Beats version 7.5.0
editBeats version 7.5.0
editBreaking changes
editAffecting all Beats
- By default, all Beats-created files and folders will have a umask of 0027 (on POSIX systems). 14119
Filebeat
Heartbeat
- JSON/Regex checks against HTTP bodies will only consider the first 100MiB of the HTTP body to prevent excessive memory usage. 14223
Metricbeat
Bugfixes
editAffecting all Beats
-
Disable
add_kubernetes_metadata
if no matchers found. 13709 - Better wording for xpack beats when the _xpack endpoint is not reachable. 13771
-
Kubernetes watcher at
add_kubernetes_metadata
fails with StatefulSets 13905 - Fix panics that could result from invalid TLS certificates. This can affect Beats that connect over TLS or Beats that accept connections over TLS and validate client certificates. 14146
- Fix memory leak in kubernetes autodiscover provider and add_kubernetes_metadata processor happening when pods are terminated without sending a delete event. 14259
-
Fix kubernetes
metaGenerator.ResourceMetadata
when parent reference controller is nil 14320 14329
Auditbeat
Filebeat
- Fix a denial of service flaw when parsing malformed DSA public keys in Go. If Filebeat is configured to accept incoming TLS connections with client authentication enabled, a remote attacker could cause the Beat to stop processing events. (CVE-2019-17596) See https://www.elastic.co/community/security/
- Fix timezone parsing of rabbitmq module ingest pipelines. 13879
-
Fix conditions and error checking of date processors in ingest pipelines that use
event.timezone
to parse dates. 13883 - Fix timezone parsing of Cisco module ingest pipelines. 13893
- Fix timezone parsing of logstash module ingest pipelines. 13890
- Fix timezone parsing of iptables, mssql and panw module ingest pipelines. 13926
- Fixed increased memory usage with large files when multiline pattern does not match. 14068
- Fix azure fields names. 14098 14132
-
Fix calculation of
network.bytes
andnetwork.packets
for bi-directional netflow events. 14111 - Accept - as http.response.body.bytes in apache module. 14137
- Fix timezone parsing of MySQL module ingest pipelines. 14130
- Improve error message in s3 input when handleSQSMessage failed. 14113
- Fix race condition in S3 input plugin. 14359
Heartbeat
- Fix storage of HTTP bodies to work when JSON/Regex body checks are enabled. 14223
Metricbeat
- Fix a denial of service flaw when parsing malformed DSA public keys in Go. If Metricbeat is configured to accept incoming TLS connections with client authentication enabled, a remote attacker could cause the Beat to stop processing events. (CVE-2019-17596) See https://www.elastic.co/community/security/
- PdhExpandWildCardPathW will not expand counter paths in 32 bit windows systems, workaround will use a different function. 12590 12622
-
Fix
docker.cpu.system.pct
calculation by using the reported number online cpus instead of the number of metrics per cpu. 13691 - Change kubernetes.event.message to text 13964
- Fix performance counter values for windows/perfmon metricset.https://github.com/elastic/beats/issues/14036[14036] 14039 14108
- Add FailOnRequired when applying schema and fix metric names in mongodb metrics metricset. 14143
-
Convert indexed ms-since-epoch timestamp fields in
elasticsearch/ml_job
metricset to ints from float64s. 14220 14222 - Fix ARN parsing function to work for ELB ARNs. 14316
- Update azure configuration example. 14224
- Limit some of the error messages to the logs only 14317 14327
- Fix cloudwatch metricset with names and dimensions in config. 14376 14391
-
Fix marshaling of ms-since-epoch values in
elasticsearch/cluster_stats
metricset. 14378
Packetbeat
- Fix parsing of the HTTP host header when it contains a port or an IPv6 address. 14215
Added
editAffecting all Beats
- Fail with error when autodiscover providers have no defined configs. 13078
