields fordecode_json_fields
24862 - Fix discovery of short-living and failing pods in Kubernetes autodiscover 22718 24742
- Fix panic when overwriting metadata 24741
- Fix role_arn to work with access keys for AWS. 25446
-
Fix
community_id
processor so that ports greater than 65535 aren’t valid. 25409
Auditbeat
- Fix o365 module config when client_secret contains special characters. 25058
Filebeat
- Fix date parsing in GSuite/login fileset. 24694
- Improve Cisco ASA/FTD parsing of messages 23766
- Better support for identity FW messages.
- Change network.bytes, source.bytes, and destination.bytes to long from integer since value can exceed integer capacity.
- Add descriptions for various processors for easier pipeline editing in Kibana UI.
- Fix usage of unallowed ECS event.outcome values in Cisco ASA/FTD pipeline. 24744.
- Fix IPtables Pipeline and Ubiquiti dashboard. 24878 24928
- Strip Azure Eventhub connection string in debug logs. {pulll}25066[25066]
- Updating Oauth2 flow for m365_defender fileset. 24829
- Fix o365 module config when client_secret contains special characters. 25058
- Fix s3 input when there is a blank line in the log file. 25357
-
Remove space from field
sophos.xg.trans_src_ ip
. 25154 25250 -
Fix
checkpoint.action_reason
when its a string, not a Long. 25575 25609 -
Fix
fortinet.firewall.addr
when its a string, not an IP address. 25585 25608
Metricbeat
- Sort correctly the keys when accessing JMX through the Jolokia module 25631
- Change lookup_fields from metricset.host to service.address 15883
- Fix incorrect types of fields GetHits and Ops in NodeInterestingStats for Couchbase module in Metricbeat 21021 23287
- Fix GCP not able to request Cloudfunctions metrics if a region filter was set 24218
-
Fix type of
uwsgi.status.worker.rss
type. 24468 - Accept text/plain type by default for prometheus client scraping. 24622
- Use working set bytes to calculate the pod memory limit pct when memory usage is not reported (ie. Windows pods). 25428
- Fix copy-paste error in libbeat docs. 25448
- Fix azure billing dashboard. 25554
Winlogbeat
-
Change
event.code
andwinlog.event_id
from int to keyword. 25176
Added
editAffecting all Beats
-
Add
wineventlog
schema todecode_xml
processor. 23910 24726 -
Add new ECS 1.9 field
cloud.service.name
toadd_cloud_metadata
processor. 24993 - Libbeat: report queue capacity, output batch size, and output client count to monitoring. 24700
- Add kubernetes.pod.ip field in kubernetes metadata. 25037
- Discover changes in Kubernetes namespace metadata as soon as they happen. 25117
-
Add
decode_xml_wineventlog
processor. 23910 25115 -
Add new setting
gc_percent
for tuning the garbage collector limits via configuration file. 25394 -
Add
unit
andmetric_type
properties to fields.yml for populating field metadata in Elasticsearch templates 25419 -
Add new option
suffix
tologging.files
to control how log files are rotated. 25464 - Validate that required functionality in Elasticsearch is available upon initial connection. 25351
Filebeat
- Support X-Forwarder-For in IIS logs. 192142
-
Add support for logs generated by servers configured with
log_statement
andlog_duration
in PostgreSQL module. 24607 - Added fifteen new message IDs to Cisco ASA/FTD pipeline. 24744
- Added NTP fileset to Zeek module 24224
-
Add
proxy_url
config for httpjson v2 input. 24615 24662 -
Change
okta.target
toflattened
field type. 24354 24636 -
Added
http.request.id
tonginx/ingress_controller
andelasticsearch/audit
. 24994 -
Add
awsfargate
module to collect container logs from Amazon ECS on Fargate. 25041 -
New module
cyberarkpas
for CyberArk Privileged Access Security audit logs. 24803 -
Add
uri_parts
processor to Apache, Nginx, IIS, Traefik, S3Access, Cisco, F5, Fortinet, Google Workspace, Imperva, Microsoft, Netscout, O365, Sophos, Squid, Suricata, Zeek, Zia, Zoom, and ZScaler modules ingest pipelines. 19088 24699 -
New module
zookeeper
for Zookeeper service and audit logs 25061 25128 -
Add parsing for
haproxy.http.request.raw_request_line
field 25480 25482 -
Mark
filestream
input beta. 25560 - Add User Agent Parser for Azure Sign In Logs Ingest Pipeline 23201
Heartbeat
Metricbeat
Winlogbeat