Beats version 7.15.0

edit

Beats version 7.15.0

edit

View commits

Breaking changes

edit

Affecting all Beats

Loading Kibana assets (dashboards, index templates) rely on Saved Object API. So to provide a reliable service, Beats can only import and export dashboards using at least Kibana 7.15. 20672 27220

Filebeat

Remove all alias fields pointing to ECS fields from modules. This affects the Suricata and Traefik modules. 10535 26627
Fix Crowdstrike ingest pipeline that was creating flattened process fields. 27622 27623
Rename log.path to log.file.path in filestream to be consistent with log input and ECS. 27761

Heartbeat - Remove long deprecated watch_poll functionality. 27166 - Fix inconsistency in event.dataset values between heartbeat and fleet by always setting this value to the monitor type / fleet dataset. 27535

Metricbeat

Fix Elasticsearch jvm.gc.collectors.old being exposed as young 19636 26616

Bugfixes

edit

Affecting all Beats

Improve perfmon metricset performance. 26886
Preserve annotations in a kubernetes namespace metadata 27045
Fix build constraint that caused issues with doc builds. 27381
Do not try to load ILM policy if check_exists is false. 27508 26322
Fix bug with cgroups hierarchy override path in cgroups 27620
Beat setup kibana command may use the elasticsearch API key defined in output.elasticsearch.api_key. 24015 27540
Fix decode_xml handling of array merging when using to_lower: true. 27922
Separate namespaces for V1 and V2 controller paths 27676
Do not try to load ILM policy if check_exists is false. 27508 26322
Kubernetes autodiscover fails in node scope if node name cannot be discovered 26947

Auditbeat

File Integrity Module: Honor include_files when doing initial scan. 27273 27722

Filebeat

Update Filebeat compatibility function to remove processor description field on ES < 7.9.0 27774
Make filestream events ECS compliant. 27776

Metricbeat

Allow metric prefix override per service in gcp module. 26960
Update metrics configuration and dashboards after changes in the Azure Monitor 27520

Winlogbeat

Fix an issue with message template caching in the wineventlog-experimental API implementation. 26826

Added

edit

Affecting all Beats

Add proxy support for AWS functions. 26832
Added policies to the Elasticsearch output for non indexible events 26952
Add logging.metrics.namespaces config option to control what metric groups are reported in logs. 25727
Add sha256 digests to RPM packages. 23670
Add new offline docker image for Elastic Agent. 27052
Add cgroups V2 support 27242
Update ECS field definitions to ECS 1.11.0. 27107
The disk queue is now GA. 27515
Add daemonset.name in pods controlled by DaemonSets 26808, 25816

Filebeat

Add new template functions and value_type parameter to httpjson transforms. 26847
Add support to merge registry updates in the filestream input across multiple ACKed batches in case of backpressure in the registry or disk. 25976
Add support to decode_cef for MAC addresses that do not contain separator characters. 27050 27109
Add new hmac template function for httpjson input 27168
Update tags and threatintel.indicator.provider fields in threatintel.anomali ingest pipeline 24746 27141
Move AWS module and filesets to GA. 27428
Update ecs.version to ECS 1.11.0. 27107
Add option for S3 input to work without SQS notification 18205 27332

Metricbeat

Move openmetrics module to oss. 26561
Fix release state of kubernetes metricsets. 26864
Add gke metricset collection to gcp module 26824
Added statsd.mappings configuration for Statsd module 26220
Added Airflow lightweight module 26220
Add state_job metricset to Kubernetes modulehttps://github.com/elastic/beats/pull/26479[26479]
Bump AWS SDK version to v0.24.0 for WebIdentity authentication flow 19393 27126

« Beats version 7.15.1 Beats version 7.14.2 »