- Add autodetection mode for add_docker_metadata and enable it by default in included configuration fileshttps://github.com/elastic/beats/pull/13374[13374]
- Add autodetection mode for add_kubernetes_metadata and enable it by default in included configuration files. 13473
- Use less restrictive API to check if template exists. 13847
- Do not check for alias when setup.ilm.check_exists is false. 13848
- Add support for numeric time zone offsets in timestamp processor. 13902
- Add condition to the config file template for add_kubernetes_metadata 14056
- Marking Central Management deprecated. 14018
-
Add
keep_null
setting to allow Beats to publish null values in events. 5522 13928 - Add shared_credential_file option in aws related config for specifying credential file directory. 14157 14178
- Ensure that init containers are no longer tailed after they stop. 14394
-
Libbeat HTTP’s Server can listen to a unix socket using the
unix:///tmp/hello.sock
syntax. 13655 -
Libbeat HTTP’s Server can listen to a Windows named pipe using the
npipe:///hello
syntax. 13655 -
Adding new
Enterprise
license type to the licenser. 14246 - Add endpoint config in AWS config to support using custom endpoint accessing AWS APIs. 16245 16263
Auditbeat
- Socket: Add DNS enrichment. 14004
Filebeat
- Add support for virtual host in Apache access logs 12778
- Update CoreDNS module to populate ECS DNS fields. 13320 13505
- Parse query steps in PostgreSQL slowlogs. 13496 13701
- Add filebeat azure module with activitylogs, auditlogs, signinlogs filesets. 13776
- Add support to set the document id in the json reader. 5844
- Add input httpjson. 13545 13546
- Filebeat Netflow input: Remove beta label. 13858
-
Remove
event.timezone
from events that don’t need it in some modules that support log formats with and without timezones. 13918 - Add ExpandEventListFromField config option in the kafka input. 13965
- Add ELB fileset to AWS module. 14020
- Add module for MISP (Malware Information Sharing Platform). 13805
- Add filebeat azure module with activitylogs, auditlogs, signinlogs filesets. 13776 14033 14107
- Add support for all the ObjectCreated events in S3 input. 14077
-
Add
source.bytes
andsource.packets
for uni-directional netflow events. 14111 - Add Kibana Dashboard for MISP module. 14147
- Add support for gzipped files in S3 input 13980
- Add Filebeat Azure Dashboards 14127
- Add support for space or time sync character before timestamp in syslog input. 13278 13269
- Add support for thread ID in Filebeat Kafka module. 19463
Heartbeat
Metricbeat
- Add refresh list of perf counters at every fetch 13091
- Add proc/vmstat data to the system/memory metricset on linux 13322
- Add support for NATS version 2. 13601
-
Add
docker.cpu.*.norm.pct
metrics forcpu
metricset of Docker Metricbeat module. 13695 -
Add
instance
label by default when using Prometheus collector. 13737 - Add azure module. 13196 13859 13988
- Add Apache Tomcat module 13491
-
Add ECS
container.id
andcontainer.runtime
to kubernetesstate_container
metricset. 13884 -
Add
job
label by default when using Prometheus collector. 13878 -
Add
state_resourcequota
metricset for Kubernetes module. 13693 - Add tags filter in ec2 metricset. 13872 13145
- Add cloud.account.id and cloud.account.name into events from aws module. 13551 13558
-
Add
metrics_path
as known hint for autodiscovery 13996 - Leverage KUBECONFIG when creating k8s client. 13916
- Add ability to filter by tags for cloudwatch metricset. 13758 13145
- Release cloudwatch, s3_daily_storage, s3_request, sqs and rds metricset as GA. 14114 14059
-
Add
elasticsearch/enrich
metricset. 14243 14221 - Add new dashboards for Azure vms, vm guest metrics, vm scale sets 14000
- Add vpc metricset for aws module. 16111 14854
Functionbeat
-
Make
bulk_max_size
configurable in outputs. 13493
Winlogbeat