Beats version 8.10.0

edit

View commits

Bugfixes

edit

Affecting all Beats - Improve StreamBuf append to improve performance when reading long lines from files. 35928 - Eliminate cloning of event in deepUpdate 35945 - Fix ndjson parser to store JSON fields correctly under target 29395 - Add default cgroup regex for add_process_metadata processor 36484 32961 - Fix environment capture by add_process_metadata processor. 36469 36471 - Fix status reporting to Elastic Agent when output configuration is invalid running under Elastic-Agent 35719

Filebeat

  • Fix error message formatting from filestream input. 35658
  • Fixed concurrency and flaky tests issue in Azure Blob Storage input. 35983 36124
  • Filter out duplicate paths resolved from matching globs. 36253 36256
  • Remove onFilteredOut and onDroppedOnPublish callback logs 36299 36399
  • Ensure winlog input retains metric collection when handling recoverable errors. 36479 36483

Metricbeat

  • Fix the gap in fetching forecast API metrics at the end of each month for Azure billing module 36142
  • Add option in SQL module to execute queries for all databases. 35688
  • Add support for api_key authentication in elasticsearch module 36274
  • Add remaining dimensions for Azure storage account to make them available for TSDB enablement. 36331

Packetbeat

  • Fix panic in HTTP protocol parsing when host header has empty host part. 36497 36518

Winlogbeat

  • Ensure event loggers retains metric collection when handling recoverable errors. 36479 36483
  • Fix the ability to use filtering features (e.g. ignore_older, event_id, provider, level) while reading .evtx files. 16826 36173

Added

edit

Affecting all Beats

  • When running under Elastic-Agent the status is now reported per Unit instead of the whole Beat 35874 36183
  • Mark translate_sid processor is GA. 36279 36280
  • Upgrade Go to 1.20.7 36241

Auditbeat

  • Add support for security.selinux and system.posix_acl_access extended attributes to FIM. 36265 36310

Filebeat

  • Adding filename details from zip to response for httpjson 33952 34044
  • Allow specifying since when to read journald entries. 35408
  • Under elastic-agent the input metrics will now be included in agent diagnostics dumps. 35798
  • Improve CEL input performance. 35915
  • Added support for min/max template functions in httpjson input. 36094 36036
  • Add clean_session configuration setting for MQTT input. 35806
  • Add fingerprint mode for the filestream scanner and new file identity based on it 34419 35734
  • Add file system metadata to events ingested via filestream 35801 36065
  • Add support for localstack based input integration testing 35727
  • Allow parsing bytes in and bytes out as long integer in CEF processor. 36100 36108
  • Add support for registered owners and users to AzureAD entity analytics provider. 36092
  • Added support for Okta OAuth2 provider in the httpjson input. 36273
  • Add support of the interval parameter in Salesforce setupaudittrail-rest fileset. 35917 35938
  • Add device handling to Okta input package for entity analytics. 36049
  • Add setup option --force-enable-module-filesets, that will act as if all filesets have been enabled in a module during setup. 30915 36286
  • [Azure] Add input metrics to the azure-eventhub input. 35739

Metricbeat

  • Add support for multiple regions in GCP 32964
  • Add kubernetes.deployment.status.* fields for Kubernetes module 35999

Packetbeat

  • Under elastic-agent the input metrics will now be included in agent diagnostics dumps. 35798
  • Add support for multiple regions in GCP 32964

Winlogbeat

  • Under elastic-agent the input metrics will now be included in agent diagnostics dumps. 35798

Deprecated

edit

Heartbeat

  • Deprecate aws_elb autodiscover provider. 36191