Disable add_kubernetes_metadata if no matchers found. 13709
Better wording for xpack beats when the _xpack endpoint is not reachable. 13771
Kubernetes watcher at add_kubernetes_metadata fails with StatefulSets 13905
Fix panics that could result from invalid TLS certificates. This can affect Beats that connect over TLS or Beats that accept connections over TLS and validate client certificates. 14146
Fix memory leak in kubernetes autodiscover provider and add_kubernetes_metadata processor happening when pods are terminated without sending a delete event. 14259
Fix kubernetes metaGenerator.ResourceMetadata when parent reference controller is nil 14320 14329

Auditbeat

Socket dataset: Fix start errors when IPv6 is disabled on the kernel. 13953 13966

Filebeat

Fix a denial of service flaw when parsing malformed DSA public keys in Go. If Filebeat is configured to accept incoming TLS connections with client authentication enabled, a remote attacker could cause the Beat to stop processing events. (CVE-2019-17596) See https://www.elastic.co/community/security/
Fix timezone parsing of rabbitmq module ingest pipelines. 13879
Fix conditions and error checking of date processors in ingest pipelines that use event.timezone to parse dates. 13883
Fix timezone parsing of Cisco module ingest pipelines. 13893
Fix timezone parsing of logstash module ingest pipelines. 13890
Fix timezone parsing of iptables, mssql and panw module ingest pipelines. 13926
Fixed increased memory usage with large files when multiline pattern does not match. 14068
Fix azure fields names. 14098 14132
Fix calculation of network.bytes and network.packets for bi-directional netflow events. 14111
Accept - as http.response.body.bytes in apache module. 14137
Fix timezone parsing of MySQL module ingest pipelines. 14130
Improve error message in s3 input when handleSQSMessage failed. 14113
Fix race condition in S3 input plugin. 14359

Heartbeat

Fix storage of HTTP bodies to work when JSON/Regex body checks are enabled. 14223

Metricbeat

Fix a denial of service flaw when parsing malformed DSA public keys in Go. If Metricbeat is configured to accept incoming TLS connections with client authentication enabled, a remote attacker could cause the Beat to stop processing events. (CVE-2019-17596) See https://www.elastic.co/community/security/
PdhExpandWildCardPathW will not expand counter paths in 32 bit windows systems, workaround will use a different function. 12590 12622
Fix docker.cpu.system.pct calculation by using the reported number online cpus instead of the number of metrics per cpu. 13691
Change kubernetes.event.message to text 13964
Fix performance counter values for windows/perfmon metricset.https://github.com/elastic/beats/issues/14036[14036] 14039 14108
Add FailOnRequired when applying schema and fix metric names in mongodb metrics metricset. 14143
Convert indexed ms-since-epoch timestamp fields in elasticsearch/ml_job metricset to ints from float64s. 14220 14222
Fix ARN parsing function to work for ELB ARNs. 14316
Update azure configuration example. 14224
Limit some of the error messages to the logs only 14317 14327
Fix cloudwatch metricset with names and dimensions in config. 14376 14391
Fix marshaling of ms-since-epoch values in elasticsearch/cluster_stats metricset. 14378

Packetbeat

Fix parsing of the HTTP host header when it contains a port or an IPv6 address. 14215

Affecting all Beats

Fail with error when autodiscover providers have no defined configs. 13078
Add autodetection mode for add_docker_metadata and enable it by default in included configuration fileshttps://github.com/elastic/beats/pull/13374[13374]
Add autodetection mode for add_kubernetes_metadata and enable it by default in included configuration files. 13473
Use less restrictive API to check if template exists. 13847
Do not check for alias when setup.ilm.check_exists is false. 13848
Add support for numeric time zone offsets in timestamp processor. 13902
Add condition to the config file template for add_kubernetes_metadata 14056
Marking Central Management deprecated. 14018
Add keep_null setting to allow Beats to publish null values in events. 5522 13928
Add shared_credential_file option in aws related config for specifying credential file directory. 14157 14178
Ensure that init containers are no longer tailed after they stop. 14394
Libbeat HTTP’s Server can listen to a unix socket using the unix:///tmp/hello.sock syntax. 13655
Libbeat HTTP’s Server can listen to a Windows named pipe using the npipe:///hello syntax. 13655
Adding new Enterprise license type to the licenser. 14246
Add endpoint config in AWS config to support using custom endpoint accessing AWS APIs. 16245 16263

Auditbeat

Filebeat

Add support for virtual host in Apache access logs 12778
Update CoreDNS module to populate ECS DNS fields. 13320 13505
Parse query steps in PostgreSQL slowlogs. 13496 13701
Add filebeat azure module with activitylogs, auditlogs, signinlogs filesets. 13776
Add support to set the document id in the json reader. 5844
Add input httpjson. 13545 13546
Filebeat Netflow input: Remove beta label. 13858
Remove event.timezone from events that don’t need it in some modules that support log formats with and without timezones. 13918
Add ExpandEventListFromField config option in the kafka input. 13965
Add ELB fileset to AWS module. 14020
Add module for MISP (Malware Information Sharing Platform). 13805
Add filebeat azure module with activitylogs, auditlogs, signinlogs filesets. 13776 14033 14107
Add support for all the ObjectCreated events in S3 input. 14077
Add source.bytes and source.packets for uni-directional netflow events. 14111
Add Kibana Dashboard for MISP module. 14147
Add support for gzipped files in S3 input 13980
Add Filebeat Azure Dashboards 14127
Add support for space or time sync character before timestamp in syslog input. 13278 13269
Add support for thread ID in Filebeat Kafka module. 19463

Heartbeat

Metricbeat

Add refresh list of perf counters at every fetch 13091
Add proc/vmstat data to the system/memory metricset on linux 13322
Add support for NATS version 2. 13601
Add docker.cpu.*.norm.pct metrics for cpu metricset of Docker Metricbeat module. 13695
Add instance label by default when using Prometheus collector. 13737
Add azure module. 13196 13859 13988
Add Apache Tomcat module 13491
Add ECS container.id and container.runtime to kubernetes state_container metricset. 13884
Add job label by default when using Prometheus collector. 13878
Add state_resourcequota metricset for Kubernetes module. 13693
Add tags filter in ec2 metricset. 13872 13145
Add cloud.account.id and cloud.account.name into events from aws module. 13551 13558
Add metrics_path as known hint for autodiscovery 13996
Leverage KUBECONFIG when creating k8s client. 13916
Add ability to filter by tags for cloudwatch metricset. 13758 13145
Release cloudwatch, s3_daily_storage, s3_request, sqs and rds metricset as GA. 14114 14059
Add elasticsearch/enrich metricset. 14243 14221
Add new dashboards for Azure vms, vm guest metrics, vm scale sets 14000
Add vpc metricset for aws module. 16111 14854

Functionbeat

Winlogbeat

Metricbeat

kubernetes.container.id field for state_container is deprecated in favour of ECS container.id and container.runtime. 13884